๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
โœ’๏ธ Reverse Engineering/CodeEngn

[Reverse Engineering] CodeEngn Basic RCE L16 WriteUp

by A Lim Han 2023. 11. 14.

๐Ÿ‘บ CodeEngn Basic RCE L16 WriteUp

1.  ๋ฌธ์ œ ํ™•์ธ ํ›„ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ

2.  7-Zip File Manager ์„ ํ†ตํ•ด ํŒŒ์ผ ์••์ถ• ํ•ด์ œ  -->  16 ํŒŒ์ผ ์† ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ ๋ฐœ๊ฒฌ

3.  16.exe ์„ ์‹คํ–‰ํ•˜์—ฌ ์ž„์˜์˜ ๊ฐ’ ์ž…๋ ฅ ํ›„ "Enter" ํด๋ฆญ  -->  "Wrong password!" ์ด๋ผ๋Š” ๊ฒฝ๊ณ ๋ฌธ ํ™•์ธ

4.  Immunity Debugger ์„ ํ†ตํ•ด 16.exe ํŒŒ์ผ ์˜คํ”ˆ

5.  ์„ฑ๊ณต ๋ฌธ์ž์—ด๊ณผ ์‹คํŒจ ๋ฌธ์ž์—ด๋กœ ๋ถ„๊ธฐํ•˜๋Š” ๋ถ€๋ถ„ ๋ฐœ๊ฒฌ  -->  ๋ถ„๊ธฐ ๋ถ€๋ถ„๊ณผ ๊ทธ ์•„๋ž˜ BreakPoint ์„ค์ •

6.  Debugging ์‹คํ–‰ ํ›„ ๋ ˆ์ง€์Šคํ„ฐ ๊ฐ’ ํ™•์ธ

 


  

    
    
    
    
  
# EAX ๋ ˆ์ง€์Šคํ„ฐ

: 000004D2



# EBP ๋ ˆ์ง€์Šคํ„ฐ

: 0070FF28

7.  ๋ฐœ๊ฒฌํ•œ ์‚ฌ์‹ค๋“ค์„ ๊ธฐ๋ฐ˜์œผ๋กœ Password ํƒ์ƒ‰  -->  ํŒจ์Šค์›Œ๋“œ๊ฐ€ E4C60D97 ์ž„์„ ๋ฐœ๊ฒฌ


  

    
    
    
    
  
# Password ๊ฐ’์˜ ์œ„์น˜

: 0070FF28-3C == 70feec

8.  ๋ฐœ๊ฒฌํ•œ Password ๋ฅผ 10์ง„์ˆ˜ ํ˜•ํƒœ๋กœ ๋ณ€๊ฒฝ

 

++ ์‚ฌ์šฉํ•œ ์ง„์ˆ˜ ๋ณ€ํ™˜๊ธฐ

-->  https://www.rapidtables.org/ko/convert/number/hex-to-decimal.html

 

16 ์ง„์ˆ˜์—์„œ 10 ์ง„์ˆ˜๋กœ ๋ณ€ํ™˜๊ธฐ

์—์„œ ๋ฐ”์ด๋„ˆ๋ฆฌ ์†Œ์ˆ˜ 16 ์ง„์ˆ˜ ๋ฐ›๋Š” ์‚ฌ๋žŒ ๋ฐ”์ด๋„ˆ๋ฆฌ ์†Œ์ˆ˜ 16 ์ง„์ˆ˜ ์ผ๋ฐ˜ ์‹ญ์ง„์ˆ˜๋Š” 10์˜ ๊ฑฐ๋“ญ ์ œ๊ณฑ์„ ๊ณฑํ•œ ์ˆซ์ž์˜ ํ•ฉ๊ณ„์ž…๋‹ˆ๋‹ค. 10 ์ง„๋ฒ•์˜ 137์€ ๊ฐ ์ˆซ์ž์— ์ƒ์‘ํ•˜๋Š” 10์˜ ๊ฑฐ๋“ญ ์ œ๊ณฑ์„ ๊ณฑํ•œ ๊ฒƒ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.

www.rapidtables.org

9.  ๋‹ค์‹œ 16.exe ํŒŒ์ผ ์‹คํ–‰ ํ›„ ์•Œ์•„๋‚ธ ๊ฐ’ ์ž…๋ ฅ  -->  ๋ฌธ์ œ๊ฐ€ ์„ฑ๊ณต์ ์œผ๋กœ ํ•ด๊ฒฐ๋˜์—ˆ์Œ์„ ํ™•์ธ

 

์ €์ž‘์žํ‘œ์‹œ ๋น„์˜๋ฆฌ ๋ณ€๊ฒฝ๊ธˆ์ง€

'โœ’๏ธ Reverse Engineering > CodeEngn' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[Reverse Engineering] CodeEngn Basic RCE L18 WriteUp  (1) 2023.11.16
[Reverse Engineering] CodeEngn Basic RCE L17 WriteUp  (0) 2023.11.15
[Reverse Engineering] CodeEngn Basic RCE L15 WriteUp  (0) 2023.11.10
[Reverse Engineering] CodeEngn Basic RCE L14 WriteUp  (0) 2023.11.10
[Reverse Engineering] CodeEngn Basic RCE L13 WriteUp  (0) 2023.11.10

๊ด€๋ จ๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”