Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 22 of 86

PDF ์•”ํ˜ธํ™”์™€ User-password ๊ทธ๋ฆฌ๊ณ  Owner-password

  • 2 min read

์ œ๊ฐ€ ์ตœ๊ทผ์— pdfcrack์„ ํ†ตํ•ด pdf ํŒŒ์ผ์— ๊ฑธ๋ฆฐ ํŒจ์Šค์›Œ๋“œ๋ฅผ ํฌ๋ž™ํ•˜๋Š” ๋‚ด์šฉ์œผ๋กœ ๊ธ€์„ ์ผ์—ˆ๋Š”๋ฐ์š”. ์ด๋Š” pdf ํŒŒ์ผ ํฌ๋ž™๋–„๋ฌธ์— ๋ฉ”๋ชจ ์ฐจ ์ž‘์„ฑํ•œ ๊ธ€์ด์˜€๊ณ , ์˜ค๋Š˜์€ pdf ํŒŒ์ผ์˜ ์•”ํ˜ธํ™” ์ž์ฒด์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿผ pdf์˜ ์•”ํ˜ธํ™”์™€ user-password, owner-password ์— ๋Œ€ํ•ด ์•Œ์•„๋ณด๋„๋ก ํ•˜์ฃ . (๊ฐ„๋‹จํ•œ ๋‚ด์šฉ์ด์—์š”)

Read More

PDF ํŒŒ์ผ Password Crack

  • 1 min read

pdf ํŒจ์Šค์›Œ๋“œ ํฌ๋ž™ํ•  ์ผ์ด ์žˆ์–ด์„œ ๋„๊ตฌ๋ž‘ ๊ฐ„๋‹จํ•˜๊ฒŒ ์‚ฌ์šฉ๋ฐฉ๋ฒ• ๋ฉ”๋ชจํ•ด ๋‘ก๋‹ˆ๋‹ค ๐Ÿ˜

Read More

ZAP Automation

  • 2 min read

์˜ฌ ์ดˆ์— ์ฒ˜์Œ ์—ด๋ฆฐ ZAPCon 2021์—์„œ ZAP Automation at Scale์ด๋ž€ ์„ธ์…˜์ด ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ ๋•Œ ๋‹น์‹œ์—๋Š” ๊ทธ๋ƒฅ ZAP Automation Addon์„ ํ†ตํ•ด ๊ธฐ์กด ์ž๋™ํ™” ์ž‘์—…์„ ์ข€ ๋” ์‰ฝ๊ฒŒ ๊ตฌ์„ฑํ•  ์ˆ˜ ์žˆ๋‹ค ์ •๋„๋กœ ๋ฐ›์•„๋“œ๋ ธ์—ˆ๋Š”๋ฐ, ์ตœ๊ทผ์— Scan Policy ๊ด€๋ จํ•ด์„œ ๋น„์Šทํ•œ ๊ณ ๋ฏผ์„ ํ•˜๋‹ค๋ณด๋‹ˆ ZAP Automation์˜ ์žฅ์ ์ด ๋ˆˆ์— ๋ณด์˜€์Šต๋‹ˆ๋‹ค.

Read More

ZAP Token Generation and Analysis ์‚ดํŽด๋ณด๊ธฐ

  • 1 min read

ZAP์—๋Š” Token Generation and Analysis๋ž€ Addon์ด ์žˆ์Šต๋‹ˆ๋‹ค. ์‚ฌ์‹ค ์ด๋ฆ„๋งŒ ๋ณด๊ณ  ์˜ˆ์ „๋ถ€ํ„ฐ ์„ค์น˜๋Š” ํ•ด๋‘์—ˆ๋Š”๋ฐ ํ•œ๋ฒˆ๋„ ์‚ฌ์šฉํ•˜์ง€ ์•Š์•˜๋˜ ๊ฒƒ ๊ฐ™๋„ค์š”.. ๊ทธ๋ž˜์„œ ์˜ค๋Š˜ ํ•œ๋ฒˆ ์‚ฌ์šฉํ•ด๋ณด๊ณ  ์ •ํ™•ํžˆ ์–ด๋–ค ๋„๊ตฌ์ธ์ง€, ์–ด๋–ค ์šฉ๋„๋กœ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์„์ง€ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Bypass host validation with Parameter Pollution

