為什麼上高中電腦課時都要寫些無趣的 code 來當作成績, 有沒有什麼方法用有趣的方法 讓題目一次刷完。 無聊的高中生把各種 online judge 當作 CTF 在打, 利用各種手法讓 OJ 製造一個後門, 從簡單的 execv 到 seccomp bypass 甚至是 sandbox escape, 讓你玩轉 OJ 把題目 AK 後再被電腦老師死當。目標聽眾
對於資安有興趣的初學者(?
先備知識
看的懂基礎的 C 語言以及 shellcode
歡迎大家來到SITCON 2021 ヽ(✿゚▽゚)ノ
共筆入口:https://hackmd.io/@SITCON/2021
手機版請點選上方 按鈕展開議程列表。
請從這裡開始
如果Online Judge沒做防護的話…
#include <stdio.h>
#include <unistd.h>
int main(int arg, char **args) {
char *argv[] = {"cat", "/etc/password", NULL};
char *envp[] = {0, NULL};
execve("/bin/cat", argv, envp);
}
直接cat password拿到帳號資料
實際情況
or
or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up
Syntax | Example | Reference | |
---|---|---|---|
# Header | Header | 基本排版 | |
- Unordered List |
|
||
1. Ordered List |
|
||
- [ ] Todo List |
|
||
> Blockquote | Blockquote |
||
**Bold font** | Bold font | ||
*Italics font* | Italics font | ||
~~Strikethrough~~ | |||
19^th^ | 19th | ||
H~2~O | H2O | ||
++Inserted text++ | Inserted text | ||
==Marked text== | Marked text | ||
[link text](https:// "title") | Link | ||
 | Image | ||
`Code` | Code |
在筆記中貼入程式碼 | |
```javascript var i = 0; ``` |
|
||
:smile: | ![]() |
Emoji list | |
{%youtube youtube_id %} | Externals | ||
$L^aT_eX$ | LaTeX | ||
:::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing