Deok9_Exploit Technique
Size: px
Start display at page:

Download "Deok9_Exploit Technique"

Transcription

1 Exploit Technique CodeEngn Co-Administrator!!! and Team Sur3x5F Member Nick : Deok9 DDeok9@gmail.com HomePage : Twitter :@DDeok9 << Contents >> 1. Shell Code 2. Security Cookie Overwriting 3. Trampoline Technique 4. SEH Overwriting 5. Heap Spray! 1! Copyright 2011 Deok9 All rights Reserved

2 1) Shell Code ( cmd.exe ) 1. Shell Code Window ShellCode WinExec. WinExec(LPCSTR lpcmdline,uint ucmdshow) Format. Linux /bin/sh. Assembly WinExec Depends Tool. [ ] Depends Tool WinExec WinExec Kernel32.dll, Entry Point : 0x D, Kernel32.dll Base Address : 0x7C7D0000, 0x7C83250D. Visual Studio cmd Code. [ ] cmd Code cmd[4] WinExec, cmd [4], SW_SHOWNORMAL Option. Code main Breakpoint, Debugging Mode Disassemble Shell Code.! 2! Copyright 2011 Deok9 All rights Reserved

3 [ ] Debugging Disassembly LEA edi, [ebp+ffffff34h] REP STOS dword ptr es:[edi] CMP esi, esp CALL '\0' Shell Code NULL xor. CALL dword ptr ds:[ ch] [004182B4h] Data, Shell Code. Depends Tool. [ ] Inline Assem Code Code Debugging Mode Disassemble Shell Code.! 3! Copyright 2011 Deok9 All rights Reserved

4 [ ] Shell Code! 4! Copyright 2011 Deok9 All rights Reserved

5 1) Security Cookie? 2. Security Cookie Overwriting Window Stack, SFP Buffer Hacker Buffer Overflow Security Cookie Stack Security Data Security Cookie BOF. [ ] IDA Security Cookie [ ] Security Cookie Stack! 5! Copyright 2011 Deok9 All rights Reserved

6 2) Security Cookie Overwrite BOF Shell Code, RET ( EIP ) Memory Security Cookie, SFP, RET 3. RET Security Cookie Debugging Security Cookie [ ] Security Cookie Save EAX B516410E, Security Cookie Check. [ ] ECX Security Cookie ,. [ ] Security Cookie EIP Error Security Cookie, Error EIP, RET Error.! 6! Copyright 2011 Deok9 All rights Reserved

7 3. Trampoline Technique 1) ASLR ( Address Space Layout Randomization )? Process Mapping Object & Random, BOF Object BOF. [ ] ASLR Visual Studio Alt + F7.. [ ] ASLR! 7! Copyright 2011 Deok9 All rights Reserved

8 2) Trampoline Technique Trampoline JMP. [ ] Trampoline Technique Memory RET Shell Code., ESP. ESP 00 NULL. Stack Random ASLR. ESP RET ( RET Memory ) ESP JMP ESP, CALL ESP [ ].text Section ( Code ) [ ] JMP ESP Code JMP ESP. ntdll 7CXXXXXX 00 NULL.! 8! Copyright 2011 Deok9 All rights Reserved

9 4. SEH Overwriting 1) SEH ( Structed Exception Handling )? Window, Program Hardware Exception, Handle Software Exception. Thread, Error Exception = Error. [ ] Exception Handler EstabilisherFrame EXCEPTION_REGISTRATION. _CONTEXT *ContextRecord Thread. Exception Register. Exception Handler Chain insert, Chain EXCEPTION_REGISTRATION. [ ] EXCEPTION_REGISTRATION EXCEPTION_REGISTRATION Pointer. Exception Handler Pointer. [ ] SEH Chain Layout! 9! Copyright 2011 Deok9 All rights Reserved

10 2) SEH Overwriting Exception Stack SEH, ESP SEH Ret. Hacker SEH 2 ( Handler Next ) EIP. ESP Argument 2 POP POP RET, JMP [esp+8], CALL [esp+8], ADD esp,8 RET EIP. Handler Next. SEH Handler ( SEH Handler Code. ) [ ] SEH Offset Backtrack patternoffset.pl SEH Handler. Offset Exploit Code [ ] Exploit Code [ ] ESP SEH RET ADD ESP, 8 RETN Handler Next, Next Hacker Shell Code JMP,. EB SHORT JMP, Ollydbg.! 10! Copyright 2011 Deok9 All rights Reserved

11 5. Heap Spray 1) Heap Spray? Heap Memory Data EIP Heap,. html javascript Heap Memory Program. Code [ ] Heap Spray Memory %u0505 ( NOP code ) + ShellCode 0x80000 Size Heap Memory. Hacker NOP EIP. Exploit Code Heap Memory [ ] Heap Memory Dump Memory ( MOV edi, edi ).! 11! Copyright 2011 Deok9 All rights Reserved

Similar documents

hlogin2

hlogin2 0x02. Stack Corruption off-limit Kernel Stack libc Heap BSS Data Code off-limit Kernel Kernel : OS Stack libc Heap BSS Data Code Stack : libc : Heap : BSS, Data : bss Code : off-limit Kernel Kernel : OS

More information

Deok9_PE Structure

Deok9_PE Structure PE Structure CodeEngn Co-Administrator!!! and Team Sur3x5F Member Nick : Deok9 E-mail : DDeok9@gmail.com HomePage : http://deok9.sur3x5f.org Twitter :@DDeok9 1. PE > 1) PE? 2) PE 3) PE Utility

