Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 71 of 86

[EXPLOIT] MySQL(MariaDB/PerconaDB) Remote Code Execution and Privilege Escalation(CVE-2016-6662)

  • 12 min read

๋ชจ๋‘ ์ฆ๊ฑฐ์šด ์—ฐํœด ๋˜์…จ๋‚˜์š”? ๋ญ”๊ฐ€ ์ •์‹ ์—†์ด ๋ณด๋‚ธ ๊ฒƒ ๊ฐ™๋„ค์š”. ๋Œ€๋žต ํ•œ๋‹ฌ๋งŒ์— ํฌ์ŠคํŒ…์„ ํ•˜๋Š” ๊ฒƒ ๊ฐ™๋„ค์š”. ์‚ฌ์‹ค ํฌ์ŠคํŒ… ๊ฑฐ๋ฆฌ ๋ช‡๊ฐœ ์ž‘์„ฑํ•ด๋†“์€๊ฒŒ ์žˆ๋Š”๋ฐ.. ์ผ์ด ๋งŽ๋‹ค๋ณด๋‹ˆ ํ•˜๋‚˜ํ•˜๋‚˜ ์Œ“์—ฌ์žˆ๊ธฐ๋งŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

postMessage๋ฅผ ์ด์šฉํ•œ XSS์™€ Info Leak

  • 4 min read

์ง€๋‚œ์ฃผ Exploit-db์—์„œ ๋’ค์ ๋’ค์  ํ•˜๋˜ ์ค‘ PostMessage ์žฌ๋ฏธ์žˆ๋Š” ๊ด€๋ จ ๋ฌธ์„œ๋ฅผ ๋ณด๊ฒŒ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ postmessage์—์„œ ๋ฐœ์ƒํ•˜๋Š” ์ทจ์•ฝ์ ์„ ์ฐพ๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

Read More

BurpSuite์˜ ๋‹จ์ถ•ํ‚ค(Hotkey) ์†Œ๊ฐœ ๋ฐ ๋ณ€๊ฒฝํ•˜๊ธฐ

  • 1 min read

๊ฐœ์ธ์ ์œผ๋กœ ์›น ํ•ดํ‚น ์‹œ ์ฃผ๋ ฅ์œผ๋กœ ์‚ฌ์šฉํ•˜๋Š” ํˆด์€ Burpsuite ์ž…๋‹ˆ๋‹ค. ์•„ ๋ฌผ๋ก  ์ตœ๊ทผ ZAP(OWASP Zed Attack Proxy)๋ฅผ ์‚ฌ์šฉํ•ด๋ดค๋Š”๋ฐ ๊ต‰์žฅํžˆ ์ข‹๋”๊ตฐ์š”. ๊ทธ๋ž˜๋„ ์†์— ์ต์€ ๋‹จ์ถ•ํ‚ค์™€ ์ €์—๊ฒŒ ๋งž๋Š” UI๋กœ ์ €๋Š” Burp์˜ ์†์„ ๋“ค์–ด์ฃผ๊ณ  ์‹ถ๋„ค์š”.

Read More

[DEBIAN] SquashFS - compressed read-only file system for Linux

  • 1 min read

์„œ๋ฒ„ PC์— ๋ฆฌ๋ˆ…์Šค๋ฅผ ์žฌ์„ค์น˜ ํ•ด์•ผํ•  ์ผ์ด ์ƒ๊ฒจ unetbootin์œผ๋กœ ๊ตฝ๋˜ ์ค‘ ์ผ์‹œ์ ์ธ ๋”œ๋ ˆ์ด๋กœ ์ธํ•ด ์ž ๊น ๋ฉˆ์ถฐ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ ์ค‘ ๋ˆˆ์—๋“ค์–ด์˜จ ๊ฒƒ์ด ํ•˜๋‚˜ ์žˆ๋Š”๋ฐ์š”. ๋ฐ”๋กœ โ€œSquashFSโ€ ์ž…๋‹ˆ๋‹ค.

Read More

[CODING] WebSocket - Overview , Protocol/API and Security

  • 1 min read

WebSocket์ด๋ž€?

