Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 49 of 87

OWASP ZAP์˜ New interface! ZAP HUD ๐Ÿฅฝ

1 min read

์˜ˆ์ „์— ZAP์ชฝ ํŠธ์œ—๋ณด๊ณ  ํŠธ์œ„ํ„ฐ๋กœ ๊ณต์œ ํ•ด๋‘์—ˆ๋˜๊ฒŒ ์žˆ์—ˆ๋Š”๋ฐ, ์ตœ๊ทผ @Dakkar Key์˜ ๋ฉ˜์…˜์œผ๋กœ ๊ธ‰ ์ƒ๊ฐ๋‚˜์„œ ๊ธ€๋กœ ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค. ๊ทธ๋• ์ •๋ง ๋งŽ์ด ๋Œ€์ถฉ ๋ด์„œ ํ™•ํ•˜๊ฒŒ ๋ญ”์ง€ ๋ชฐ๋ž์—ˆ๋Š”๋ฐ, ์ฐพ์•„๋ณด๋‹ˆ ์ƒ๊ฐ๋ณด๋‹ค ์ข‹์€ ๋„๊ตฌ์ธ ๊ฒƒ ๊ฐ™๋„ค์š”.

Wordpress Post Type์„ ์ด์šฉํ•œ Privilege Escalation ์ทจ์•ฝ์ (<= wordpress 5.0.0)

3 min read

์ด๋ฒˆ์ฃผ ์ดˆ์— RIPS ๋ธ”๋กœ๊ทธ์— wordpress ๊ด€๋ จ ์ทจ์•ฝ์  ๋‚ด์šฉ์ด ์˜ฌ๋ผ์™€ ๋น ๋ฅด๊ฒŒ ํ…Œ์ŠคํŠธ ์ข€ ํ–ˆ์—ˆ๊ณ  ๊ด€๋ จ ๋‚ด์šฉ ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค. https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/

JSShell - interactive multi-user web based javascript shell

~1 min read

git ๋ณด๋‹ค๊ฐ€ ์žฌ๋ฏธ์žˆ๋Š” ํˆด ์žˆ์–ด ๊ณต์œ ๋“œ๋ฆฝ๋‹ˆ๋‹ค. JSSHELL์ด๋ผ ํˆด๋กœ XSS Post Exploit ํˆด ์ •๋„๋กœ ๋ณด์‹ฌ ๋˜๊ณ  ์š”์•ฝํ•˜๋ฉด beef์˜ Command line ๋ฒ„์ „์ด๋ผ๊ณ  ์ƒ๊ฐํ•˜์‹œ๋ฉด ์ข‹์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

MacOS, iOS(iPhone, iPad) Devices ์—์„œ์˜ ๋ฉ”๋ชจ๋ฆฌ ๋ณ€์กฐ

2 min read

๋ณดํ†ต ์•ˆ๋“œ๋กœ์ด๋“œ, iOS ๋ชจ๋‘ ๋ฉ”๋ชจ๋ฆฌ ๋ณ€์กฐ๋ฅผ ํ• ๋•Œ ์น˜ํŒ… ํˆด(๊ฒŒ์ž„ ํ•ดํ‚น ๊ด€๋ จํ•ด์„œ ๊ฒ€์ƒ‰ํ•˜๋ฉด ๋งŽ์ด ๋‚˜์˜ค๋Š” ๊ฒƒ๋“ค..)์„ ๋Œ€์ฒด๋กœ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. (์†”์งํžˆ ํŽธํ•˜๊ธดํ•ด์š”)

Needle - iOS Application and Device ํ•ดํ‚น/๋ณด์•ˆ ๋ถ„์„ ํ”„๋ ˆ์ž„์›Œํฌ

5 min read

Needle์€ Drozer๋กœ ์œ ๋ช…ํ•œ MWR Lab์—์„œ ๋งŒ๋“  iOS ๋ถ„์„์šฉ ํ”„๋ ˆ์ž„์›Œํฌ์ž…๋‹ˆ๋‹ค. Drozer์™€ ๋น„์Šทํ•˜๊ฒŒ ๋””๋ฐ”์ด์Šค์— Agent๋ฅผ ๋‚ด๋ฆฌ๊ณ  ์•ฑ๊ณผ ๋””๋ฐ”์ด์Šค์— ๋Œ€ํ•œ ๋ถ„์„์„ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๋ณดํ†ต์€ Frida + Burp(ZAProxy)์˜ ์กฐํ•ฉ์œผ๋กœ ๋ถ„์„์„ ํ•˜๋Š”๋ฐ, ๋ณด๋‹ค๋ณด๋‹ˆ Needle์ด Frida ์‚ฌ์šฉ์— ์žˆ์–ด ์ข€ ํŽธ๋ฆฌํ•œ ๋ถ€๋ถ„์ด ์žˆ๋”๊ตฐ์š”.

