๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
728x90

๐Ÿ”’์ •๋ณด๋ณด์•ˆ122

์ทจ์•ฝ์  ๋ถ„์„ - ํ”„๋กœ์„ธ์Šค ์‹œ์ž‘์‹œ ์ž๋™ ๋””๋ฒ„๊น… https://2ry53.tistory.com/entry/%ED%94%84%EB%A1%9C%EC%84%B8%EC%8A%A4-%EC%8B%9C%EC%9E%91%EC%8B%9C-%EC%9E%90%EB%8F%99-%EB%94%94%EB%B2%84%EA%B9%85 - ํ”„๋กœ์„ธ์Šค ์‹œ์ž‘์‹œ ์ž๋™ ๋””๋ฒ„๊น… -ํ”„๋กœ์„ธ์Šค ์‹œ์ž‘๊ณผ ๋™์‹œ์— ๋””๋ฒ„๊น…์„ ํ•ด๋ณด์ž!! msdn์— ๊ฐ€๋ณด๋ฉด ์ด๋Ÿฐ๊ธ€์ด ์žˆ์—ˆ๋‹ค. You can set up your application to start Visual Studio when you launch the application from Windows. Visual Studio will load your application, ready for deb2ry53.tistory.com 2024. 9. 10.
๋ชจ์˜ํ•ดํ‚น - ๋ฒ„ํ”„ ์Šค์œ„ํŠธ(Brup Suite) ์„ค์ • ๋ชจ์Œ Burp Suite ํ•œ๊ธ€ ๊นจ์ง ๋ฐฉ์ง€  1. Burp Suite๋ฅผ ์ผœ๊ณ  ์˜ค๋ฅธ์ชฝ ์ƒ๋‹จ์˜ Settings๋ฅผ ํด๋ฆญ2. User Interface์— Message editor๋กœ ๋“ค์–ด๊ฐ€ HTTP message display์— ํ•œ๊ธ€ ํฐํŠธ(e.g. ๊ตด๋ฆผ์ฒด)๋กœ ์„ค์ •3. Character sets์— Use a specific character set์— ์ธ์ฝ”๋”ฉ์„ UTF-8๋กœ ์„ค์ • ์ถœ์ฒ˜: https://velog.io/@dailylifecoding/Hacking-Burp-Suite-%ED%95%9C%EA%B8%80-%EA%B9%A8%EC%A7%90-%EB%B0%A9%EC%A7%80   Burp Suite Response Intercept ํ•˜๊ธฐ 1. Proxy ํƒญ์—์„œ Proxy Settings ํด๋ฆญ2. Response inte.. 2024. 8. 7.
์ •๋ณด๋ณด์•ˆ - ๊ถŒํ•œ ํ™•๋Œ€ ์ •๋ณด๋ณด์•ˆ ๊ถŒํ•œ ํ™•๋Œ€๋Š” ๋ณด์•ˆ ์นจํ•ด๋‚˜ ์˜ค์šฉ์„ ๋ฐฉ์ง€ํ•˜๊ธฐ ์œ„ํ•ด ์‚ฌ์šฉ์ž๋‚˜ ํ”„๋กœ์„ธ์Šค๊ฐ€ ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋Š” ์ •๋ณด๋‚˜ ๋ฆฌ์†Œ์Šค์˜ ๋ฒ”์œ„๋ฅผ ์ œ์–ดํ•˜๋Š” ๊ฒƒ์„ ๋งํ•ฉ๋‹ˆ๋‹ค. ์ด๋Š” ํฌ๊ฒŒ ์ˆ˜ํ‰ ๊ถŒํ•œ ํ™•๋Œ€์™€ ์ˆ˜์ง ๊ถŒํ•œ ํ™•๋Œ€๋กœ ๋‚˜๋ˆŒ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.  ์ˆ˜ํ‰ ๊ถŒํ•œ ํ™•๋Œ€(Horizontal Privilege Escalation) ์ˆ˜ํ‰ ๊ถŒํ•œ ํ™•๋Œ€๋Š” ๋™์ผํ•œ ๊ถŒํ•œ ๋ ˆ๋ฒจ์—์„œ ๋‹ค๋ฅธ ์‚ฌ์šฉ์ž๋‚˜ ํ”„๋กœ์„ธ์Šค์˜ ๊ถŒํ•œ์„ ์ทจ๋“ํ•˜๋Š” ๊ฒƒ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด, ์ผ๋ฐ˜ ์‚ฌ์šฉ์ž๊ฐ€ ๋‹ค๋ฅธ ์ผ๋ฐ˜ ์‚ฌ์šฉ์ž์˜ ํŒŒ์ผ์— ์ ‘๊ทผํ•˜๊ฑฐ๋‚˜ ํ”„๋กœ์„ธ์Šค๋ฅผ ์ œ์–ดํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.   ์ˆ˜์ง ๊ถŒํ•œ ํ™•๋Œ€(Vertical Privilege Escalation) ์ˆ˜์ง ๊ถŒํ•œ ํ™•๋Œ€๋Š” ํ˜„์žฌ ๊ถŒํ•œ ๋ ˆ๋ฒจ๋ณด๋‹ค ๋” ๋†’์€ ๊ถŒํ•œ์„ ํš๋“ํ•˜๋Š” ๊ฒƒ์„ ๋งํ•ฉ๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด, ์ผ๋ฐ˜ ์‚ฌ์šฉ์ž๊ฐ€ ๊ด€๋ฆฌ์ž ๊ถŒํ•œ์„ ํš๋“ํ•˜๊ฑฐ๋‚˜, ์ œํ•œ๋œ ํ”„๋กœ์„ธ์Šค๊ฐ€ ์‹œ์Šคํ…œ ๊ถŒํ•œ.. 2024. 6. 6.
