{"id":13,"date":"2023-06-16T05:17:26","date_gmt":"2023-06-15T20:17:26","guid":{"rendered":"https:\/\/h4ck.kr\/?p=13"},"modified":"2024-05-22T17:08:44","modified_gmt":"2024-05-22T08:08:44","slug":"fd","status":"publish","type":"post","link":"https:\/\/h4ck.kr\/?p=13","title":{"rendered":"fd"},"content":{"rendered":"\n
\n
\n
\n
#include <stdio.h>\n#include <stdlib.h>\n#include <string.h>\nchar buf[32];\nint main(int argc, char* argv[], char* envp[]){\n        if(argc<2){\n                printf(\"pass argv[1] a number\\n\");\n                return 0;\n        }\n        int fd = atoi( argv[1] ) - 0x1234;\n        int len = 0;\n        len = read(fd, buf, 32);\n        if(!strcmp(\"LETMEWIN\\n\", buf)){\n                printf(\"good job :)\\n\");\n                system(\"\/bin\/cat flag\");\n                exit(0);\n        }\n        printf(\"learn about Linux file IO\\n\");\n        return 0;\n\n}<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n
\ud480\uc774<\/h2>\n\n\n\n
\n
\n
\n
if(argc<2){\n        printf(\"pass argv[1] a number\\n\");\n        return 0;\n}<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n
\ub9e4\uac1c\ubcc0\uc218\uc5d0 \ub118\uae30\ub294 \uac12\uc774 \ud558\ub098\ub77c\ub3c4 \uc5c6\uc73c\uba74, pass argv[1] a number \uba54\uc2dc\uc9c0\ub97c \ucd9c\ub825\ud55c\ub2e4. <\/p>\n\n\n\n
\uc77c\ubc18\uc801\uc73c\ub85c \ub9e4\uac1c\ubcc0\uc218 \uc5c6\uc774 \ubc14\uc774\ub108\ub9ac\ub9cc \uc2e4\ud589\ud588\uc744 \ub54c \ubc1c\uc0dd\ud55c\ub2e4.<\/p>\n\n\n\n
\n
\n
\n
int fd = atoi( argv[1] ) - 0x1234;\nint len = 0;\nlen = read(fd, buf, 32);<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n
atoi\ub294 10\uc9c4\uc218 \uc815\uc218 \ubb38\uc790\uc5f4\uc744 \uc815\uc218\uac12\uc73c\ub85c \ubcc0\ud658\ud55c\ub2e4.<\/p>\n\n\n\n
read\ub294 \ub9d0\uadf8\ub300\ub85c \ud30c\uc77c\uc744 \uc77d\uc744\ub54c \uc4f0\ub294 \ud568\uc218\ub2e4.<\/p>\n\n\n\n
\uac01\uac01 \ub9e4\uac1c\ubcc0\uc218\uc5d0\ub294 \ud30c\uc77c \ub514\uc2a4\ud06c\ub9bd\ud130, \ud30c\uc77c\uc744 \uc77d\uc5b4\ub4e4\uc77c \ubc84\ud37c, \ubc84\ud37c\uc758 \ud06c\uae30\uac00 \ub4e4\uc5b4\uac04\ub2e4. <\/p>\n\n\n\n
\ud30c\uc77c \ub514\uc2a4\ud06c\ub9bd\ud130\ub294 \ud504\ub85c\uc138\uc2a4\uc5d0\uc11c \ud2b9\uc815 \ud30c\uc77c\uc5d0 \uc811\uadfc\ud560 \ub54c \uc0ac\uc6a9\ud558\ub294 \ucd94\uc0c1\uc801\uc778 \uac12\uc73c\ub85c, \uae30\ubcf8\uc73c\ub85c \ud560\ub2f9\ub418\ub294 \uac12\uc740 \ub2e4\uc74c\uacfc \uac19\ub2e4.<\/p>\n\n\n\n
\n
\n
\n
\n
\n
\n
\ud30c\uc77c \ub514\uc2a4\ud06c\ub9bd\ud130<\/strong><\/td>\ubaa9\uc801<\/strong><\/td>POSIX \uc774\ub984<\/strong><\/td>stdio \uc2a4\ud2b8\ub9bc<\/strong><\/td><\/tr>
0<\/td>\ud45c\uc900 \uc785\ub825<\/td>STDIN_FILENO<\/td>stdin             <\/td><\/tr>
1<\/td>\ud45c\uc900 \ucd9c\ub825<\/td>STDOUT_FILENO<\/td>stdout<\/td><\/tr>
2<\/td>\ud45c\uc900 \uc5d0\ub7ec<\/td>STDERR_FILENO<\/td>stderr<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n
