Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 75 of 86

[HACKING] Phase of Ethical Hacking Phase4 - Maintaining Access

  • 2 min read

์œค๋ฆฌํ•ดํ‚น(Ethical Hacking)์˜ 5๊ฐ€์ง€ ๋‹จ๊ณ„ ์ค‘ ๋„ค๋ฒˆ์งธ Maintaining Access์ž…๋‹ˆ๋‹ค. Maintaining Access๋Š” Gaining Access๋ฅผ ํ†ตํ•ด ์‹œ์Šคํ…œ์— ์ ‘๊ทผ ํ›„ ์ ‘๊ทผ์˜ ์œ ์ง€๋ฅผ ์œ„ํ•ด ํ•˜๋Š” ์ ˆ์ฐจ์ž…๋‹ˆ๋‹ค. ๋Œ€ํ‘œ์ ์œผ๋กœ Backdoor๋ฅผ ์‹ฌ๊ณ  Rootkit์„ ์„ค์น˜ํ•˜๋Š” ๊ณผ์ •์ด์ฃ .

Read More

[HACKING] Phase of Ethical Hacking Phase3 - Gaining Access

  • 3 min read

์œค๋ฆฌํ•ดํ‚น(Ethical Hacking)์˜ 5๊ฐ€์ง€ ๋‹จ๊ณ„ ์ค‘ ์„ธ๋ฒˆ์งธ Gaining Access์ž…๋‹ˆ๋‹ค. Gaining Access ๋Š” ์š”์•ฝํ•˜์ž๋ฉด Recon, Scan ๋“ฑ์„ ํ†ตํ•ด ์–ป์–ด์ง„ ์ •๋ณด๋ฅผ ๊ฐ€์ง€๊ณ  ์‹ค์ œ ์‹œ์Šคํ…œ์— ์ ‘๊ทผ์„ ์–ป์–ด๋‚ด๋Š” ๊ณผ์ •์ž…๋‹ˆ๋‹ค. MSF๋‚˜ ๋งŒ๋“  ๊ณต๊ฒฉ์ฝ”๋“œ๋ฅผ ํ†ตํ•ด Exploit ํ•˜๋Š” ๊ณผ์ •์ด๋ผ๊ณ  ๋ณผ ์ˆ˜ ์žˆ์ง€์š”.

Read More

[HACKING] Phase of Ethical Hacking Phase2 - Scanning/Enumeration

  • 1 min read

์œค๋ฆฌํ•ดํ‚น(Ethical Hacking)์˜ 5๊ฐ€์ง€ ๋‹จ๊ณ„ ์ค‘ ๋‘๋ฒˆ์งธ Scanning & Enumeration์ž…๋‹ˆ๋‹ค. ์ด ๋‹จ๊ณ„๋Š” ํƒ€๊ฒŸ์— ๋Œ€ํ•ด Scanning ํ•˜๋Š” ๋‹จ๊ณ„์ž…๋‹ˆ๋‹ค. ํƒ€๊ฒŸ ์‹œ์Šคํ…œ์— ๋Œ€ํ•ด Port Scan ๋“ฑ์„ ์ง„ํ–‰ํ•˜๊ณ  ์ง์ ‘์ ์ธ ๊ณต๊ฒฉ ์ˆ˜ํ–‰์— ์•ž์„œ ์ ๊ฒ€ํ•˜๊ฒŒ ๋˜๋Š” ์ˆœ์„œ์ž…๋‹ˆ๋‹ค. ์ด๋ฒˆ ํฌ์ŠคํŒ…์—์„œ๋Š” Scanning๊ณผ Enumeration ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

[HACKING] Phase of Ethical Hacking/Pentest(๋ชจ์˜/์œค๋ฆฌํ•ดํ‚น์˜ ๋‹จ๊ณ„)