๋„คํŠธ์›Œํฌ ๋ณด์•ˆ - HTTP ํŠธ๋ž˜ํ”ฝ ๋ถ„์„ ํ”„๋ก์‹œ(mitmproxy) mitmproxy๋Š” ๋””๋ฒ„๊น…, ํ…Œ์ŠคํŠธ, ๊ฐœ์ธ์ •๋ณด ๋ณดํ˜ธ ์ธก์ •, ์นจํˆฌ ํ…Œ์ŠคํŠธ๋ฅผ ์œ„ํ•œ ์Šค์œ„์Šค ๊ตฐ์šฉ ์นผ์ž…๋‹ˆ๋‹ค. HTTP/1, HTTP/2, WebSockets ๋˜๋Š” ๊ธฐํƒ€ SSL/TLS ๋ณดํ˜ธ ํ”„๋กœํ† ์ฝœ๊ณผ ๊ฐ™์€ ์›น ํŠธ๋ž˜ํ”ฝ์„ ๊ฐ€๋กœ์ฑ„๊ณ , ๊ฒ€์‚ฌํ•˜๊ณ , ์ˆ˜์ •ํ•˜๊ณ , ์žฌ์ƒํ•˜๋Š” ๋ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. HTML์—์„œ Protobuf์— ์ด๋ฅด๋Š” ๋‹ค์–‘ํ•œ ๋ฉ”์‹œ์ง€ ์œ ํ˜•์„ ์˜ˆ์˜๊ฒŒ ๋ณ€ํ™˜ ๋ฐ ๋””์ฝ”๋”ฉํ•˜๊ณ , ํŠน์ • ๋ฉ”์‹œ์ง€๋ฅผ ์ฆ‰์‹œ ๊ฐ€๋กœ์ฑ„๊ณ , ๋ชฉ์ ์ง€์— ๋„๋‹ฌํ•˜๊ธฐ ์ „์— ์ˆ˜์ •ํ•˜๊ณ , ๋‚˜์ค‘์— ํด๋ผ์ด์–ธํŠธ๋‚˜ ์„œ๋ฒ„๋กœ ์žฌ์ƒํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. https://mitmproxy.org/ mitmproxy - an interactive HTTPS proxyMitmproxy has a vibrant ecosystem of addons and tools building on it:mi.. 2024. 5. 4.
์‹œ์Šคํ…œ ๋ณด์•ˆ - Powershell ์‹คํ–‰ ์ •์ฑ… ์šฐํšŒํ•˜๋Š” 15๊ฐ€์ง€ ๋ฐฉ๋ฒ• https://www.netspi.com/blog/technical/network-penetration-testing/15-ways-to-bypass-the-powershell-execution-policy/ 15 Ways to Bypass the PowerShell Execution PolicyBy default, PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. In this blog I’ll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on .. 2024. 4. 24.
