๐บ CodeEngn Basic RCE L16 WriteUp
1. ๋ฌธ์ ํ์ธ ํ ํ์ผ ๋ค์ด๋ก๋
2. 7-Zip File Manager ์ ํตํด ํ์ผ ์์ถ ํด์ --> 16 ํ์ผ ์ ์์ฉ ํ๋ก๊ทธ๋จ ๋ฐ๊ฒฌ
3. 16.exe ์ ์คํํ์ฌ ์์์ ๊ฐ ์ ๋ ฅ ํ "Enter" ํด๋ฆญ --> "Wrong password!" ์ด๋ผ๋ ๊ฒฝ๊ณ ๋ฌธ ํ์ธ
4. Immunity Debugger ์ ํตํด 16.exe ํ์ผ ์คํ
5. ์ฑ๊ณต ๋ฌธ์์ด๊ณผ ์คํจ ๋ฌธ์์ด๋ก ๋ถ๊ธฐํ๋ ๋ถ๋ถ ๋ฐ๊ฒฌ --> ๋ถ๊ธฐ ๋ถ๋ถ๊ณผ ๊ทธ ์๋ BreakPoint ์ค์
6. Debugging ์คํ ํ ๋ ์ง์คํฐ ๊ฐ ํ์ธ
# EAX ๋ ์ง์คํฐ
: 000004D2
# EBP ๋ ์ง์คํฐ
: 0070FF28
7. ๋ฐ๊ฒฌํ ์ฌ์ค๋ค์ ๊ธฐ๋ฐ์ผ๋ก Password ํ์ --> ํจ์ค์๋๊ฐ E4C60D97 ์์ ๋ฐ๊ฒฌ
# Password ๊ฐ์ ์์น
: 0070FF28-3C == 70feec
8. ๋ฐ๊ฒฌํ Password ๋ฅผ 10์ง์ ํํ๋ก ๋ณ๊ฒฝ
++ ์ฌ์ฉํ ์ง์ ๋ณํ๊ธฐ
--> https://www.rapidtables.org/ko/convert/number/hex-to-decimal.html
9. ๋ค์ 16.exe ํ์ผ ์คํ ํ ์์๋ธ ๊ฐ ์ ๋ ฅ --> ๋ฌธ์ ๊ฐ ์ฑ๊ณต์ ์ผ๋ก ํด๊ฒฐ๋์์์ ํ์ธ
'โ๏ธ Reverse Engineering > CodeEngn' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
[Reverse Engineering] CodeEngn Basic RCE L18 WriteUp (1) | 2023.11.16 |
---|---|
[Reverse Engineering] CodeEngn Basic RCE L17 WriteUp (0) | 2023.11.15 |
[Reverse Engineering] CodeEngn Basic RCE L15 WriteUp (0) | 2023.11.10 |
[Reverse Engineering] CodeEngn Basic RCE L14 WriteUp (0) | 2023.11.10 |
[Reverse Engineering] CodeEngn Basic RCE L13 WriteUp (0) | 2023.11.10 |