Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 73 of 86

[JQUERY] Create wait/loading animation using jquery(addClass,removeClass)

  • 1 min read

์›น ๊ฐœ๋ฐœ์„ ํ•˜๋‹ค๋ณด๋ฉด Ajax ๋“ฑ์„ ์ด์šฉํ•˜์—ฌ ๋ฐ์ดํ„ฐ๋ฅผ ์ฒ˜๋ฆฌํ•  ๋•Œ ์‚ฌ์šฉ์ž์˜ ๋ˆˆ์„ ์ฆ๊ฒ๊ฒŒ(?)ํ•˜๋Š” ๋กœ๋”ฉ ๋ฐ”๋ฅผ ๋งŒ๋“œ๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์ž‘์„ฑํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.

Read More

HIDDEN:XSS - input type=hidden ์—์„œ์˜ XSS

  • 3 min read

์›น ์ทจ์•ฝ์  ์ง„๋‹จ์—์„œ ๊ฐ€์žฅ ๋งŒ๋งŒํ•˜๋ฉด์„œ ๊ฐ€์žฅ ์–ด๋ ค์šธ๋•Œ๋„ ์žˆ๋Š” XSS์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ• ๊นŒํ•ฉ๋‹ˆ๋‹ค. ๊ทธ ์ค‘์—์„œ๋„ ์˜ค๋Š˜์€ hidden XSS. ์ฆ‰ hidden ์†์„ฑ์„ ๊ฐ€์ง„ ํƒœ๊ทธ์— ๋Œ€ํ•œ xss์ž…๋‹ˆ๋‹ค.

Read More

[PYTHON] Tkinter module์„ ์ด์šฉํ•œ Clipboard(ํด๋ฆฝ๋ณด๋“œ) ์ œ์–ด/์ƒ์šฉ๊ตฌ ๋งŒ๋“ค๊ธฐ

  • 1 min read

์ผ์„ ํ•˜๋‹ค๋ณด๋ฉด ํ•ญ์ƒ ๊ฐ™์€ ๋ง์„ ์ž์ฃผ ์จ์•ผํ•  ์ƒํ™ฉ์ด ๋งŽ์ด ์ƒ๊น๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ ํ‰์†Œ์— ์ œ๊ฐ€ Python ์„ ์ด์šฉํ•˜์—ฌ ์‚ฌ์šฉํ•˜๋˜ ๊ฒƒ์„ ํ’€์–ด๋ณผ๊นŒํ•ฉ๋‹ˆ๋‹ค.

Read More

[WEB HACKING] Making XSS Keylogger(XSS Keylogger ๋งŒ๋“ค๊ธฐ)

  • 2 min read

์˜ค๋Š˜์€ ๊ณต๊ฒฉ์„ ํ†ตํ•œ ์˜ํ–ฅ๋ ฅ ์ธก๋ฉด์—์„œ ๋ฐ”๋กœ ์‚ฌ์šฉ์ž์˜ ํ‚ค ์ž…๋ ฅ์„ ๊ฐ€๋กœ์ฑ„๋Š” Keylogger๋ฅผ ๊ฐ„๋‹จํ•˜๊ฒŒ ๋งŒ๋“ค์–ด๋ณผ๊นŒํ•ฉ๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์•…์šฉํ•˜์‹œ๋ฉด ์•ˆ๋ฉ๋‹ˆ๋‹ค. ์—ฐ๊ตฌ์ ์ธ ์ธก๋ฉด์—์„œ ํ•ด๋ณด์‹œ๊ธธ ๋ฐ”๋ž๋‹ˆ๋‹ค.

Read More

[DEBIAN] Linux Terminal์—์„œ .sql ํŒŒ์ผ ์‹คํ–‰ํ•˜๊ธฐ(Execute .sql file on linux . MYSQL)

  • ~1 min read

์˜คํ”ˆ์†Œ์Šค ์ฝ”๋“œ๋ฅผ ์‚ฌ์šฉํ•˜๋‹ค ๋ณด๋ฉด ์ž์ฃผ ๋งŒ๋‚˜๋Š” ๊ฒƒ์ด .sql ํŒŒ์ผ์ž…๋‹ˆ๋‹ค. ์ด๋Š” ๊ฐœ๋ฐœ์ž๊ฐ€ ๋ฏธ๋ฆฌ ๊ตฌ์„ฑํ•œ DB ํ™˜๊ฒฝ์„ ๊ฐ™์ด ๋ฐฐํฌํ•ด์ฃผ๊ธฐ ์œ„ํ•ด ์‚ฌ์šฉํ•˜๊ฑฐ๋‚˜, sql ์ฟผ๋ฆฌ๋ฅผ ๋ชจ์•„์„œ ํ•œ๋ฒˆ์— ์‹คํ–‰ํ•˜๊ธฐ ์œ„ํ•ด ๋งŒ๋“ค์–ด ๋†“๋Š” ๊ฒฝ์šฐ๊ฐ€ ๋งŽ์Šต๋‹ˆ๋‹ค.

