Vuln
![[pwnable.kr][Toddler] lotto 문제풀이](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99CB98435B77BEBF2F)
[pwnable.kr][Toddler] lotto 문제풀이
lotto #include #include #include #include unsigned char submit[6]; void play(){ int i; printf("Submit your 6 lotto bytes : "); fflush(stdout); int r; r = read(0, submit, 6); printf("Lotto Start!\n"); //sleep(1); // generate lotto numbers int fd = open("/dev/urandom", O_RDONLY); if(fd==-1){ printf("error. tell admin\n"); exit(-1); } unsigned char lotto[6]; if(read(fd, lotto, 6) != 6){ printf("err..
![[pwnable.kr][Toddler] shellshock 문제풀이](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F997CCC505B7775E202)
[pwnable.kr][Toddler] shellshock 문제풀이
shellshock shellshock@ubuntu:~$ ls -l total 960 -r-xr-xr-x 1 root shellshock 959120 Oct 12 2014 bash -r--r----- 1 root shellshock_pwn 47 Oct 12 2014 flag -r-xr-sr-x 1 root shellshock_pwn 8547 Oct 12 2014 shellshock -r--r--r-- 1 root root 188 Oct 12 2014 shellshock.c ls로 해서 보면 shellshock과 bash가 존재한다.shellshock.c를 살펴보자. #include int main(){ setresuid(getegid(), getegid(), getegid()); setresgid(get..