More information

hlogin7

hlogin7 0x07. Return Oriented Programming ROP? , (DEP, ASLR). ROP (Return Oriented Programming) (excutable memory) rop. plt, got got overwrite RTL RTL Chain DEP, ASLR gadget Basic knowledge plt, got call function

More information

No Slide Title

No Slide Title Copyright, 2017 Multimedia Lab., UOS 시스템프로그래밍 (Assembly Code and Calling Convention) Seong Jong Choi chois@uos.ac.kr Multimedia Lab. Dept. of Electrical and Computer Eng. University of Seoul Seoul, Korea

More information

IDA 5.x Manual 07.02.hwp

IDA 5.x Manual 07.02.hwp IDA 5.x Manual - Manual 01 - 영리를 목적으로 한 곳에서 배포금지 Last Update 2007. 02 이강석 / certlab@gmail.com 어셈블리어 개발자 그룹 :: 어셈러브 http://www.asmlove.co.kr - 1 - IDA Pro 는 Disassembler 프로그램입니다. 기계어로 되어있는 실행파일을 어셈블리언어

More information

INTRO Basic architecture of modern computers Basic and most used assembly instructions on x86 Installing an assembly compiler and RE tools Practice co

INTRO Basic architecture of modern computers Basic and most used assembly instructions on x86 Installing an assembly compiler and RE tools Practice co Basic reverse engineering on x86 This is for those who want to learn about basic reverse engineering on x86 (Feel free to use this, email me if you need a keynote version.) v0.1 SeungJin Beist Lee beist@grayhash.com

More information

Microsoft Word - Heap_Spray.doc

Microsoft Word - Heap_Spray.doc Heap Spray 본문서는 최근 웹 브라우저를 이용한 공격에 사용되는 Heap Spray 기법에 대한 내용을 수록하였다. 관련 내용에 대하여 많은 도움이 되기 바란다. 문서 내용은 초보자도 쉽게 이해할 수 있도록 관련 내용에 대한 설명을 포함하였다. Hacking Group OVERTIME force< forceteam01@gmail.com > 2007.05.13

More information

Microsoft Word - building the win32 shellcode 01.doc

Microsoft Word - building the win32 shellcode 01.doc Win32 Attack 1. Local Shellcode 작성방법 By 달고나 (Dalgona@wowhacker.org) Email: zinwon@gmail.com Abstract 이글은 MS Windows 환경에서 shellcode 를작성하는방법에대해서설명하고있다. Win32 는 *nix 환경과는사뭇다른 API 호출방식을사용하기때문에조금복잡하게둘러서 shellcode

More information

Linux Binary Hardening with Glibc Hyeonho Seo

Linux Binary Hardening with Glibc Hyeonho Seo Linux Binary Hardening with Glibc Hyeonho Seo About Me 서현호(Hyeonho Seo) KDMHS 재학 중인 파릇한(?) 고등학 생 게임/팀플 빼고는 우분투만 사용 관심 분야는 상당히 잡식성 POSIX System Hacking Linux Kernel Programming Network Protocol C, Modern

More information

Cogame 취약점 보고

Cogame 취약점 보고 Frist Version: 2006. 01. 07 Last Version: 2006. 01. 19 anesra@{null2root.org, gmail.com Table of Contents 1. 기본개념과도구...3 1.1 윈도우쉘코드... 3 1.2 윈도우메모리 LAYOUT... 4 1.3 레지스터... 4 1.4 기본어셈블리어명령어... 4 2. 쉘코드만들기...6

More information

01.ROP(Return Oriented Programming)-x86 Excuse the ads! We need some help to keep our site up. List Return Oriented Programming(ROP) -x86 Gadgets - PO

01.ROP(Return Oriented Programming)-x86 Excuse the ads! We need some help to keep our site up. List Return Oriented Programming(ROP) -x86 Gadgets - PO 01.ROP(Return Oriented Programming)-x86 Excuse the ads! We need some help to keep our site up. List Return Oriented Programming(ROP) -x86 Gadgets - POP; POP; POP; RET PLT & GOT Debug Proof of concept Example

More information

Table Of Contents 1/7 0. Introduction 0-1. Introduction 0-1. Testing Environment 1. Software Vulnerabilty Review 1-1. Buffer OverFlow 1-2. Format Stri

Table Of Contents 1/7 0. Introduction 0-1. Introduction 0-1. Testing Environment 1. Software Vulnerabilty Review 1-1. Buffer OverFlow 1-2. Format Stri Windows System Hacking Technique Author E-Mail Blog Community Company : 조현석 (evernick) : 김언체 (ruina) : evernick@naver.com : ruina_s@naver.com : http://ruinick.tistory.com : http://cafe.naver.com/rekcah

More information

Microsoft PowerPoint - a10.ppt [호환 모드]

Microsoft PowerPoint - a10.ppt [호환 모드] Structure Chapter 10: Structures t and Macros Structure 관련된변수들의그룹으로이루어진자료구조 template, pattern field structure를구성하는변수 (cf) C언어의 struct 프로그램의 structure 접근 entire structure 또는 individual fields Structure는

More information

목 차 1. 개요 취약점분석추진배경 취약점요약 취약점정보 취약점대상시스템목록 분석 공격기법및기본개념 시나리오 공격코드

목 차 1. 개요 취약점분석추진배경 취약점요약 취약점정보 취약점대상시스템목록 분석 공격기법및기본개념 시나리오 공격코드 취약점분석보고서 [Aviosoft Digital TV Player Professional 1.x Stack Buffer Overflow] 2012-08-08 RedAlert Team 강동우 목 차 1. 개요... 1 1.1. 취약점분석추진배경... 1 1.2. 취약점요약... 1 1.3. 취약점정보... 1 1.4. 취약점대상시스템목록... 1 2. 분석...

