Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 72 of 86

[DEBIAN] Change the GRUB background image

  • ~1 min read

GRUB Background image ์— ๋Œ€ํ•ด ๋ณ€๊ฒฝํ•˜๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ๋ฉ”๋ชจํ• ๊ฒธ ์ž‘์„ฑํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

[DEBIAN] Geany - Develope IDE for hacker and programmer

  • 2 min read

์šฐ๋ถ„ํˆฌ ์†Œํ”„ํŠธ์›จ์–ด ์„ผํ„ฐ์—์„œ ์“ธ๋งŒํ•œ ํˆด์ด ์žˆ๋‚˜ ์ฐพ์•„๋ณด๋˜ ์ค‘ Geany๋ผ๋Š” ๊ฐœ๋ฐœ IDE์— ๋Œ€ํ•ด ์•Œ๊ฒŒ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

[HACKING] BlackArch Linux Install, Review (Arch linux for Pentest)

  • 2 min read

์ด๋ฒˆ์— ๊ฐ€์ƒ๋จธ์‹  ์ •๋ฆฌ์ข€ ํ•  ๊ฒธ ์ตœ๊ทผ์— ์ด์•ผ๊ธฐ ๋‚˜์™”๋˜ BlackArch๋ฅผ ์„ค์น˜ํ•ด๋ดค์Šต๋‹ˆ๋‹ค. ๊ฐœ์ธ์ ์œผ๋กœ Arch Linux๋ฅผ ์จ๋ณธ์ ์ด ์—†๊ธฐ ๋•Œ๋ฌธ์—(๋”ฑ ํ•œ๋ฒˆ ์„ค์น˜๋งŒ ํ•ด๋ดค๋˜๊ฑฐ ๊ฐ™๋„ค์š”) ๊ธฐ๋Œ€๊ฐ์„ ์ง€๋‹Œ ์ฑ„ ๊ตฌ์„ฑ์„ ํ•˜์˜€์Šต๋‹ˆ๋‹ค.

Read More

Paranoid Mode! SSL Certified Meterpreter shell

  • 3 min read

์ง€์†์ ์ธ ๋ชจ์˜ํ•ดํ‚น์€ ์ธํ”„๋ผ, ์„œ๋น„์Šค์˜ ๋ณด์•ˆ์„ฑ์„ ํ–ฅ์ƒ ์‹œํ‚ค๋Š”๋ฐ ํฐ ๋„์›€์ด ๋ฉ๋‹ˆ๋‹ค. ๋‹ค๋งŒ ๋’ท์ฒ˜๋ฆฌ๊ฐ€ ๊น”๋”ํ•˜์ง€ ์•Š๋‹ค๋ฉด ๋” ์ทจ์•ฝํ•ด์งˆ ์ˆ˜๋„ ์žˆ๋‹ค๋Š” ๋ฌธ์ œ์ ์„ ๊ฐ€์ง€๊ณ  ์žˆ์ฃ .

Read More

[DEBIAN] malloc() ์‹œ sysctl vm.swappiness๋ฅผ ์ด์šฉํ•˜์—ฌ Swap ์ ๊ทน ํ™œ์šฉํ•˜๊ธฐ

  • 1 min read

๋ฆฌ๋ˆ…์Šค์—์„œ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ํ…Œ์ŠคํŠธ๋ฅผ ํ•˜๋‹ค๋ณด๋ฉด memory๋ฅผ full ์‹œ์ผœ์•ผํ•  ์ƒํ™ฉ์ด ์˜ค๊ธฐ๋„ ํ•ฉ๋‹ˆ๋‹ค. ์‚ฌ์‹ค ์ œ๊ฐ€ ์ด๋Ÿฐ ํ…Œ์ŠคํŠธ๊ฐ€ ํ•„์š”ํ•˜๊ธฐ๋ณด๋‹จ ํ•„์š”ํ•œ ๋ถ„ ๋„์™€๋“œ๋ฆฌ๋‹ค๋ณด๋‹ˆ ์•„๋ฌด๋ž˜๋„ ์ •๋ฆฌํ•ด๋†“๋Š”๊ฒŒ ์ข‹์„ ๊ฒƒ ๊ฐ™์•„ ๊ฐ€๋ณ๊ฒŒ ์ž‘์„ฑํ•ฉ๋‹ˆ๋‹ค.