WebSocket์€ ์›น ํŽ˜์ด์ง€์—์„œ ์‹ค์‹œ๊ฐ„์œผ๋กœ ๋™์ž‘ํ•˜๋Š” ์›น ์„œ๋น„์Šค๋ฅผ ๋งŒ๋“ค์–ด ์ค„ ์ˆ˜ ์žˆ๋Š” ํ‘œ์ค€ ๊ธฐ์ˆ ์ž…๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ ์›น ํ”„๋กœํ† ์ฝœ์ธ HTTP๋Š” Request์™€ Response ๊ธฐ๋ฐ˜์œผ๋กœ ์ƒˆ๋กœ ์š”์ฒญ์ด ๋ฐœ์ƒํ•˜๋ฉด ํŽ˜์ด์ง€๋ฅผ ๋‹ค์‹œ ๊ทธ๋ ค์•ผํ•˜๋Š” ๊ตฌ์กฐ์ž…๋‹ˆ๋‹ค. ๋•๋ถ„์— ์ฟ ํ‚ค๋ผ๋Š” ๊ฐœ๋…๋„ ์‚ฌ์šฉ๋˜๊ฒŒ ๋˜์—ˆ์ง€์š”. (์ธ์ฆ ์ •๋ณด๋ฅผ ์œ ์ง€ํ•˜๊ธฐ ์œ„ํ•ด)

Read More

apt-get ์‚ฌ์šฉ ์‹œ Could not get lock /var/lib/dpkg/lock ์—๋Ÿฌ ํ•ด๊ฒฐํ•˜๊ธฐ

  • ~1 min read

๋ฉ”๋ชจ ์ฐจ์›์—์„œ ๊ฐ„๋‹จํ•˜๊ฒŒ ์ ์–ด๋‘ก๋‹ˆ๋‹ค. apt-get ์‚ฌ์šฉ ์‹œ ์•„๋ž˜์™€ ๊ฐ™์€ ์—๋Ÿฌ๋กœ ์ธํ•ด ์ง„ํ–‰์ด ๋˜์งˆ ์•Š๋Š” ๊ฒฝ์šฐ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

[RUBY] Cuntom column sort function on Two-dimensional array

  • 1 min read

๋ฃจ๋น„๋กœ ์ฝ”๋”ฉํ•˜๋˜ ์ค‘ ๊ท€์ฐฎ์€ ์ผ์ด ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ array์— ๋Œ€ํ•œ ์ •๋ ฌ ์ค‘ 2์ฐจ์› ์ด์ƒ ๋ฐฐ์—ด์—์„œ๋Š” ์ œ๊ฐ€ ์ง€์ •ํ•œ ์—ด์„ ๊ธฐ์ค€์œผ๋กœ ์ •๋ ฌํ•  ์ˆ˜ ์žˆ๋Š” ํ•จ์ˆ˜๊ฐ€ ์—†๋˜๊ฒƒ์ž…๋‹ˆ๋‹ค..

Read More

[DEBIAN] webissues๋ฅผ ์ด์šฉํ•œ Bug Tracking(install webissue and tutorial)

  • 1 min read

์ตœ๊ทผ redmine๋ถ€ํ„ฐ trac ๋“ฑ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ bug tracking system์„ ์ฐพ๊ณ  ํ…Œ์ŠคํŠธํ•ด๋ดค์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  ui ์ž์ฒด๋Š” yobi(yona)๊ฐ€ ์ข‹๊ธดํ•˜์ง€๋งŒ ํ˜‘์—…๋ณด๋‹ค๋Š” ๊ฐœ์ธ์ ์œผ๋กœ ์ด์Šˆ๊ด€๋ฆฌ๊ฐ€ ํ•„์š”ํ•ด์„œ ์„ ํƒํ•˜์ง€ ์•Š์•˜์Šต๋‹ˆ๋‹ค.

Read More

[DEBIAN] Using Redmine on Debian and Apache server, and Change a theme

  • 2 min read

ํ”„๋กœ์ ํŠธ ๊ด€๋ฆฌ ํ”„๋ ˆ์ž„์›Œํฌ๋Š” ์•„์ฃผ ๋งŽ์€ ์ข…๋ฅ˜๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ ์ค‘ Redmine, ์ฆ‰ Rails๋กœ ๋งŒ๋“ค์–ด์ง„ Ruby ๊ธฐ๋ฐ˜์˜ ํ”„๋ ˆ์ž„์›Œํฌ์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ• ๊นŒํ•ฉ๋‹ˆ๋‹ค. ๊ฐ„๋‹จํ•˜๊ฒŒ ์„ค์น˜ ๊ณผ์ •์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋กœ ์ง„ํ–‰ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.

Read More