More information

Microsoft PowerPoint - a8a.ppt [호환 모드]

Microsoft PowerPoint - a8a.ppt [호환 모드] 이장의내용 8 장고급프로시저 스택프레임 재귀 (Recursion) Invoke, Addr, Proc, Proto 디렉티브 다중모듈프로그램작성 2 8.2 스택프레임 Stack Frame ( 또는 activation record) procedure 의다음사항을저장한 영역 urn address passed parameter ( 스택매개변수 ) saved register

More information

Microsoft Word - SEH_Overwrites_Simplified.doc

Microsoft Word - SEH_Overwrites_Simplified.doc SEH Overwrites Simplified v1.01 1 Date : 2007. 10. 29 저자 : Aelphaeis Mangarae 편역 : Kancho ( kancholove@gmail.com, www.securityproof.net ) 머리말 이문서는 Stack 다이어그램을이용하여두개의다른 Windows 플랫폼에서의 SEH Overwrite를다룹니다.

More information

PowerPoint Template

PowerPoint Template BoF 원정대서비스 목차 환경구성 http://www.hackerschool.org/hs_boards/zboard.php?id=hs_notice&no=1170881885 전용게시판 http://www.hackerschool.org/hs_boards/zboard.php?id=bof_fellowship Putty War game 2 LOB 란? 해커스쿨에서제공하는

More information

강의10

강의10 Computer Programming gdb and awk 12 th Lecture 김현철컴퓨터공학부서울대학교 순서 C Compiler and Linker 보충 Static vs Shared Libraries ( 계속 ) gdb awk Q&A Shared vs Static Libraries ( 계속 ) Advantage of Using Libraries Reduced

More information

02.Create a shellcode that executes "/bin/sh" Excuse the ads! We need some help to keep our site up. List Create a shellcode that executes "/bin/sh" C

02.Create a shellcode that executes /bin/sh Excuse the ads! We need some help to keep our site up. List Create a shellcode that executes /bin/sh C 02.Create a shellcode that executes "/bin/sh" Excuse the ads! We need some help to keep our site up. List Create a shellcode that executes "/bin/sh" C language Assembly code Change permissions(seteuid())

More information

목차 1. 소개... 3 가. BOF란?... 3 나. 윈도우 BOF 개발환경및사용툴 Shellcode 작성하기... 4 가. cmd 쉘 ) 소스코드작성 ) 디스어셈블리 ) 어셈블리코드편집 간단

목차 1. 소개... 3 가. BOF란?... 3 나. 윈도우 BOF 개발환경및사용툴 Shellcode 작성하기... 4 가. cmd 쉘 ) 소스코드작성 ) 디스어셈블리 ) 어셈블리코드편집 간단 기술문서 `09. 11. 02. 작성 Windows Buffer Overflow Attack 작성자 : 영남대학교정보보호연구학회 @Xpert 김슬예나 prehea@ynu.ac.kr 1 목차 1. 소개... 3 가. BOF란?... 3 나. 윈도우 BOF... 3 2. 개발환경및사용툴... 3 3. Shellcode 작성하기... 4 가. cmd 쉘... 4

More information

Microsoft Word - FunctionCall

Microsoft Word - FunctionCall Function all Mechanism /* Simple Program */ #define get_int() IN KEYOARD #define put_int(val) LD A val \ OUT MONITOR int add_two(int a, int b) { int tmp; tmp = a+b; return tmp; } local auto variable stack

More information

<4D F736F F F696E74202D204B FC7C1B7CEB1D7B7A55F F6E48616E646C6572B8A6C5EBC7D1BFA1B7AFB0CBC3E2B9D7BCF6C1A

<4D F736F F F696E74202D204B FC7C1B7CEB1D7B7A55F F6E48616E646C6572B8A6C5EBC7D1BFA1B7AFB0CBC3E2B9D7BCF6C1A 강연소개 Exception Handler 를통한에러검출및수정 디버깅을즐겨하십니까..? 에러를만나면반갑습니까..? 전화로버그보고를받았나요..? 잡히지않는버그!!!! 따분한강의 졸아도좋습니다!!!! 강연자소개 테스터 온라인게임클라이언트개발 로컬라이즈및해외지원업무 디버깅, 최적화, 호환성향상에관심 강연대상 x86 환경에서 Windows 프로그래밍 디버깅 / 에러추적은

More information

No. 2012-13

No. 2012-13

More information

Poison null byte Excuse the ads! We need some help to keep our site up. List 1 Conditions 2 Exploit plan 2.1 chunksize(p)!= prev_size (next_chunk(p) 3

Poison null byte Excuse the ads! We need some help to keep our site up. List 1 Conditions 2 Exploit plan 2.1 chunksize(p)!= prev_size (next_chunk(p) 3 Poison null byte Excuse the ads! We need some help to keep our site up. List 1 Conditions 2 Exploit plan 2.1 chunksize(p)!= prev_size (next_chunk(p) 3 Example 3.1 Files 3.2 Source code 3.3 Exploit flow

More information

6주차.key

6주차.key 6, Process concept A program in execution Program code PCB (process control block) Program counter, registers, etc. Stack Heap Data section => global variable Process in memory Process state New Running

More information

PowerPoint 프레젠테이션

PowerPoint 프레젠테이션 Reverse Engineering Basics IA32 Basics CPU(Central Processing Units) 의구조 ALU Register EAX s EBX ECX EDX ESI EDI ESP EBP Control Unit EIP IR Eflags I/O Unit Data Bus Address Bus IA32 Register What is Register?