Read More

[RUBY] ๋ฃจ๋น„์—์„œ Process/command ์‹คํ–‰ํ•˜๊ธฐ(Execute Process and command)

  • 2 min read

C์–ธ์–ด๋ถ€ํ„ฐ ruby, python ๋“ฑ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ์–ธ์–ด ์ค‘ ํ•˜๋‚˜๋ผ๋„ ํ•ด๋ณด์…จ๋‹ค๋ฉด ์ •๋ง ๋ฐ˜๊ฐ€์šด ํ•จ์ˆ˜๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ system() ํ•จ์ˆ˜(C์–ธ์–ด ๊ธฐ์ค€)์ธ๋ฐ์š”, ์ด ํ•จ์ˆ˜๋ฅผ ํ†ตํ•ด ์‹œ์Šคํ…œ์— ๋ช…๋ น์„ ๋‚ด๋ฆฌ๊ฑฐ๋‚˜ ์ƒˆ๋กœ์šด ํ”„๋กœ์„ธ์Šค๋ฅผ ์ƒ์„ฑํ•  ์ˆ˜ ์žˆ๋Š” ํ•จ์ˆ˜์ด์ง€์š”. ์ด ํ•จ์ˆ˜๋กœ ๋งŽ์€ ๋…ธ๊ฐ€๋‹ค ์ž‘์—…์ด ์ค„๊ฒŒ๋˜์ง€์š”.

Read More

[HACKING] JDWP(Java Debug Wire Protocol) Remote Code Execution

  • 5 min read

์˜ค๋Š˜์€ JDWP์— ๋Œ€ํ•œ RCE ์ทจ์•ฝ์ ์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ์ด ์ทจ์•ฝ์ ์€ 2014๋…„๋„ ๋‚˜์˜จ ์ทจ์•ฝ์ ์ด์ง€๋งŒ ์ตœ๊ทผ์—๋„ ๋ช‡๋ฒˆ ๋งŒ๋‚œ์ ์ด ์žˆ์–ด ์ •๋ฆฌํ•ด๋‘˜๊นŒํ•˜๋„ค์š”.

Read More

Anti-XSS Filter Evasion of XSS

  • 6 min read

์›น ํ•ดํ‚น ์‹œ ๊ฐ€์žฅ ๋งŽ์ด ์žก๋Š” ์ทจ์•ฝ์  ์ค‘ ํ•˜๋‚˜๊ฐ€ XSS์™€ URL Redirection์ž…๋‹ˆ๋‹ค. ํ•ญ์ƒ ํ•˜๋‹ค๋ณด๋ฉด ๊ผญ! ์Šคํฌ๋ฆฝํŠธ๋กœ ๋“ค์–ด๊ฐˆ ์ˆ˜ ์žˆ์œผ๋‚˜ ํ•จ์ˆ˜ ๋ฐ ํŠน์ • ํŠน์ˆ˜๋ฌธ์ž ํ•„ํ„ฐ๋ง์— ๋ง‰ํžˆ๋Š” ๊ฒฝ์šฐ๊ฐ€ ์ข…์ข… ์žˆ์ฃ . ๊ทธ๋ž˜๋„ ์—ฌ๋Ÿฌ๋ถ„๋“ค๊ป˜ ์žฌ๋ฏธ์žˆ๋Š” ์šฐํšŒ ๊ธฐ๋ฒ• ๋ช‡๊ฐœ ๊ณต์œ ํ•ด๋“œ๋ฆฌ๋ฉด ์ข‹์„ ๊ฒƒ ๊ฐ™์•„์„œ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

[WEB HACKING] Reflected File Download(RFD) Attack

  • 3 min read

์š”์ฆ˜ ์ •์‹ ์—†์ด ๋ณด๋‚ด๋‹ค๋ณด๋‹ˆ ๊ฐ„๋งŒ์— ๊ธ€์„ ์“ฐ๊ฒŒ ๋˜๋„ค์š”. ์˜ค๋Š˜์€ BlackHat 2014์—์„œ Hotํ–ˆ๋˜ RFD์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ•˜๋ คํ•ฉ๋‹ˆ๋‹ค. (๋ฒŒ์จ 2๋…„์ด๋‚˜ ์ง€๋‚ฌ๋„ค์š” ใ…Žใ…Ž..)

Read More

[DEBIAN] GDB layout(-tui, layout asm,reg) and save setting in gdb(gdb ๋ ˆ์ด์•„์›ƒ ๋ฐ ์„ธํŒ… ์ €์žฅํ•˜๊ธฐ)

  • 1 min read

์›น ํ•ดํ‚น์ด ๋ฐฅ์ค„์ด๊ธฐ ๋•Œ๋ฌธ์— gdb๋ฅผ ๋งŽ์ด ์‚ฌ์šฉํ• ์ผ์€ ์—†์ง€๋งŒ ๊ทธ๋ž˜๋„ ํ•ญ์ƒ ๋ฆฌ๋ˆ…์Šค ํ™˜๊ฒฝ์—์„œ๋Š” ์ •๋ง ์œ ์šฉํ•œ ๋””๋ฒ„๊ฑฐ๋ผ ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ GDB๋ฅผ ์ข€ ๋” ์ด์˜๊ฒŒ ๊พธ๋ฏธ๋Š” ๋ฐฉ๋ฒ•๊ณผ ์„ค์ •์„ ์ €์žฅ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ• ๊นŒํ•ฉ๋‹ˆ๋‹ค.

Read More