Read More

[EXPLOIT] GNU Wget 1.18 Arbitrary File Upload/Remote Code Execution ๋ถ„์„(Analysis)

  • 4 min read

์˜ค๋žœ๋งŒ์— Exploit ์ฝ”๋“œ ๋ถ„์„์„ ํ•ด๋ณผ๊นŒํ•ฉ๋‹ˆ๋‹ค. (ํ•œ์ฐธ๋œ๊ฑฐ ๊ฐ™๋„ค์š”) ์ตœ๊ทผ wget, ์ฆ‰ gnu wget์—์„œ Arbitrary File Upload์™€ Remote Code Execution ์ทจ์•ฝ์ ์ด ๋ฐœ๊ฒฌ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋”ฑ๋ด๋„ ํŒŒ๊ธ‰๋ ฅ์ด ํฌ๊ธฐ ๋•Œ๋ฌธ์— ๋‹น์—ฐ CVE๋„ ๋ถ™์—ˆ๊ณ  CVSS Risk level ๋„ ๋†’์„ ๊ฒƒ์œผ๋กœ ๋ณด์ด๋„ค์š”. ๊ทธ๋Ÿผ ์‹œ์ž‘ํ•ด๋ณผ๊นŒ์š”?

Read More

Ruby nokogiri๋ฅผ ์ด์šฉํ•œ Web Spider ๋งŒ๋“ค๊ธฐ

  • 3 min read

์ง€๋‚œ ํฌ์ŠคํŒ…์—์„  nokogiri๋ฅผ ์ด์šฉํ•œ parsing ์„ ํ–ˆ๋‹ค๋ฉด ์ด๋ฒˆ์—๋Š” ์กฐ๊ธˆ ๋” ๋ฐœ์ „ ์‹œ์ผœ์„œ ๊ฐ„๋‹จํ•œ Spider๋ฅผ ๋งŒ๋“ค์–ด๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๋ฌผ๋ก  ํ›จ์”ฌ ์ข‹์€ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋“ค์ด ์žˆ์ง€๋งŒ ๊ฐ€์žฅ ๊ธฐ๋ณธ์ด๋˜๋Š” nokogiri๋ฅผ ์ž˜ ์•ˆ๋‹ค๋ฉด ๋งŽ์€ ๋„์›€์ด ์žˆ์„ ์ˆ˜ ์žˆ๊ฒ ์ง€์š”.

Read More

Ruby Nokogiri๋ฅผ ์ด์šฉํ•œ Web Parsing

  • 2 min read

์›น ์„œ๋น„์Šค๋ฅผ ํƒ์ƒ‰ํ•˜๋Š” ๋„๊ตฌ๋“ค์„ ๋งŒ๋“ค๋‹ค ๋ณด๋ฉด ๋งŽ์ด ์ ‘ํ•˜๊ฒŒ ๋˜๋Š” ์ž‘์—…์ด ํ•˜๋‚˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ HTML, XML ๋“ฑ ๊ตฌ์กฐํ™”๋œ ๋ฌธ์„œ๋ฅผ ํŒŒ์‹ฑํ•˜๋Š” ์ž‘์—…์ธ๋ฐ์š”. ์˜ค๋Š˜์€ Ruby์˜ ๊ฐ•๋ ฅํ•œ ํŒŒ์‹ฑ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ์ธ Nokogiri์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ• ๊ฐ€ ํ•ฉ๋‹ˆ๋‹ค.

Read More

PUT/DELETE CSRF(Cross-site Request Forgrey) Attack

  • 2 min read

์˜ค๋Š˜์€ ์›น ํ•ดํ‚น ๊ธฐ๋ฒ• ์ค‘ ํ•ซํ•œ CSRF์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ์ข€ ํ• ๊นŒํ•ฉ๋‹ˆ๋‹ค. XSS์™€ ํ•จ๊ป˜ ์ •๋ง ์ž์ฃผ ์žก๊ฒŒ๋˜๋Š” ์ทจ์•ฝ์ ์ด๊ณ  ์‚ฌ์šฉ ๋ฐฉํ–ฅ์— ๋”ฐ๋ผ ์˜ํ–ฅ๋ ฅ๋„ ๋†’์„ ์ˆ˜๋„ ์žˆ๋Š” ๋ฉ‹์ง„ ์นœ๊ตฌ์ด์ง€์š”. ์˜ค๋Š˜์€ ์•„์ฃผ ํฌ์†Œํ•˜์ง€๋งŒ PUT/DELETE ๋“ฑ GET/POST๊ฐ€ ์•„๋‹Œ CSRF์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More