\n
\n
if(!strcmp(\"LETMEWIN\\n\", buf)){\n        printf(\"good job :)\\n\");\n        system(\"\/bin\/cat flag\");\n        exit(0);\n}<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n
strcmp\ub294 \ubb38\uc790\uc5f4\uc744 \ube44\uad50\ud558\ub294 \ud568\uc218\ub2e4.<\/p>\n\n\n\n
\uc11c\ub85c \ubb38\uc790\uc5f4\uc774 \uac19\uc744 \ub54c 0\uc744 \ubc18\ud658\ud558\uace0 \ud50c\ub798\uadf8\ub97c \ucd9c\ub825\ud55c\ub2e4.<\/p>\n\n\n\n
<\/p>\n\n\n\n
    \n
  1. buf \ubcc0\uc218\uc5d0 LETMEWIN\uc774 \ub4e4\uc5b4\uac00\uae30 \uc704\ud574\uc11c\ub294 \uc0ac\uc6a9\uc790\uc758 \uc785\ub825\uc774 \ud544\uc694\ud558\ub2e4. <\/li>\n\n\n\n
  2. \ud30c\uc77c \ub514\uc2a4\ud06c\ub9bd\ud130\uac00 \ud45c\uc900 \uc785\ub825\uc778 0\uc774 \ub418\uc5b4\uc57c \ud558\uae30 \ub54c\ubb38\uc5d0, \ub9e4\uac1c\ubcc0\uc218\uc5d0 0x1234\uc758 10\uc9c4\uc218\uc778 4660 \ubb38\uc790\uc5f4\uacfc \ud568\uaed8 fd\ub97c \uc2e4\ud589\ud55c\ub2e4.<\/li>\n\n\n\n
  3. \uadf8\ub9ac\uace0 LETMEWIN\uc744 \uc785\ub825\ud55c\ub2e4.<\/li>\n<\/ol>\n\n\n\n
    \n
    \n
    \n
    fd@pwnable:~$ .\/fd 4660\nLETMEWIN\ngood job :)\nmommy! I think I know what a file descriptor is!!<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
    \ud480\uc774 \ub9e4\uac1c\ubcc0\uc218\uc5d0 \ub118\uae30\ub294 \uac12\uc774 \ud558\ub098\ub77c\ub3c4 \uc5c6\uc73c\uba74, pass argv[1] a number \uba54\uc2dc\uc9c0\ub97c \ucd9c\ub825\ud55c\ub2e4. \uc77c\ubc18\uc801\uc73c\ub85c \ub9e4\uac1c\ubcc0\uc218 \uc5c6\uc774 \ubc14\uc774\ub108\ub9ac\ub9cc \uc2e4\ud589\ud588\uc744 \ub54c \ubc1c\uc0dd\ud55c\ub2e4. atoi\ub294 10\uc9c4\uc218 \uc815\uc218 \ubb38\uc790\uc5f4\uc744 \uc815\uc218\uac12\uc73c\ub85c \ubcc0\ud658\ud55c\ub2e4. read\ub294 \ub9d0\uadf8\ub300\ub85c \ud30c\uc77c\uc744 \uc77d\uc744\ub54c \uc4f0\ub294 \ud568\uc218\ub2e4. \uac01\uac01 \ub9e4\uac1c\ubcc0\uc218\uc5d0\ub294 \ud30c\uc77c \ub514\uc2a4\ud06c\ub9bd\ud130, \ud30c\uc77c\uc744 \uc77d\uc5b4\ub4e4\uc77c \ubc84\ud37c, \ubc84\ud37c\uc758 \ud06c\uae30\uac00 \ub4e4\uc5b4\uac04\ub2e4. \ud30c\uc77c \ub514\uc2a4\ud06c\ub9bd\ud130\ub294 \ud504\ub85c\uc138\uc2a4\uc5d0\uc11c \ud2b9\uc815 \ud30c\uc77c\uc5d0 \uc811\uadfc\ud560 \ub54c \uc0ac\uc6a9\ud558\ub294 \ucd94\uc0c1\uc801\uc778 \uac12\uc73c\ub85c, \uae30\ubcf8\uc73c\ub85c \ud560\ub2f9\ub418\ub294 \uac12\uc740 \ub2e4\uc74c\uacfc… \ub354 \ubcf4\uae30 »fd<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[25],"class_list":["post-13","post","type-post","status-publish","format-standard","hentry","category-pwnable-kr","tag-pwnable"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/13","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13"}],"version-history":[{"count":91,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/13\/revisions"}],"predecessor-version":[{"id":296,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/13\/revisions\/296"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}