Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 67 of 86

[METASPLOIT] msgrpc ์„œ๋ฒ„๋ฅผ ์ด์šฉํ•˜์—ฌ msfconsole๊ณผ armitage ์—ฐ๋™ํ•˜๊ธฐ

  • 1 min read

metasploit์˜ ์—ฌ๋Ÿฌ interface ์ค‘ ๋งŽ์ด๋“ค ์‚ฌ์šฉํ•˜์‹œ๋Š”๊ฒŒ msf(metasploit-framework)์™€ armitage์ž…๋‹ˆ๋‹ค. ๊ฐ๊ฐ cui, gui๋ผ๋Š” ์ปจ์…‰์„ ๊ฐ€์ง€๊ณ  ์žˆ๊ณ  ํ•œ์ชฝ์„ ์„ ํ˜ธํ•˜์‹œ๊ฑฐ๋‚˜ ์–‘์ชฝ ๋ชจ๋‘ ์„ ํ˜ธํ•˜์‹œ๋Š” ์ผ€์ด์Šค ๋ชจ๋‘ ๋ณด์•˜์Šต๋‹ˆ๋‹ค.

Read More

[HACKING] Closed network infection scenario and Detecting hidden networks (Using USB/Exploit)

  • 4 min read

์–ด์ œ EDB๋ฅผ ๋‘˜๋Ÿฌ๋ณด๋˜ ์ค‘ ์žฌ๋ฏธ์žˆ๋Š” ๋ฌธ์„œ๋ฅผ ๋ณด์•˜๋Š”๋ฐ์š”. ์—ฌ๋Ÿฌ๊ฐ€์ง€ ์ƒ๊ฐ์„ ํ•ด๋ณด๋‹ค๋ณด๋‹ˆ ํฌ์ŠคํŒ…์œผ๋กœ ์ž‘์„ฑํ• ๋งŒํ•œ ๊ฒƒ ๊ฐ™์•„ ๊ธ€์„์จ๋ด…๋‹ˆ๋‹ค.

Read More

AngularJS Sandbox Escape XSS

  • 3 min read

AngularJS๋Š” ์›น ์ƒ์—์„œ ๋งŽ์ด ์‚ฌ์šฉ๋˜๋Š” ๊ฐœ๋ฐœ ํ”„๋ ˆ์ž„์›Œํฌ์ž…๋‹ˆ๋‹ค. ์ด๋Ÿฐ ํ”„๋ ˆ์ž„์›Œํฌ์—๋Š” ๋‹น์—ฐํžˆ ๋ณด์•ˆ ๋กœ์ง, ์ •์ฑ…์ด ๋“ค์–ด๊ฐ€๊ฒŒ๋˜์ฃ . ๊ทธ ์ค‘์— ๋Œ€ํ‘œ์ ์ธ ๊ฒƒ์€ ๋ฐ”๋กœ SandBox ์ž…๋‹ˆ๋‹ค. Sandbox ๋กœ ์ธํ•ด ์šฐ๋ฆฌ๋Š” ์„ฑ๊ณตํ•œ ๊ณต๊ฒฉ์ด ์˜ํ–ฅ๋ ฅ์ด ์—†์–ด์ง€๋Š” ์ง„๊ท€ํ•œ ๊ด‘๊ฒฝ์„ ๋ชฉ๊ฒฉํ•˜๊ฒŒ๋˜์ฃ .

Read More

[METASPLOIT] Writing Custom Plugin for metasploit

  • 3 min read

์ตœ๊ทผ์— a2sv๋ฅผ metasploit plugin์œผ๋กœ ์ง€์›ํ•  ์ƒ๊ฐ์„ ํ•˜๊ณ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ชจ๋“ˆ ์ œ์ž‘์ด ์•„๋‹Œ plugin ์ œ์ž‘์œผ๋ก  ๊ฒฝํ—˜์ด ๊ฑฐ์˜ ์—†๊ธฐ์—.. ํ•˜๋‚˜ํ•˜๋‚˜ ์ฐพ์•„๋ณด๋ฉด์„œ ์ง„ํ–‰ํ•˜๊ธฐ๋กœ ํ–ˆ์ฃ .