  • 1 min read

์˜ค๋Š˜์€ host validation ๋กœ์ง ์šฐํšŒ ๋•Œ ์‚ฌ์šฉํ–ˆ๋˜ ๊ฐ„๋‹จํ•œ ํŒ ํ•˜๋‚˜ ๊ณต์œ ํ•ด๋ด…๋‹ˆ๋‹ค. ๋ญ ๋ˆ„๊ตฌ๋‚˜ ์•„๋Š” ๋‚ด์šฉ์ด๋ผ ๋ณ„๊ฑฐ ์—†๊ธด ํ•˜์ง€๋งŒ, ๊ธฐ๋ก์œผ๋กœ ๋‚จ๊ฒจ๋‘์–ด์•ผ ๋‚˜์ค‘์— ํ•œ๋ฒˆ์— ๊ด€๋ จ ๋‚ด์šฉ๋“ค์„ ์ •๋ฆฌํ•  ๋•Œ ์‰ฝ๊ฒŒ ์ฐพ๊ณ  ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์–ด์„œ ๋ธ”๋กœ๊ทธ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

Options rule configuration in ZAP

  • 1 min read

ZAP์—์„œ ์˜ต์…˜์ชฝ ์ข€ ๋ณด๋‹ค๊ฐ€ Rule configuration ์ด๋ž€ ๋ถ€๋ถ„์ด ์žˆ๋Š”๋ฐ, ์ œ๊ฐ€ ์•„๋Š” ์ผ๋ฐ˜์ ์ธ ์Šค์บ” ๋ฃฐ ์„ค์ •์ด๋ผ๋Š” ๋‹ฌ๋ผ์„œ ๊ธด๊ฐ€๋ฏผ๊ฐ€ํ•œ ๋ถ€๋ถ„์ด ์žˆ์–ด ๋‚ด์šฉ ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

GOPRIVATE์„ ํ†ตํ•ด ๊ฐœ์ธ/์‚ฌ์„ค ๋„๋ฉ”์ธ์—์„œ go get ํ•˜๊ธฐ(Gitlab, Github enterprise)

  • ~1 min read

go get

go ๊ธฐ๋ฐ˜ ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜๋“ค์„ ์‚ฌ์šฉํ•ด๋ณด์…จ๊ฑฐ๋‚˜ go ์–ธ์–ด๋กœ ๊ฐœ๋ฐœ์„ ํ•œ๋‹ค๋ฉด go get ์€ ๋งค์šฐ ์ต์ˆ™ํ•œ ๋ช…๋ น์ด๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

Read More

CSS Injection Bypassing Trick (with dashdash and var)

  • 1 min read

CSS(Style) Injection

CSS Injection์€ XSS๋‚˜ HTML Injection๊ณผ ๊ฐ™์ด ์›น ์ƒ์—์„œ CSS, ์ฆ‰ ์Šคํƒ€์ผ ์‹œํŠธ์— Injetion์ด ๊ฐ€๋Šฅํ•œ ๊ฒฝ์šฐ๋ฅผ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. ๋ณดํ†ต ์‚ฌ์šฉ์ž์—๊ฒŒ ์ง์ ‘์ ์ธ ์˜ํ–ฅ๋ ฅ์ด ์žˆ๋Š”๊ฑด ์•„๋‹ˆ์ง€๋งŒ, ์Šคํƒ€์ผ ์‹œํŠธ ์ œ์–ด๋ฅผ ํ†ตํ•ด์„œ ๋งคํ•‘๋œ ์ด๋ฒคํŠธ ํ•ธ๋“œ๋Ÿฌ๋ฅผ ํ†ตํ•ด XSS๋‚˜ ๋‹ค๋ฅธ ๊ธฐ๋Šฅ์„ ์ˆ˜ํ–‰์‹œํ‚ค๊ฑฐ๋‚˜ ๊ต๋ชจํ•œ ํ”ผ์‹ฑ ํŽ˜์ด์ง€๋ฅผ ๊ตฌ์„ฑํ•˜๋Š”๋ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Obsidian, Cool markdown editor

  • 3 min read

์ตœ๊ทผ์— ์ œ๊ฐ€ ์„œ๋ธŒ ์—๋””ํ„ฐ๋กœ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š” markdown ์—๋””ํ„ฐ๊ฐ€ ํ•˜๋‚˜ ์žˆ์Šต๋‹ˆ๋‹ค. graph view์™€ back-link๊ฐ€ ์ •๋ง ์œ ์šฉํ•œ Obsidian์ด๋ž€ ์—๋””ํ„ฐ์ธ๋ฐ์š”, ์“ฐ๋‹ค๋ณด๋‹ˆ ์ถฉ๋ถ„ํžˆ ์ด์ ์ด ๋งŽ์•„์„œ ์†Œ๊ฐœ ์ฐจ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค. ๊ฐ„๋‹จํ•˜๊ฒŒ ๊ธฐ๋Šฅ๋“ค๊ณผ ๋ถ€์กฑํ•œ ๋ถ€๋ถ„์— ๋Œ€ํ•ด ์‚ดํŽด๋ณด๋„๋ก ํ•˜์ฃ  ๐Ÿ˜Ž

Read More