Windcard(*) Attack on linux (์™€์ผ๋“œ ์นด๋“œ๋ฅผ ์ด์šฉํ•œ ๊ณต๊ฒฉ)

2 min read

์กฐ๊ธˆ ์ฒ  ์ง€๋‚œ ๊ธฐ๋ฒ•์ด์ง€๋งŒ ๊ด€์‹ฌ์ด ์ ์–ด ๋ชจ๋ฅด๊ณ  ์žˆ๋˜๊ฑฐ๋ผ.. ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋‘ก๋‹ˆ๋‹ค. wildcard๋Š” ๊ต‰์žฅํžˆ ๋งŽ์€ ์˜์—ญ์—์„œ ์‚ฌ์šฉ๋˜๋Š” ๋ฌธ์ž์ด๊ณ  ์ปดํ“จํŒ…, ํ”„๋กœ๊ทธ๋ž˜๋ฐ์—์„  ๋”๋”์šฑ ๋งŽ์ด ์‚ฌ์šฉ๋˜๋Š” ๋ฌธ์ž๋“ค์ž…๋‹ˆ๋‹ค.

iOS 11.3(iPad mini2 ) Jailbraek with Electra(non-developer accouts)

~1 min read

11.3 ๋ฒ„์ „์— ๋Œ€ํ•œ ํƒˆ์˜ฅํˆด์ด ๋‚˜์˜จ์ง„ ์กฐ๊ธˆ ๋˜์—ˆ๋Š๋ฐ์š”, ์œ ๋… ์ œ ์•„์ดํŒจ๋“œ ๋ฏธ๋‹ˆ2์—์„œ ํƒˆ์˜ฅ์ด ์ž˜ ์•ˆ๋˜์—ˆ์—ˆ๋Š”๋ฐ, ์˜ค๋Š˜ ์˜ค์ „์— ์„ฑ๊ณตํ•˜์—ฌ ์‹œ๋„ํ–ˆ๋˜ ๋‚ด์šฉ๋“ค ๊ฐ™์ด ๊ธฐ๋กํ•ด๋‘ก๋‹ˆ๋‹ค.

unix timestamp 2038 ๋ฒ„๊ทธ(Year 2038 problem)

~1 min read

์ตœ๊ทผ์— timestamp ๊ณ„์‚ฐํ• ๊ฑฐ ์žˆ์–ด์„œ ๊ตฌ๊ธ€๋งํ•ด์„œ ์›น ํŽ˜์ด์ง€ ์ฐพ์•„์„œ ์‚ฌ์šฉํ–ˆ์—ˆ๋Š”๋ฐ์š”, ํ•ด๋‹น ์›น ์‚ฌ์ดํŠธ์—์„œ ์ด๋Ÿฐ ๋‚ด์šฉ์ด ์žˆ์–ด ์กฐ๊ธˆ ์ฐพ์•„๋ณด์•˜๊ณ , ์žฌ๋ฏธ์žˆ๋Š” ๋‚ด์šฉ์ด๋ผ ๊ฐ€๋ณ๊ฒŒ ๊ณต์œ ๋“œ๋ฆฝ๋‹ˆ๋‹ค.

Ubuntu Linux์—์„œ Spectable(macOS App) ๊ฐ™์€ ์ฐฝ ์ œ์–ด ์‚ฌ์šฉํ•˜๊ธฐ(Spectable for linux?)

~1 min read

macOS์—์„œ ์“ธ๋งŒํ•˜๋‹ค๊ณ  ๋Š๊ผˆ๋˜ App ์ค‘ ํ•˜๋‚œ Spectable ์ž…๋‹ˆ๋‹ค. ๋‹จ์ถ•ํ‚ค๋กœ ํ™”๋ฉด ๋‚ด ์ฐฝ์˜ ์œ„์น˜๋ฅผ ์ „์ฒดํ™”๋ฉด์ด๋‚˜ ์ขŒ/์šฐ/์ƒ/ํ•˜ ๋กœ ๋ฐ˜๋“ฏํ•˜๊ฒŒ ๋ฐ˜์œผ๋กœ ๋‚˜๋ˆ„์–ด ์ •๋ฆฌ๊ฐ€ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค. (์ด์   ์ด๊ฒŒ ์—†์œผ๋ฉด ๋ชจ๋‹ˆํ„ฐ ์ •๋ฆฌ๊ฐ€ ์•ˆ๋ ๋“ฏ ์‹ถ์–ด์š”.)

iOS์—์„œ Proxy ์‚ฌ์šฉ ์ค‘ Burp/ZAProxy CA ๋„ฃ์–ด๋„ ์‹ ๋ขฐํ•  ์ˆ˜ ์—†๋Š” ์‚ฌ์ดํŠธ ๋ฐœ์ƒ ์‹œ ํ•ด๊ฒฐ๋ฐฉ๋ฒ•

~1 min read

iOS์—์„œ Burp/ZAProxy CA ์ธ์ฆ์„œ ๋“ฑ๋กํ•˜์—ฌ๋„ ํ”„๋ก์‹œ ์„ค์ • ์‹œ ๋ณด์•ˆ ๊ฒฝ๊ณ ๊ฐ€ ๋‚˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  ๋งค๋ฒˆ ์˜ˆ์™ธ์ฒ˜๋ฆฌ ํ•˜๋ฉด์„œ ํ•  ์ˆœ ์žˆ์ง€๋งŒ ๋ชจ๋ฐ”์ผ ์•ฑ์—์„  ๋ถˆ๊ฐ€๋Šฅํ•˜๊ธฐ ๋•Œ๋ฌธ์— ํ†ต์‹ ์ด ์žกํžˆ์ง€ ์•Š์Šต๋‹ˆ๋‹ค.