Read More

Metasploit resource script์™€ ruby code๋กœ ์ปค์Šคํ„ฐ๋งˆ์ด์ง• ํ•˜๊ธฐ

  • 4 min read

์˜ˆ์ „๋ถ€ํ„ฐ ์ €๋Š” Metasploit์„ Custom ํ•ด์„œ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ์˜ฌ ์ดˆ msf์˜ ์—…๋ฐ์ดํŠธ๋กœ ํŒŒ์ผ ์‹œ์Šคํ…œ์˜ ๊ตฌ์กฐ๊ฐ€ ๋ฐ”๋€Œ๋ฉด์„œ Custom ์ฝ”๋“œ๊ฐ€ ์ข€ ๊ผฌ์ด๊ฒŒ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ๋‹ค์‹œ Custom ๊ณผ์ •์„ ๊ฑฐ์น˜๋˜ ์ค‘ ์žฌ๋ฏธ์žˆ๋Š” ์•„์ด๋””์–ด๊ฐ€ ์ƒ๊ฐ๋‚˜์„œ ํฌ์ŠคํŒ… ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

[WEB HACKING] Easily trigger event handler for XSS/ClickJackingโ€ using CSS(or stylesheet)

  • 2 min read

Intro

XSS๋Š” ์˜ํ–ฅ๋ ฅ ๋Œ€๋น„ ๋ฐœ๊ฒฌ ๊ฐ€๋Šฅ์„ฑ์ด ๋†’์€ ์ทจ์•ฝ์ ์ž…๋‹ˆ๋‹ค. ๋˜ํ•œ ๋‹ค๋ฅธ Code base(Injection ๋“ฑ)์˜ ์ทจ์•ฝ์ ๊ณผ ๊ฐ™์ด ์—ฐ๊ตฌํ•˜๋Š” ์žฌ๋ฏธ๋„ ์ ์ ํ•˜๊ณ  ์‚ฌ๋žŒ์— ๋”ฐ๋ผ ๋šซ์„ ์ˆ˜ ์žˆ๋Š” ๋ฒ”์œ„๊ฐ€ ํ™•์‹คํžˆ ๋“œ๋Ÿฌ๋‚˜๋Š” ์ทจ์•ฝ์ ์ด๊ธฐ๋„ ํ•˜์ฃ .

Read More

[HACKING] Symbolic Execution(symbolic evaluation)์„ ์ด์šฉํ•œ ์ทจ์•ฝ์  ๋ถ„์„

  • 3 min read

์ด๋ฒˆ ํฌ์ŠคํŒ…์€ Symbolic Execution ์ •๋ฆฌ์ฐจ์›์œผ๋กœ ๊ธ€ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค. Symbolic Execution์€ ํฌํ†ต ์ทจ์•ฝ์  ๋ถ„์„์— ๋งŽ์ด ์‚ฌ์šฉ๋˜๋Š” ๋ฐฉ๋ฒ• ์ค‘ ํ•˜๋‚˜์ด๋จธ, ์ด ๊ธฐ๋ฒ•์œผ๋กœ ๊ต‰์žฅํžˆ ๋งŽ์€ ๋…ธ๊ฐ€๋‹ค๊ฐ€ ๋‹จ์ถ•๋˜์–ด ๊ฐ„๋‹จํ•œ ๋ถ„์„์—์„œ ์—„์ฒญ๋‚œ ํšจ์œจ์„ ์ž๋ž‘ํ•ฉ๋‹ˆ๋‹ค.

Read More

RUBY์—์„œ RQRCode๋ฅผ ์ด์šฉํ•˜์—ฌ QR์ฝ”๋“œ ์ƒ์„ฑํ•˜๊ธฐ

  • ~1 min read

์˜ค๋Š˜์€ RQRCode์— ๋Œ€ํ•ด ์ž‘์„ฑํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. RQRCode๋Š” Ruby์—์„œ QR์ฝ”๋“œ๋ฅผ ๋‹ค๋ฃฐ ์ˆ˜ ์žˆ๋Š” ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ์ž…๋‹ˆ๋‹ค. ๊ฐ„๋‹จํ•œ ์ฝ”๋“œ๋กœ ์‰ฝ๊ฒŒ QR์ฝ”๋“œ ์ƒ์„ฑ์ด ๊ฐ€๋Šฅํ•˜๊ธฐ ๋–„๋ฌธ์— QR์ฝ”๋“œ ๊ด€๋ จ ์„œ๋น„์Šค๋‚˜ Rails ๋‚ด QR ์ฝ”๋“œ ์‚ฌ์šฉ ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๋ฐฉ๋ฉด์œผ๋กœ ํ™œ์šฉํ•  ์ˆ˜ ์žˆ๊ฒ ๋„ค์š”.

Read More