More information

CKKeyPro 적용가이드

CKKeyPro 적용가이드 3.20 사이버테러악성코드분석보고서 라온시큐어보안기술연구팀 작성일 : 2013. 03 페이지 : 1/15 Introduction 2013년 3월 20일오후, MBC, KBS, YTN, 농협, 신한은행, 제주은행전산망장애가동시에발생하였다. 피해기관들의호스트약 500여대에오류메시지가화면에나타났으며악성코드에감염된호스트는사용할수없는상태가되었다. 현재까지정확한침투경로가밝혀지지않고있다.

More information

3.20 테러 악성코드바이너리분석 손충호 (StolenByte) WOWHACKER Group 해당문서는 WOWHACKER Group 의문서이므로, 무단도용및수 정및변조는할수없습니다. 페이지 1 / 20

3.20 테러 악성코드바이너리분석 손충호 (StolenByte) WOWHACKER Group 해당문서는 WOWHACKER Group 의문서이므로, 무단도용및수 정및변조는할수없습니다. 페이지 1 / 20 3.20 테러 악성코드바이너리분석 손충호 (StolenByte) stolenbyte@wowhacker.org WOWHACKER Group 2013-03-20 해당문서는 WOWHACKER Group 의문서이므로, 무단도용및수 정및변조는할수없습니다. 페이지 1 / 20 전체적인공격프로세스 페이지 2 / 20 1. 바이너리가사용할 LoadLibrary 하여함수 Load

More information

PRO1_09E [읽기 전용]

PRO1_09E [읽기 전용] Siemens AG 1999 All rights reserved File: PRO1_09E1 Information and - ( ) 2 3 4 5 Monitor/Modify Variables" 6 7 8 9 10 11 CPU 12 Stop 13 (Forcing) 14 (1) 15 (2) 16 : 17 : Stop 18 : 19 : (Forcing) 20 :

More information

Reusing Dynamic Linker For Exploitation Author : Date : 2012 / 05 / 13 Contact : Facebook : fb.me/kwonpwn

Reusing Dynamic Linker For Exploitation Author : Date : 2012 / 05 / 13 Contact : Facebook : fb.me/kwonpwn Reusing Dynamic Linker For Exploitation Author : pwn3r @ B10S @WiseGuyz Date : 2012 / 05 / 13 Contact : austinkwon2@gmail.com Facebook : fb.me/kwonpwn3r Abstract 대부분의 Unix 에선공유라이브러리를메모리에로드하고프로그램과 link

More information

Microsoft Word - readme.doc

Microsoft Word - readme.doc ========================================================= 제 1 회광주과기원정보통신공학과 SW 경진대회 (Hacking 경진대회 ) 대회시작 : 2002 년 8 월 8 일 ( 목 ) 오후 9:00 ( 한국시간, GMT+9:00) 대회종료 : 2002 년 8 월 10 일 ( 토 ) 오후 9:00 ( 한국시간, GMT+9:00)

More information

1.hwp

1.hwp 윈도우 멀티미디어 취약점 분석 방법론 연구 수탁기관 : 한양대학교 산학협력단 2009. 09 25,000 2008 2009(1~8월 ) 20,000 15,000 11,818 10,000 5,000-11,362 3,344 2,756 603 173 2-366 165 1 1 기업 대학 비영리 연구소 네트워크 기타(개인)

More information

1

1 1 1....6 1.1...6 2. Java Architecture...7 2.1 2SDK(Software Development Kit)...8 2.2 JRE(Java Runtime Environment)...9 2.3 (Java Virtual Machine, JVM)...10 2.4 JVM...11 2.5 (runtime)jvm...12 2.5.1 2.5.2

More information

Level 4 ( hell_fire -> evil_wizard ) ~]$ cat evil_wizard.c /* The Lord of the BOF : The Fellowship of the BOF - evil_wizard

Level 4 ( hell_fire -> evil_wizard ) ~]$ cat evil_wizard.c /* The Lord of the BOF : The Fellowship of the BOF - evil_wizard Level 4 ( hell_fire -> evil_wizard ) [hell_fire@fedora_1stfloor ~]$ cat evil_wizard.c /* The Lord of the BOF : The Fellowship of the BOF - evil_wizard - Local BOF on Fedora Core 3 - hint : GOT overwriting

More information

Microsoft Word - MS_rshd_exploit.doc

Microsoft Word - MS_rshd_exploit.doc Windows RSH daemon

More information

Microsoft Word - Reverse Engineering Code with IDA Pro-2-1.doc

Microsoft Word - Reverse Engineering Code with IDA Pro-2-1.doc Reverse Engineering Code with IDA Pro By Dan Kaminsky, Justin Ferguson, Jason Larsen, Luis Miras, Walter Pearce 정리 : vangelis(securityproof@gmail.com) 이글은 Reverse Engineering Code with IDA Pro(2008년출판

More information

*금안1512-01-도비라및목차1~9

*금안1512-01-도비라및목차1~9 ISSN 1975-667 215. 12 215. 12 6 5 4 3 2 1 6 5 4 3 2 1 3 145 14 135 13 13 143. 14.7 1.4 9.2 1 7 45 4 35 41.4 85 76.9 76.8 3 7 8 75 125 4 4 1 25 8 6 4 2 2 15 1 5 15 15 36 35.3 36 14 13 12 11 14

