Transcript A STUDY ON SECURITY SYSTEM BASED ON VLC

HACKING – THE ART OF EXPLOITATION
Ox28O BUILDING ON BASIC - ANALYSIS SOURCE
CODE
Graduate School of Information Security
MIN
CHUL,
KIM
CONTENTS
•
•
•
•
•
•
•
•
•
•
Simplenote.c
Bitwise.c
Functioncontrol_flags.c
UserID_demo.c
Notetaker.c
Notesearch.c
Time_example.c
Functionponter_example.c
Rand_example.c
Game_of_chance.c
SIMPLENOTE.C
Permission part
IMPLEMENT SIMPLENOTE.C
IMPLEMENT SIMPLENOTE.C
BUFFER
OVERFLOW
memory
File save location
Buffer destination
Buffer start
IMPLEMENT SIMPLENOTE.C
BITWISE.C
i
1
2
a=i&2
b=i&1
0
00
01
10
0
0
1
01
01
10
0
1
2
10
01
10
1
0
3
11
01
10
1
1
IMPLEMENT BITWISE.C
FUNCTIONCONTROL_FLAGS
.C
mask
shift
value=0
♧
♧
IMPLEMENT
FCNTL_FLAGS.C
FILE PERMISSIONS
-rw-r-r--
1
nare
nare
1872
2014-09-17
12:57
simplenote.c
permission
link
user
group
file size
date
time
file name
Detail
FILE PERMISSIONS
Change ownership  chown [ownership][.group] [file name]
-rw-r-r--
1
nare
nare
1872
2014-09-17
12:57
simplenote.c
permission
link
user
group
file size
date
time
file name
Change permission  chmod [number or symbol] [file name]
r
read
4
Symbol
ownership
w
write
2
7
group
x
operate
1
others
r
w
x
r
w
x
4
5
1
-
2
2
-
u
ownership
+
add permission
g
group
-
del permission
o
others
=
only permission
a
all
s
file owned user
USER IDs
Change shell
 user login shell
USER IDs
Locked
HACKING.h
Making header file
Easy to use function
NOTETAKER.c
IMPLEMENT NOTETAKER.c
User id
NOTESEARCH.c
NOTESEARCH.c
NOTESEARCH.c
IMPLEMENT
NOTESEARCH.c
Independent
TIME_EXAMPLE.C
TIME_EXAMPLE2.C
IMPLEMENT
TIME_EXAMPLE2.C
FUNCTION POINTER.C
RAND_EXAMPLE.C
RAND_EXAMPLE.C
Different
GAME OF CHANCE.C
GAME OF CHANCE.C
GAME OF CHANCE.C
GAME OF CHANCE.C
GAME OF CHANCE.C
GAME OF CHANCE.C
GAME OF CHANCE.C
GAME OF CHANCE.C
GAME OF CHANCE.C
GAME OF CHANCE.C
GAME OF CHANCE.C
PLAY‘GAME OF CHANCE’
I didn’t win the game. T_T