Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 25 of 86

ZAP Forced browse ์™€ Fuzz์—์„œ Sync wordlist ์‚ฌ์šฉํ•˜๊ธฐ

  • 3 min read

Forced Browse๋Š” ๋”•์…”๋„ˆ๋ฆฌ ๊ธฐ๋ฐ˜ ๋˜๋Š” ๋‹จ์ˆœ ๋ธŒ๋ฃจํŠธํฌ์Šค๋ฆ ํ†ตํ•ด์„œ ์„œ๋น„์Šค์—์„œ ๊ฒฝ๋กœ์™€ ํŽ˜์ด์ง€๋ฅผ ์‹๋ณ„ํ•˜๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ์•„์ฃผ ์ „ํ†ต์ ์ด์ง€๋งŒ Recon ์ธก๋ฉด์—์„  ์•„์ง๋„ ๊ต‰์žฅํžˆ ์ค‘์š”ํ•œ ๋ถ€๋ถ„์ด๊ธฐ๋„ ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ์ด๋Ÿฌํ•œ ์ž‘์—…๋“ค์„ ์œ„ํ•ด์„œ ๊ธฐ์กด์˜ dirsearch, dirbuster ๋“ฑ์˜ ๋„๊ตฌ๋ถ€ํ„ฐ ์ตœ๊ทผ feroxbuster, gobuster ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๊ธฐ๋Šฅ๊ณผ ๊ฐœ์„ ์„ ์ ์šฉํ•œ ์ƒˆ๋กœ์šด ๋„๊ตฌ๋“ค๋„ ๋Š์ž„์—†์ด ๋‚˜์˜ค๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Openssl๋งŒ ์‚ฌ์šฉํ•˜์—ฌ ์›น ์‚ฌ์ดํŠธ์—์„œ ์ง€์›ํ•˜๋Š” SSL cipher suite ํŒŒ์•…ํ•˜๊ธฐ

  • 2 min read

๋ณดํ†ต ์›น ์‚ฌ์ดํŠธ์˜ SSL์— ๋Œ€ํ•œ ๋ณด์•ˆ์ ์ธ ์ฒดํฌ๋Š” ์ž˜ ๋‚˜์™€์žˆ๋Š” ์—ฌ๋Ÿฌ ๋„๊ตฌ๋“ค์ด ์žˆ์–ด์„œ ์‰ฝ๊ฒŒ ํ…Œ์ŠคํŠธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Bump a go package version

  • 1 min read

My Problem

๊ฐ„ํ˜น go get ์œผ๋กœ ์ œ๊ฐ€ ๋งŒ๋“  ๋„๊ตฌ๋ฅผ ์„ค์น˜ ์‹œ ๊ตฌ๋ฒ„์ „(ํ˜„์žฌ๋Š” 2๋ฒ„์ „๋Œ€์ธ๋ฐ, 1๋ฒ„์ „๋Œ€๊ฐ€..)์ด ์„ค์น˜๋˜๋Š” ์ด์Šˆ๊ฐ€ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋˜ํ•œ pkg.go.dev์—๋„ ๊ตฌ๋ฒ„์ „์ด ๋งˆ์ง€๋ง‰ ๋ฆด๋ฆฌ์ฆˆ๋กœ ์žˆ๊ณ  ๋ณ€ํ™”๊ฐ€ ์—†๋˜ ์ƒํƒœ์˜€์ฃ .

