Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 58 of 86

website capture๋ฅผ ์œ„ํ•œ ruby gem (feat PhantomJS)

  • ~1 min read

์ด๋ฒˆ ์ฃผ๋ง์—” ๋”ฑํžˆ ์“ธ ๊ธ€์ด ์—†๋„ค์š”.. (์‹œ๊ฐ„์ด ใ…œใ…œ) ๊ฐ„๋žตํ•˜๊ฒŒ ruby library๋ฅผ ์ด์šฉํ•œ ์›น ํŽ˜์ด์ง€ ์บก์ณ ๊ด€๋ จํ•ด์„œ ๊ธ€ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

๊ตฌ๊ธ€ ๋ธ”๋กœ๊ฑฐ(Google Blogger) ํŽ˜์ด์ง€, ๊ฒŒ์‹œ๊ธ€(ํฌ์ŠคํŠธ) ๊ด€๋ จ ํƒ€์ž…๋“ค

  • 3 min read

์ด์ „๋ถ€ํ„ฐ ์ฒœ์ฒœํžˆ ์ค€๋น„ํ•ด์˜ค๋˜ ๋ธ”๋กœ๊ทธ ์‚ฌ์ดํŠธ์˜ ๋””์ž์ธ๊ณผ ๊ตฌ์กฐ ๋ณ€๊ฒฝ.. ๋“œ๋””์–ด ์ด๋ฒˆ ์ฃผ๋ง์— ๋Œ€๋Œ€์ ์ธ ๊ฐœํŽธ์„ ์ง„ํ–‰ํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

[HACKING] Bug Bounty๋ฅผ ์œ„ํ•œ WASE(Web Audit Search Engine) ๋งŒ๋“ค๊ธฐ [1] - Elastic search์™€ ruby-rails

  • 2 min read

์š”์ฆ˜๋“ค์–ด ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ์— ๋Œ€ํ•œ ์ƒ๊ฐ์ด ์กฐ๊ธˆ ๊นŠ์–ด์กŒ์Šต๋‹ˆ๋‹ค. ์ผ์„ ํ•˜๋Š” ๊ฒƒ ์ด์™ธ์—๋„ ๋ฌด์–ธ๊ฐ€ ๊ฐ€์น˜๋ฅผ ๋งŒ๋“ค ์ˆ˜ ์žˆ๊ฒ ๋‹ค๋ผ๋Š” ์ƒ๊ฐ ๋•Œ๋ฌธ์ด์ฃ . (๊ทธ๋ƒฅ ๋ˆ์„ ๋” ๋ฒŒ๊ณ ์‹ถ๋‹ค๊ณ  ๊ทธ๋ž˜ =_=)

Read More

[HACKING] Memcached reflection DOS attack ๋ถ„์„

  • 6 min read

์š”์ฆ˜ memcached ์„œ๋ฒ„ DOS ์ทจ์•ฝ์ ์œผ๋กœ ์ž ๊น ์‹œ๋Œ๋ฒ…์ ํ–ˆ์Šต๋‹ˆ๋‹ค. ์–ด์ œ ์ƒˆ๋ฒฝ pastebin์— C๊ธฐ๋ฐ˜ PoC ์ฝ”๋“œ๋ž‘ shodan์—์„œ ์กฐํšŒํ•œ ์„œ๋ฒ„ ๋‚ด์—ญ์ด ์˜ฌ๋ผ์™”๋Š”๋ฐ์š”. ์˜ค๋Š˜์€ ๊ทธ ๋‚ด์šฉ ๊ฐ€์ง€๊ณ  ๊ธ€ ์ข€ ์จ๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More