์ทจ์•ฝ์  ๋ถ„์„ - Living Off the Land (LOTL) Living Off the Land (LOTL) Living-off-the-land(๋ฆฌ๋น™ ์˜คํ”„ ๋” ๋žœ๋“œ) ๊ธฐ๋ฒ•์€, ํ•ด์ปค์™€ ๊ฐ™์€ ๊ณต๊ฒฉ์ž๋“ค์ด, ์‹œ์Šคํ…œ์— ์ด๋ฏธ ์„ค์น˜๋˜์–ด ์žˆ๋Š” Tool์„ ์‚ฌ์šฉํ•ด์„œ ํ•ดํ‚น ๊ณต๊ฒฉ์„ ํ•˜๋Š” ๊ธฐ๋ฒ•์„ ์˜๋ฏธ ํ•ฉ๋‹ˆ๋‹ค. ์ฆ‰ ํ”ผํ•ด์ž ์‹œ์Šคํ…œ์— ๊ธฐ๋ณธ์œผ๋กœ ์„ค์น˜๋˜์–ด ์žˆ๋Š” ํ”„๋กœ๊ทธ๋žจ์„ ํ™œ์šฉํ•˜์—ฌ ํ•ดํ‚น์„ ์ˆ˜ํ–‰ํ•˜๊ธฐ ๋•Œ๋ฌธ์—, AV(์•ˆํ‹ฐ๋ฐ”์ด๋Ÿฌ์Šค) Software ์˜ ํƒ์ง€๋ฅผ ํ”ผํ•  ์ˆ˜ ์žˆ๋‹ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.    LoL Tool  Living-off-the-land(LoL) ๊ธฐ๋ฒ•์—์„œ ์‚ฌ์šฉํ•˜๋Š” Tool์„ LoL Tool ์ด๋ผ๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ๊ณต๊ฒฉ์ž์˜ ์ตœ์ข… Payload(์•…์„ฑ์ฝ”๋“œ)๋ฅผ ์นจํˆฌ์‹œํ‚ค๊ธฐ ์œ„ํ•œ ์นจํˆฌ ๋„๊ตฌ๋กœ LoL(Living-off-the-land) Tool์„ ์‚ฌ์šฉํ•œ๋‹ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.  ์ฆ‰ LoL Tool์€ ํ”ผํ•ด์ž์˜ ์‹œ์Šคํ…œ์— ์„ค์น˜๋˜์–ด ์•….. 2024. 4. 24.
๋„คํŠธ์›Œํฌ ๋ณด์•ˆ - WebRTC(IP leak issue), NAT, ICE, STUN, TURN Web Real-Time Communication ์›น/์•ฑ์—์„œ ๋ณ„๋‹ค๋ฅธ ์†Œํ”„ํŠธ์›จ์–ด ์—†์ด ์นด๋ฉ”๋ผ, ๋งˆ์ดํฌ ๋“ฑ์„ ์‚ฌ์šฉํ•˜์—ฌ ์‹ค์‹œ๊ฐ„ ์ปค๋ฎค๋‹ˆ์ผ€์ด์…˜์„ ์ œ๊ณตํ•ด ์ฃผ๋Š” ๊ธฐ์ˆ  ํ™”์ƒํ†ตํ™”, ํ™”์ƒ ๊ณต์œ  ๋“ฑ์„ ๊ตฌํ˜„ํ•  ์ˆ˜ ์žˆ๋Š” ์˜คํ”ˆ์†Œ์Šค P2P๋ฐฉ์‹์œผ๋กœ Peer๊ฐ„์˜ ์ „์†ก๋˜๋„๋ก ์ง€์› JavaScript API๋กœ ์ œ๊ณต Peer to Peer ํ†ต์‹ ์„ ํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” ์‚ฌ์šฉ์ž IP ์ฃผ์†Œ๋ฅผ ์•Œ์•„์•ผ ํ•˜๋Š”๋ฐ ์ด๋•Œ ๋ฐฉํ™”๋ฒฝ ๋“ฑ์˜ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•ด STUN/TURN ์„œ๋ฒ„๋กœ ์ด๋ฅผ ํ•ด๊ฒฐ WebRTC IP Leak Test P2P ๋ฐฉ์‹์ด๋‹ค ๋ณด๋‹ˆ WebRTC API๋ฅผ ์ด์šฉํ•ด ์•„์ดํ”ผ๊ฐ€ ๋…ธ์ถœ๋˜๋Š” ๊ฒฝ์šฐ๋„ ์ƒ๊ธด๋‹ค. ๋‚ด ์•„์ดํ”ผ๊ฐ€ ๋…ธ์ถœ๋˜๋Š”์ง€ ํ™•์ธํ•˜๋Š” ์‚ฌ์ดํŠธ๊ฐ€ ์กด์žฌํ•œ๋‹ค. https://browserleaks.com/webrtc WebRTC Leak Test The WebRT.. 2024. 4. 5.