Read More

Go flag์—์„œ custom usage ๋งŒ๋“ค๊ธฐ

  • 2 min read

golang์—์„œ cli ๋„๊ตฌ๋ฅผ ๋งŒ๋“ค ๋•Œ ๊ฐ€์žฅ ๋จผ์ € ์ ‘ํ•˜๋Š” ๋„๊ตฌ๋Š” flag์ž…๋‹ˆ๋‹ค. ์ € ๋˜ํ•œ flag๋กœ ์‹œ์ž‘ํ•˜์—ฌ cobra, unfave ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ์จ๋ณด๋‹ค๊ฐ€ ๊ฒฐ๊ตญ์€ ์ž˜ ์‚ฌ์šฉํ•˜๋˜ cobra๋ฅผ ๋ฒ„๋ฆฌ๊ณ  flag๋กœ ๋‹ค์‹œ ๋Œ์•„์™”์Šต๋‹ˆ๋‹ค. go์˜ ๋‚ด์žฅํ˜• option parser๋กœ ์‹ฌํ”Œํ•˜์ง€๋งŒ, ํŽธ์˜์„ฑ์„ ์œ„ํ•œ ๋ถ€๋ถ„๋“ค์€ ๋งŽ์ด ์ ์–ด์„œ ๋•Œ๋•Œ๋กœ, ์ง์ ‘ ์˜ค๋ฒ„๋ผ์ด๋“œ์™€ ๊ฐ™์ด ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ์˜ ์›๋ณธ ํ•จ์ˆ˜๋ฅผ ์ˆ˜์ •ํ•˜์—ฌ ์‚ฌ์šฉํ•ด์•ผํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

gee released! tool of stdin to each files and stdout with more

  • 1 min read

์—ฐํœด ๊ธฐ๊ฐ„๋™์•ˆ gee๋ผ๋Š” ๋„๊ตฌ๋ฅผ ๋งŒ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค. tee๋ž‘ ๋น„์Šทํ•œ ๋„๊ตฌ์ด๊ณ  ์ถ”๊ฐ€์ ์ธ ๊ธฐ๋Šฅ๋“ค์ด ํฌํ•จ๋œ tee๋ผ๊ณ  ์ƒ๊ฐํ•˜์‹œ๋ฉด ๋ฉ๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ ๊ฐ„๋‹จํ•˜๊ฒŒ gee์— ๋Œ€ํ•ด ์†Œ๊ฐœํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

Rails generate ์‹œ ๋ฉˆ์ถ”๋Š” ๊ฒฝ์šฐ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•

  • ~1 min read

์ œ๊ฐ€ 2019๋…„๋ถ€ํ„ฐ go๋ฅผ ๋ฉ”์ธ์–ธ์–ด๋กœ ํ™•์ •ํ•˜๋ฉด์„œ ruby๋กœ ๊ฐœ๋ฐœํ•  ์ผ์ด ๋งค์šฐ ์ค„์–ด๋“ค์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜๋„ ๊ฐ€๋”์”ฉ ๋น ๋ฅด๊ฒŒ ์ž‘์—…์ด ํ•„์š”ํ•œ ๊ฒฝ์šฐ ruby๋ฅผ ์˜๋„ํ•˜์ง€ ์•Š๊ฒŒ ์‚ฌ์šฉํ•˜๋Š”๋ฐ, ๊ฐ„ํ˜น rails g, rails generate ์‹œ ๋ฉˆ์ถ”๋Š” ์ƒํ™ฉ์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿผ ์›์ธ๊ณผ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ๊ธ€ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค :D

Read More

MacOS Atom์—์„œ ์ด๋ชจ์ง€ ์‚ฌ์šฉ ๋ถˆ๊ฐ€ ๋ฒ„๊ทธ ํ•ด๊ฒฐํ•˜๊ธฐ

  • ~1 min read

Atom์„ ์‚ฌ์šฉํ•˜๋˜ ์ค‘ ์€๊ทผํžˆ ๋ถˆํŽธํ•œ ๋ถ€๋ถ„์ด ํ•˜๋‚˜ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ ์ด๋ชจ์ง€๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†๋Š” ์ด์Šˆ์ธ๋ฐ์š”. ๊ณ ์ณ์„œ ์จ์•ผ์ง€ ํ•˜๋‹ค๊ฐ€ ์ด์ œ์„œ์•ผ ์†”๋ฃจ์…˜์„ ์ฐพ์•„๋ณด๊ณ  ์ ์šฉํ•ด์„œ ์‚ฌ์šฉํ•˜๋‹ˆ ํŒจ์น˜ ์ „๊นŒ์ง„ ์ž„์‹œ๋ฐฉํŽธ์œผ๋กœ ์“ธ๋งŒํ•œ ๊ฒƒ ๊ฐ™์•„ ๊ธ€๋กœ ๊ฐ„๋‹จํ•˜๊ฒŒ ๊ณต์œ ๋“œ๋ฆฝ๋‹ˆ๋‹ค.