More information

歯박지원-구운몽.PDF

歯박지원-구운몽.PDF wwwnovel21com (c) Copyright Joeun Community All Rights Reserved ,,,,,,,,,,,, 1 2 ( ) ( ),,, ( ) ( ) ( ), ( ) ( ) ( ) " ( ) 3 ( ) " ( ) " ( ) ( ) ( ) " ( ) " ",,, ( ) ", ( ), 4 ( ), " ( ), () ",,,, 5 (

More information

*금안14(10)01-도비라및목차1~12

*금안14(10)01-도비라및목차1~12 ISSN 1975-667 21. 1 21. 1 3 1 8 6 2 1 8 6 2 15 1 13 12 11 1 15 12 9 6 3 36 32 28 2 75 85 83 81 79 77 5 1 8 6 1 8 6 1 8 25 2 2 2 6 15 1 2-2 5-5 3 2 3 2 1 1-1 -1-2 -2 6 1 13 12 1 8 6 16 12 2.

More information

ActFax 4.31 Local Privilege Escalation Exploit

ActFax 4.31 Local Privilege Escalation Exploit NSHC 2013. 01. 14. 취약점분석보고서 Information Service about a new vulnerability Version 1.0 [ ] 2012 Red Alert. All Rights Reserved. 목차 1. 개요... 3 2. 공격... 4 3. 분석... 8 4. 결론... 12 5. 대응방안... 12 6. 참고자료... 13

More information

0x00 Contents 0x About Nickster 0x Analaysis 0x Exploit

0x00 Contents 0x About Nickster 0x Analaysis 0x Exploit Defcon CTF 17 th Nickster Report StolenByte(Son Choong-Ho) http://stolenbyte.egloos.com thscndgh_4@hotmail.com WOWHACKER 2009. 08. 09 0x00 Contents 0x01 ------------- About Nickster 0x02 -------------

More information

The_IDA_Pro_Book

The_IDA_Pro_Book The IDA Pro Book Hacking Group OVERTIME force (forceteam01@gmail.com) GETTING STARTED WITH IDA IDA New : Go : IDA Previous : IDA File File -> Open Processor type : Loading Segment and Loading Offset x86

More information

화판_미용성형시술 정보집.0305

화판_미용성형시술 정보집.0305 CONTENTS 05/ 07/ 09/ 12/ 12/ 13/ 15 30 36 45 55 59 61 62 64 check list 9 10 11 12 13 15 31 37 46 56 60 62 63 65 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

More information

본문서는 Syngress 의 Writing Security Tools and Exploits Chap11 을요약정리한 것입니다. 참고로 Chap 10 ~ 12 까지가 Metasploit 에대한설명입니다. Metasploit Framework 활용법 1. Metasplo

본문서는 Syngress 의 Writing Security Tools and Exploits Chap11 을요약정리한 것입니다. 참고로 Chap 10 ~ 12 까지가 Metasploit 에대한설명입니다. Metasploit Framework 활용법 1. Metasplo 본문서는 Syngress 의 Writing Security Tools and Exploits Chap11 을요약정리한 것입니다. 참고로 Chap 10 ~ 12 까지가 Metasploit 에대한설명입니다. Metasploit Framework 활용법 1. Metasploit Framework(MSF) 이란? bluearth in N@R 2003년오픈소스로발표된취약점발견및공격을위한

More information

/* */

/* */ /*---------------------------------------------------------------------------------*/ 번역 : innovation@wowhacker.org /*---------------------------------------------------------------------------------*/

More information

=

= written by vangelis(vangelis@wowhacker.org) 0 0000 8 1000 1 0001 9 1001 2 0010 10 1010 3 0011 11 1011 4 0100 12 1100 5 0101 13 1101 6 0110 14 1110 7 0111 15 1111 110112 + 100012 = 1011002 110 0000 0101

More information

Eureka Mail Client_v2.2.q를이용하여오믈렛에그헌팅에대하여알아볼것이다. 익스플로잇을위해구성된환경은아래와같다. - Windows XP Professional SP3 KOR - Python Ollydbg 1.x, Immunity Debugg

Eureka Mail Client_v2.2.q를이용하여오믈렛에그헌팅에대하여알아볼것이다. 익스플로잇을위해구성된환경은아래와같다. - Windows XP Professional SP3 KOR - Python Ollydbg 1.x, Immunity Debugg 익스플로잇실습 / 튜토리얼 Eureka Mail Client 2.2q Omelet Egg Hunting By WraithOfGhost Eureka Mail Client_v2.2.q를이용하여오믈렛에그헌팅에대하여알아볼것이다. 익스플로잇을위해구성된환경은아래와같다. - Windows XP Professional SP3 KOR - Python 2.7.10 - Ollydbg

More information

Exploit writing tutorials

Exploit writing tutorials EXPLOIT WRITING TUTORIALS C1 STACK BASED BUFFER OVERFLOW KIM DONG HYUN WHATTEAM & LET S CQ & KOREA IT TECHNICAL SCHOOL rlaehdgus213@naver.com 페이지 0 / 24 Exploit writing tutorials C1 Stack Based Buffer

More information

how_2_write_Exploit_4_the_MSF_v3.x.hwp

how_2_write_Exploit_4_the_MSF_v3.x.hwp Metasploit v3.0 을이용한 Exploit 작성하기 2008.1.18 본문서는 Jerome 님의 Writing Windows Exploits 을기반으로작성된문서임을밝힙니다. rich4rd rich4rd.lim@gmail.com - 1 - 목차. 1. 소개및개요 2. 배경지식 3. Exploit module 실습 3.1 Exploit module 수정하기

More information

Microsoft PowerPoint - a5a.ppt [호환 모드]