๋„คํŠธ์›Œํฌ ๋ณด์•ˆ - NAC ์šฐํšŒ ๊ด€๋ จ Cheat Sheet https://redteam.coffee/woot/nac-bypass-cheatsheet NAC Bypass Cheatsheet | Ikigai This post lists down a few of the techniques which can be used to bypass Network Access Control solutions(NAC). redteam.coffee macchanger macchanger -m XX:XX:XX:XX:XX:XX randommac.py #!/usr/bin/python import subprocess import sys import threading import time class MyThread (threading.Thread): die = False def __init_.. 2024. 3. 28.
์ทจ์•ฝ์  ๋ถ„์„ - ์œˆ๋„์šฐ ์›Œ๋“œํ”„๋ ˆ์Šค ๊ณต๊ฒฉ ํ™˜๊ฒฝ ๊ตฌ์ถ• 1. XAMPP(Apache, MariaDB, PHP ๋“ฑ) ์„ค์น˜ https://www.apachefriends.org/download.html Download XAMPPIncludes: Apache 2.4.56, MariaDB 10.4.28, PHP 8.0.28 & PEAR + SQLite 2.8.17/3.38.5 + multibyte (mbstring) support, Perl 5.34.1, ProFTPD 1.3.6, phpMyAdmin 5.2.1, OpenSSL 1.1.1t, GD 2.2.5, Freetype2 2.4.8, libpng 1.6.37, gdbm 1.8.3, zlib 1.2.11, expat 2.0.1,www.apachefriends.org 2. WordPress Release ๋‹ค์šด๋กœ๋“œ .. 2024. 3. 24.
๋„คํŠธ์›Œํฌ ๋ณด์•ˆ - Snort ๋ช…๋ น์–ด ๋ชจ์Œ rules ๊ฒฝ๋กœ ls -l /etc/snort/rules/ ICMP ๊ฐ์ง€ ๋ฃฐ # vi /etc/snort/rules/local.rules alert icmp any any -> any any (msg:"ICMP Detected";sid:1000001;) Snort ์‹คํ–‰(Linux) snort -c /etc/snort/rules/local.rules -i eth0 Snort ์‹คํ–‰(Windows) snort -c c:\Snort\rules\local.rules -l C:\Snort\log\ ๋กœ๊ทธ(alert) ํ™•์ธ tail -f /var/log/snort/alert ์ฐธ๊ณ : https://net123.tistory.com/580 Snort - 04. Snort ๋ฃฐ ๊ตฌ์„ฑ ๋ฐ ํ…Œ์ŠคํŠธ Snort - 04. Snort.. 2024. 3. 17.
์ทจ์•ฝ์  ๋ถ„์„ - Office 365(์•„์›ƒ๋ฃฉ) ๋ฒ„์ „ ๋‹ค์šด๊ทธ๋ ˆ์ด๋“œ 1. ๋ฆด๋ฆฌ์Šค ๋ชฉ๋ก ํ™•์ธ https://learn.microsoft.com/ko-kr/officeupdates/update-history-microsoft365-apps-by-date?redirectSourcePath=%252fen-us%252farticle%252fae942449-1fca-4484-898b-a933ea23def7 Microsoft 365 ์•ฑ์˜ ์—…๋ฐ์ดํŠธ ๊ธฐ๋ก(๋‚ ์งœ์ˆœ) - Office release notes IT ์ „๋ฌธ๊ฐ€์—๊ฒŒ ๋ฆด๋ฆฌ์Šค ์ •๋ณด์— ๋Œ€ํ•œ ๋งํฌ์™€ ํ•จ๊ป˜ ๋‚ ์งœ๋ณ„๋กœ ๊ตฌ์„ฑ๋œ Microsoft 365 ์•ฑ ๋ฆด๋ฆฌ์Šค์˜ ์ „์ฒด ๋ชฉ๋ก์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค. learn.microsoft.com ๋‹ค์šด๊ทธ๋ ˆ์ด๋“œ ์›ํ•˜๋Š” ๋ฒ„์ „์˜ ๋นŒ๋“œ ๋ฒ„์ „ ํ™•์ธ ex) 17328.20184 2. cmd.exe(๊ด€๋ฆฌ์ž ๊ถŒํ•œ) ๋ช…๋ น์–ด ์‹คํ–‰ cd .. 2024. 3. 16.
์›น ๋ณด์•ˆ - ์›น ์‚ฌ์ดํŠธ ์‚ฌ์šฉ ๊ธฐ์ˆ  ๋ถ„์„ ํ™•์žฅ ํ”„๋กœ๊ทธ๋žจ(Wappalyzer) https://chromewebstore.google.com/detail/wappalyzer-technology-pro/gppongmhjkpfnbhagpmjfkannfbllamg 2024. 3. 12.
728x90

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”