Read More

Zest์™€ ZAP์„ ์ด์šฉํ•œ Semi-Automated Security Testing

  • 3 min read

What is Zest script

Zest script๋Š” ZAP์—์„œ ์ œ๊ณตํ•˜๋Š” ์Šคํฌ๋ฆฝํŒ… ์–ธ์–ด๋กœ ZAP ๋‚ด๋ถ€์—์„œ์˜ ์š”์ฒญ๊ณผ ์ฒ˜๋ฆฌ ๋“ฑ ๋งŽ์€ ๊ธฐ๋Šฅ์„ JSON ๊ธฐ๋ฐ˜์˜ ์Šคํฌ๋ฆฝํŠธํ™” ํ•˜๊ณ  ์‚ฌ์šฉ/๊ด€๋ฆฌํ•  ์ˆ˜ ์žˆ๋Š” ์–ธ์–ด์ž…๋‹ˆ๋‹ค. BurpSuite ๋“ฑ ๋‹ค๋ฅธ ๋ฉ”๋‰ด์–ผ ํ…Œ์ŠคํŒ… ๋„๊ตฌ์—์„œ๋Š” ์—†๋Š” ZAP๋งŒ์˜ ๊ฐ•์ ์ธ ๊ธฐ๋Šฅ์ด์ฃ .

Read More

dpkg-deb error paste subprocess was killed by signal ์—๋Ÿฌ ํ•ด๊ฒฐํ•˜๊ธฐ

  • ~1 min read

์–ด์ œ ๋ฐค์— ์ง‘ ์šฐ๋ถ„ํˆฌ ์„œ๋ฒ„์— rust ๊ธฐ๋ฐ˜ cli ๋„๊ตฌ์ธ hexyl์™€ bat์„ ์„ค์น˜ํ•˜๋˜ ์ค‘ dpkg ์—๋Ÿฌ๋ฅผ ๋ฐœ์ƒํ•˜์˜€์Šต๋‹ˆ๋‹ค. ์ฒ˜์Œ ๋ณด๋Š” ํŒจํ„ด์ด๋ผ ์•ฝ๊ฐ„ ๋‹นํ™ฉํ–ˆ์ง€๋งŒ, ์—ญ์‹œ ์—๋Ÿฌ ๋ฉ”์‹œ์ง€ ์•ˆ์— ๋‹ต์ด ์žˆ์–ด์„œ ๊ฐ„๋‹จํ•˜๊ฒŒ ํ•ด๊ฒฐํ–ˆ๋˜ ๋ฐฉ๋ฒ• ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

Cli ํ™˜๊ฒฝ์—์„œ ์ž‘์—…์„ ์‰ฝ๊ฒŒ ๊ด€๋ฆฌํ•˜์ž, Pueue!

  • 1 min read

์ €๋Š” ๋ณดํ†ต cli ํ™˜๊ฒฝ์—์„œ ๋ณ„๋„์˜ ์ปค๋งจ๋“œ ๊ด€๋ฆฌ์ž๋ฅผ ์‚ฌ์šฉํ•˜์ง„ ์•Š์•˜์Šต๋‹ˆ๋‹ค. ๋ณดํ†ต command snippet ๋„๊ตฌ์ธ pet, ๊ทธ๋ฆฌ๊ณ  xargs์™€ parallel๋ฅผ ํ†ตํ•ด ํŒŒ์ดํ”„๋ผ์ธ / ๋ณ‘๋ ฌ ์ฒ˜๋ฆฌ๋ฅผ ํ•˜๋Š” ํ˜•ํƒœ๋กœ ๋งŽ์ด ์‚ฌ์šฉํ•˜๋Š”๋ฐ, ์“ธ๋งŒํ•œ ์ปค๋งจ๋“œ ๊ด€๋ฆฌ๋„๊ตฌ๋ฅผ ํ•˜๋‚˜ ์ฐพ์•„์„œ ๊ธ€๋กœ ๊ณต์œ ํ•ด๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More