Microsoft PowerPoint - a5a.ppt [호환 모드] 5 장프로시저 (1) 책의라이브러리사용 5 장전반부 : 책의링크라이브러리 외부링크라이브러리개요 라이브러리프로시저호출 라이브러리링크 라이브러리프로시저 예제 연세대학교컴퓨터정보통신어셈블리언어 2 저자제공링크라이브러리 라이브러리파일 어셈블된프로시저를포함하고있는 OBJ 파일들을모아놓은파일 ( 확장자.LIB) 각 OBJ file 에는하나이상의 procedure 가들어있음

More information

Microsoft PowerPoint - a6.ppt [호환 모드]

Microsoft PowerPoint - a6.ppt [호환 모드] 이장의내용 6 장조건부처리 부울과비교명령어 조건부점프 조건부루프명령어 조건부구조 컴퓨터정보통신 어셈블리언어 2 6.2 부울과비교명령어 부울명령어 Instructions ti 동작 AND dst, src OR dst, src XOR dst, src NOT dst dst dst AND src dst dst OR src dst dst XOR src dst NOT

More information

Microsoft Word - GOM-StackOverFlow.doc

Microsoft Word - GOM-StackOverFlow.doc GOM Player 2.0.12 (.ASX) Stack Overflow Exploit Document V0.2 HACKING GROUP OVERTIME OVERTIME mrboo< bsh7983@gmail.com > 2009.01.10 이문서는 2009.01.08일자로 milw0rm에 DATA_SNIPER께서등록한곰플레이어관련 exploit을분석한문서이다.

More information

various tricks for remote linux exploits v3.pptx

various tricks for remote linux exploits v3.pptx various tricks for linux remote exploits 이석하 wh1ant 2013.11.30 www.codeengn.com 2013 CodeEngn Conference 09 Thank you The author would like to thank to trigger for reviewing this paper :) 순서 1 - Traditional

More information

Return-to-libc

Return-to-libc Return-to-libc Mini (skyclad0x7b7@gmail.com) 2015-08-22 - INDEX - 1. 개요... - 2-1-1. 서문... - 2-1-2. RTL 공격이란... - 2 - 보호기법... - 3 - Libc 란?... - 4-2. RTL 공격... - 4-2-1. 취약한코드... - 4-2-2. 분석... - 5-2-3.

More information

Microsoft PowerPoint - secu10.pptx

Microsoft PowerPoint - secu10.pptx Buffer Overflow Chap 10. Buffer Overflow a very common attack mechanism 1988 년 the Morris Worm 가처음사용한방법 버퍼에저장되는데이터의크기를검사하지않는, 프로그램의부주의한점을이용 prevention techniques 이알려져있음 여전히많은관심대상임 널리배포되어사용중인운영체제와응용프로그램에이러한버그가있는코드가존재함

More information

Microsoft Word - ExecutionStack

Microsoft Word - ExecutionStack Lecture 15: LM code from high level language /* Simple Program */ external int get_int(); external void put_int(); int sum; clear_sum() { sum=0; int step=2; main() { register int i; static int count; clear_sum();

More information

*금안 도비라및목차1~17

*금안 도비라및목차1~17 ISSN 1975-667 216. 6 금융안정보고서 216. 6 6 5 4 3 2 1 6 5 4 3 2 1 3 15 145 14 135 13 13 1 125 4 7 1 1 2 1 5 5 5 2 4 4 4 18 3 3 3 16 2 2 45 4 35 14 12 37.7 36.9.7-1.5 3-1 3 2 1 4 25 2 15 1 5-5

More information

PowerPoint 프레젠테이션

PowerPoint 프레젠테이션 @ Lesson 4 (Object) (Class) (Instance) (Method) (Constructor) Memory 1 UML 1 @ & 1 (Real World) (Software World) @ &.. () () @ & 2 (Real World) (Software World) OOA/ Modeling Abstraction Instantiation

More information

취약점분석보고서 [Photodex ProShow Producer v ] RedAlert Team 안상환

취약점분석보고서 [Photodex ProShow Producer v ] RedAlert Team 안상환 취약점분석보고서 [Photodex ProShow Producer v5.0.3256] 2012-07-24 RedAlert Team 안상환 목 차 1. 개요... 1 1.1. 취약점분석추진배경... 1 2. Photodex ProShow Producer Buffer Overflow 취약점분석... 2 2.1. Photodex ProShow Producer Buffer

More information

untitled

untitled Embedded System Lab. II Embedded System Lab. II 2 RTOS Hard Real-Time vs Soft Real-Time RTOS Real-Time, Real-Time RTOS General purpose system OS H/W RTOS H/W task Hard Real-Time Real-Time System, Hard

More information

2. GCC Assembler와 AVR Assembler의차이 A. GCC Assembler 를사용하는경우 i. Assembly Language Program은.S Extension 을갖는다. ii. C Language Program은.c Extension 을갖는다.