  • 2 min read

๋ชจ์˜ํ•ดํ‚น/์œค๋ฆฌ์ ์ธ ํ•ดํ‚น์„ ์œ„ํ•ด ์ œ์‹œ๋˜๋Š” ๋‹จ๊ณ„๋“ค์ด ์—ฌ๋ ค๊ฐ€์ง€๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด ๊ฐ€์šด๋ฐ ๋Œ€ํ‘œ์ ์œผ๋กœ ์‚ฌ์šฉ๋˜๋Š” ๊ฒƒ์„ ์กฐ๊ธˆ ์ •๋ฆฌํ•ด๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์‹ค๋ฌด์—์„œ๋Š” ๋‹ค๋ฅธ ๋Š๋‚Œ์œผ๋กœ ์ ‘๊ทผํ•˜์ง€๋งŒ์š”.. (๋ฌผ๋ก  ๊ฐ๊ฐ ๋‹ค ์ฐจ์ด๊ฐ€ ์žˆ์„ ์ˆ˜ ์žˆ์Œ)

Read More

[DEBIAN] qemu๋ฅผ ์ด์šฉํ•œ arm elf ํŒŒ์ผ ์‹คํ–‰

  • ~1 min read

์ผ๋ฐ˜์ ์œผ๋กœ PC์—์„œ arm์œผ๋กœ ์ปดํŒŒ์ผ๋œ ํ”„๋กœ๊ทธ๋žจ์„ ์‹คํ–‰ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค. ๋งŒ์•ฝ ์‹คํ–‰ํ•œ๋‹ค๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ๋ฉ”์‹œ์ง€๊ฐ€ ๋ฐœ์ƒํ•˜์ฃ .

Read More

[HACKING] OpenSSL Client ์—์„œ SSLv2 ์‚ฌ์šฉํ•˜๊ธฐ(Check DROWN Attack)

  • 1 min read

OpenSSL, Python ๋‚ด ssl ํŒจํ‚ค์ง€๋„ ์–ด๋Š์‹œ์ ๋ถ€ํ„ฐ SSLv2 ์‚ฌ์šฉ์— ๋Œ€ํ•ด ์ง€์›์„ ์ค‘๋‹จํ•˜๊ณ  ์‚ฌ์šฉํ•˜์ง€ ๋ชปํ•˜๋„๋ก ํŒจ์น˜๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์˜ฌ ์ดˆ์— ์ด์Šˆ๊ฐ€ ๋˜์—ˆ๋˜ DROWN Attack์— ๋Œ€ํ•ด์„œ ์ ๊ฒ€ํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” SSLv2 ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์„œ๋ฒ„์— ์ ‘๊ทผํ•ด์•ผํ•˜์ง€๋งŒ, ๊ธฐ์กด์— ์‚ฌ์šฉํ•˜๋˜ OpenSSL์€ -ssl2 ์˜ต์…˜์„ ์‚ฌ์šฉํ•˜์ง€ ๋ชปํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ๊ฐ„๋‹จํ•œ ๋ฐฉ๋ฒ•์œผ๋กœ ํŒจ์น˜ํ•˜์—ฌ ์‚ฌ์šฉํ•˜๋Š” ๋ฒ•์— ๋Œ€ํ•ด ๊ณต์œ ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

[HACKING] SSLv2 DROWN Attack(CVE-2016-0800) ์ทจ์•ฝ์  ๋ถ„์„ / ๋Œ€์‘๋ฐฉ์•ˆ

  • 3 min read

์˜ฌ ์ดˆ์— ๋ฐœ๊ฒฌ๋˜์—ˆ๋˜ DROWN Attack์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•ด๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ์‚ฌ์‹ค ๋ฐœ๊ฒฌ ๋‹น์‹œ ์ด ์ทจ์•ฝ์ ์— ๋Œ€ํ•ด ๊ต‰์žฅํžˆ ํฅ๋ฏธ๊ฐ€ ์ƒ๊ฒผ์ง€๋งŒ, ๋ฐ”์œ ์ผ์ •๊ณผ ์ ์€ ์ž๋ฃŒ๋กœ ๊ด€์‹ฌ์„ ์ ‘๊ฒŒ๋˜์—ˆ์ง€์š”. ์ตœ๊ทผ์— a2sv์— ํ•ด๋‹น ์ทจ์•ฝ์ ์„ ์ ๊ฒ€ํ•  ์ˆ˜ ์žˆ๋Š” ๋ชจ๋“ˆ์„ ๋„ฃ๋Š”๊ฒŒ ์ข‹๋‹ค๊ณ  ์ƒ๊ฐ๋˜์–ด์„œ ๋‹ค์‹œ ์—ด์–ด๋ณด๊ฒŒ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

Read More