2. GCC Assembler와 AVR Assembler의차이 A. GCC Assembler 를사용하는경우 i. Assembly Language Program은.S Extension 을갖는다. ii. C Language Program은.c Extension 을갖는다. C 언어와 Assembly Language 을사용한 Programming 20011.9 경희대학교조원경 1. AVR Studio 에서사용하는 Assembler AVR Studio에서는 GCC Assembler와 AVR Assmbler를사용한다. A. GCC Assembler : GCC를사용하는경우 (WinAVR 등을사용하는경우 ) 사용할수있다. New Project

More information

MicrocontrollerAcademy_Lab_ST_040709

MicrocontrollerAcademy_Lab_ST_040709 Micro-Controller Academy Program Lab Materials STMicroelectronics ST72F324J6B5 Seung Jun Sang Sa Ltd. Seung Jun Sang Sa Ltd. Seung Jun Sang Sa Ltd. Seung Jun Sang Sa Ltd. Seung Jun Sang Sa Ltd. Seung Jun

More information

0x <main+41>: lea eax,[ebp-264] 0x f <main+47>: push eax 0x080484a0 <main+48>: call 0x804835c <strcpy> 0x080484a5 <main+53>: add esp,0x1

0x <main+41>: lea eax,[ebp-264] 0x f <main+47>: push eax 0x080484a0 <main+48>: call 0x804835c <strcpy> 0x080484a5 <main+53>: add esp,0x1 FTZ LEVEL11 #include #include int main( int argc, char *argv[] ) { char str[256]; setreuid( 3092, 3092 ); strcpy( str, argv[1] ); printf( str ); gdb 를이용해분석해보면 [level11@ftz level11]$

More information

Microsoft PowerPoint - o8.pptx

Microsoft PowerPoint - o8.pptx 메모리보호 (Memory Protection) 메모리보호를위해 page table entry에 protection bit와 valid bit 추가 Protection bits read-write / read-only / executable-only 정의 page 단위의 memory protection 제공 Valid bit (or valid-invalid bit)

More information

목차 1. 제품 소개... 4 1.1 특징... 4 1.2 개요... 4 1.3 Function table... 5 2. 기능 소개... 6 2.1 Copy... 6 2.2 Compare... 6 2.3 Copy & Compare... 6 2.4 Erase... 6 2

목차 1. 제품 소개... 4 1.1 특징... 4 1.2 개요... 4 1.3 Function table... 5 2. 기능 소개... 6 2.1 Copy... 6 2.2 Compare... 6 2.3 Copy & Compare... 6 2.4 Erase... 6 2 유영테크닉스( 주) 사용자 설명서 HDD014/034 IDE & SATA Hard Drive Duplicator 유 영 테 크 닉 스 ( 주) (032)670-7880 www.yooyoung-tech.com 목차 1. 제품 소개... 4 1.1 특징... 4 1.2 개요... 4 1.3 Function table... 5 2. 기능 소개... 6 2.1 Copy...

More information

2014밝고고운동요부르기-수정3

2014밝고고운동요부르기-수정3

More information

2005프로그램표지

2005프로그램표지

More information

토익S-채용사례리플렛0404

토익S-채용사례리플렛0404

More information

Heap Overflow By WraithOfGhost

Heap Overflow By WraithOfGhost Heap Overflow - 101 By WraithOfGhost 이전스택오버플로우문서에서예외처리핸들러 (Exception Handler) 를호출하거나직접적인방법을 EIP 레지스터를제어하는방법을보여주었다. 본문서는 EIP / SEH를직접이용하지않고프로그램의실행흐름을제어하는일련의방법들에대하여다룰예정이다. 공격자가정한값을원하는메모리주소에덮어씀으로써임의의 DWORD

More information

Microsoft Word - MSOffice_WPS_analysis.doc

Microsoft Word - MSOffice_WPS_analysis.doc MS Office.WPS File Stack Overflow Exploit 분석 (http://milw0rm.com/ 에공개된 exploit 분석 ) 2008.03.03 v0.5 By Kancho ( kancholove@gmail.com, www.securityproof.net ) milw0rm.com에 2008년 2월 13일에공개된 Microsoft Office.WPS

More information

취약점분석보고서 [CyberLink Power2Go name attribute (p2g) Stack Buffer Overflow Exploit] RedAlert Team_ 강동우

취약점분석보고서 [CyberLink Power2Go name attribute (p2g) Stack Buffer Overflow Exploit] RedAlert Team_ 강동우 취약점분석보고서 [CyberLink Power2Go name attribute (p2g) Stack Buffer Overflow Exploit] 2012-07-19 RedAlert Team_ 강동우 목 차 1. 개요... 1 1.1. 취약점분석추진배경... 1 1.2. Power2Go name Stack Buffer Overflow 취약점요약... 1 2.

More information

ETOS Series 사용설명서

ETOS Series 사용설명서 Programmable Gateway System ETOS - DPS (Profibus DP Slave To Serial) ETOS DPS AC&T System Co., Ltd. 2005-12-12 AC&T System Copyright 2000~2004. All rights reserved. AC&T System 1 1. 1.1. ETOS-DPS 1.1.1.

More information

목차 1. 개요... 3 2. USB 드라이버 설치 (FTDI DRIVER)... 4 2-1. FTDI DRIVER 실행파일... 4 2-2. USB 드라이버 확인방법... 5 3. DEVICE-PROGRAMMER 설치... 7 3-1. DEVICE-PROGRAMMER

목차 1. 개요... 3 2. USB 드라이버 설치 (FTDI DRIVER)... 4 2-1. FTDI DRIVER 실행파일... 4 2-2. USB 드라이버 확인방법... 5 3. DEVICE-PROGRAMMER 설치... 7 3-1. DEVICE-PROGRAMMER < Tool s Guide > 목차 1. 개요... 3 2. USB 드라이버 설치 (FTDI DRIVER)... 4 2-1. FTDI DRIVER 실행파일... 4 2-2. USB 드라이버 확인방법... 5 3. DEVICE-PROGRAMMER 설치... 7 3-1. DEVICE-PROGRAMMER 실행파일... 7 4. DEVICE-PROGRAMMER 사용하기...

More information

<C0CCBCBCBFB52DC1A4B4EBBFF82DBCAEBBE7B3EDB9AE2D313939392D382E687770>

<C0CCBCBCBFB52DC1A4B4EBBFF82DBCAEBBE7B3EDB9AE2D313939392D382E687770> i ii iii iv v vi 1 2 3 4 가상대학 시스템의 국내외 현황 조사 가상대학 플랫폼 개발 이상적인 가상대학시스템의 미래상 제안 5 웹-기반 가상대학 시스템 전통적인 교수 방법 시간/공간 제약을 극복한 학습동기 부여 교수의 일방적인 내용전달 교수와 학생간의 상호작용 동료 학생들 간의 상호작용 가상대학 운영 공지사항,강의록 자료실, 메모 질의응답,

More information

Microsoft PowerPoint - hy2-12.pptx

Microsoft PowerPoint - hy2-12.pptx 2.4 명령어세트 (instruction set) 명령어세트 CPU 가지원하는기계어명령어들의집합 명령어연산의종류 데이터전송 : 레지스터 / 메모리간에데이터이동 산술연산 : 덧셈, 뺄셈, 곱셈및나눗셈 논리연산 : 비트들간의 AND, OR, NOT 및 XOR 연산 입출력 (I/O) : CPU( 레지스터 ) 와외부장치들간의데이터이동 프로그램제어 : 분기, 서브루틴호출

More information

Microsoft Word - Reversing Engineering Code with IDA Pro-4-1.doc

Microsoft Word - Reversing Engineering Code with IDA Pro-4-1.doc Reverse Engineering Code with IDA Pro By Dan Kaminsky, Justin Ferguson, Jason Larsen, Luis Miras, Walter Pearce 정리 : vangelis(securityproof@gmail.com) 이글은 Reverse Engineering Code with IDA Pro(2008년출판

More information

..........-....33

..........-....33 04 06 12 14 16 18 20 22 24 26 Contents 34 38 42 46 50 54 58 62 66 70 74 78 84 88 90 92 94 96 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 01 26 27 02 28 29 30 31 32 33 34 35 36 37 38 39

More information

자식농사웹완

자식농사웹완 윤 영 선 _ 지음 은혜한의원 서울시 마포구 도화1동 550 삼성프라자 308호 Tel : 3272.0120, 702.0120 진료시간 : 오전 9시 30분`~`오후 7시 점심시간 : 오후 1시`~`2시 토 요 일 : 오전 9시 30분`~`오후 3시 (일, 공휴일 휴진`/`전화로 진료 예약 받습니다) 은 혜 한 의 원 은혜한의원 CONTENTS 02 04 07

More information

chungo_story_2013.pdf

chungo_story_2013.pdf Contents 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75 77 79 81 83 85 87 89 91 93 95 97 99

More information

*중1부

*중1부

More information

2

2

More information

Çѱ¹ÀÇ ¼º°øº¥Ã³µµÅ¥

Çѱ¹ÀÇ ¼º°øº¥Ã³µµÅ¥

More information

...._..........

...._..........

More information

Contents 12 13 15 17 70 79 103 107 20 21 24 29 128 137 141 32 34 36 41 46 47 53 55 174 189 230 240 58 61 64 1. 1. 1 2 3 4 2. 2. 2 1 3 4 3. 3. 1 2 3 4 4. 4. 1 2 3 4 5. 5. 1 2 3 1 2 3

More information

http://www.forest.go.kr 5 2013~2017 Contents 07 08 10 19 20 30 33 34 38 39 40 44 45 47 49 51 52 53 53 57 63 67 Contents 72 75 76 77 77 82 88 93 95 96 97 97 103 109 115 121 123 124 125 125 129 132 137

More information

전반부-pdf

전반부-pdf Contents 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72

More information

표1.4출력

표1.4출력

More information

003-p.ps

003-p.ps

More information

<4D6963726F736F667420506F776572506F696E74202D20312E20B0E6C1A6C0FCB8C15F3136B3E2C7CFB9DDB1E25F325FC6ED28C0BA292E70707478>

<4D6963726F736F667420506F776572506F696E74202D20312E20B0E6C1A6C0FCB8C15F3136B3E2C7CFB9DDB1E25F325FC6ED28C0BA292E70707478> Contents 3 2016 4 2016 5 2016 6 2016 7 2016 8 2016 9 2016 10 2016 11 2016 12 2016 13 2016 14 2016 15 2016 16 2016 17 2016 18 2016 19 2016 20 2016 21 2016 22 2016 23 2016 24 2016 25 2016 26 2016 27 2016

More information

............200904_..........

............200904_..........

More information

12월월간보고서내지편집3

12월월간보고서내지편집3

More information

중앙도서관소식지겨울내지33

중앙도서관소식지겨울내지33

More information

에너지포커스 2007년 가을호

에너지포커스 2007년 가을호

More information

8....................5

8....................5

More information

01_당선자공약_서울

01_당선자공약_서울

More information

인권문예대회_작품집4-2

인권문예대회_작품집4-2

More information

........

........

More information

..........- ........

..........- ........ Contents 24 28 32 34 36 38 40 42 44 46 50 52 54 56 58 60 61 62 64 66 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 01 02 24 25 03 04 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

More information

Contents 007 008 016 125 126 130 019 022 027 029 047 048 135 136 139 143 145 150 058 155 073 074 078 158 163 171 182 089 195 090 100 199 116 121 01 01 02 03 04 05 06 8 9 01 02 03 04 05 06 10 11 01 02 03

More information

목차

목차

More information
2024 © docsplayer.org 개인정보보호 | 약관 | 지원