Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 77 of 86

[SYSTEM HACKING] RPC Port Map Dump๋ฅผ ์ด์šฉํ•œ ์„œ๋น„์Šค Port ํ™•์ธ

  • 1 min read

System์— ์˜คํ”ˆ๋˜์–ด ์žˆ๋Š” Port ๋ฅผ ํ™•์ธํ•˜๋Š” ๋ฐฉ๋ฒ•์—๋Š” ์—ฌ๋Ÿฌ๊ฐ€์ง€๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๋Œ€ํ‘œ์ ์œผ๋กœ port ์— ๋Œ€ํ•ด ์ง์ ‘ ์š”์ฒญํ•˜์—ฌ ํ™•์ธํ•˜๋Š” ๋ฐฉ๋ฒ•(Syn Scan, XMAS ๋“ฑ๋“ฑ)์ด ์žˆ์ง€์š”. nmap์„ ํ†ตํ•ด ์„œ๋น„์Šค์— ์žˆ๋Š” ํฌํŠธ๋“ค์— ๋Œ€ํ•ด ํ™•์ธํ•˜๊ฒŒ ๋˜๋Š”๋ฐ ์ด ์ค‘ rpc ๊ด€๋ จ ํฌํŠธ๊ฐ€ ์žˆ๋‹ค๋ฉด ์ข€ ๋” ์„ธ์‹ฌํ•˜๊ฒŒ ์Šค์บ”์ด ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.

Read More

[EXPLOIT] Linux Kernel REFCOUNT Overflow/UAF in Keyrings ์ทจ์•ฝ์  ๋ถ„์„

  • 6 min read

์š”์ฆ˜ Linux Kernel ์ทจ์•ฝ์ ์ด ๊ฐ„๊ฐ„ํžˆ ๋งŽ์ด ์˜ฌ๋ผ์˜ค๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค . ๊ทธ ์ค‘ 1์›” 9์ผ EDB๋ฅผ ํ†ตํ•ด ๊ณต๊ฐœ๋œ CVE-2016-0728 ์ทจ์•ฝ์ ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ์ž…๋‹ˆ๋‹ค. ๋ฆฌ๋ˆ…์Šค ์ „๋ฐ˜์ ์œผ๋กœ ์˜ํ–ฅ๋ ฅ์ด ์žˆ์–ด ํŒŒ๊ธ‰๋ ฅ์ด ๊ฐ•ํ•œ ์ทจ์•ฝ์ ์ด๋„ค์š”.

Read More

JWT(JSON Web Token) ์ธ์ฆ๋ฐฉ์‹๊ณผ ๋ณด์•ˆํ…Œ์ŠคํŒ…, ์ทจ์•ฝ์  ๋ถ„์„

  • 2 min read

๐Ÿšง JWT ๊ด€๋ จ ํ…Œ์ŠคํŒ…, ๋ณด์•ˆ ๋‚ด์šฉ์€ ์ œ ๋ธ”๋กœ๊ทธ ๋‚ด Cullinan ํŽ˜์ด์ง€์—์„œ ๊ด€๋ฆฌ์ค‘์ž…๋‹ˆ๋‹ค. Cullinan > JWT ํ•ญ๋ชฉ์„ ์ฐธ๊ณ ํ•ด์ฃผ์„ธ์š”.

Read More

Java Applet์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•๋“ค

  • 2 min read

์›น ์ทจ์•ฝ์ ์— ๋Œ€ํ•œ ๋ถ„์„ ์‹œ ์ฃผ์š” ํƒœ๊ทธ๋กœ ์•Œ๋ ค์ง„ ๊ฒƒ๋“ค์€ ๋Œ€๋‹ค์ˆ˜ ํ•„ํ„ฐ๋ง ๋˜์–ด ์žˆ์ง€๋งŒ ๊ฐ„ํ˜น ๋น ์ง€๋Š” ํƒœ๊ทธ๋“ค์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ ์ค‘ ์˜ค๋Š˜์€ applet ํƒœ๊ทธ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ•˜๋ คํ•ฉ๋‹ˆ๋‹ค.

Read More

TOCTOU(Time-of-check Time-of-use) Race Condition

  • 1 min read

๊ฐ„๋งŒ์— ๋‚ด์šฉ ์ •๋ฆฌํ• ๊ฒธ Race Condition Attack์— ๋Œ€ํ•ด ์ž‘์„ฑํ•ด๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ์ผ๋‹จ Race Condition ๊ธฐ๋ฒ•์€ ์ด๋ฆ„ ๊ทธ๋Œ€๋กœ โ€œ๊ฒฝ์Ÿ์กฐ๊ฑดโ€ ์„ ์˜๋ฏธํ•˜๋Š” ๊ณต๊ฒฉ์ด๊ณ  ์ทจ์•ฝํ•œ ํ”„๋กœ๊ทธ๋žจ์ด ์‚ฌ์šฉํ•˜๋Š” ๋ถ€๋ถ„์„ ๋™์ผํ•˜๊ฒŒ ์ ์œ ํ•˜์—ฌ ๊ฒฝ์Ÿํ•˜๊ณ  ๋ฐ˜๋ณต์ ์ธ ์š”์ฒญ ์ค‘ ๊ณต๊ฒฉํ”„๋กœ๊ทธ๋žจ์ด ์ด๊ธธ ์‹œ ๊ณต๊ฒฉ์ž๊ฐ€ ์›ํ•˜๋Š” ํ๋ฆ„์œผ๋กœ ํ”„๋กœ๊ทธ๋žจ์˜ ๋กœ์ง์„ ๋ฐ”๊ฟ€์ˆ˜๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

MongoDB Injection์œผ๋กœ ์•Œ์•„๋ณด๋Š” NoSQL Injection

  • 2 min read

โš ๏ธ NoSQL Injection์— ๋Œ€ํ•œ ์ „๋ฐ˜์ ์ธ ๋‚ด์šฉ์€ Cullinan > NoSQL Injection ํŽ˜์ด์ง€์—์„œ ๊ด€๋ฆฌํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ํ•ด๋‹น ํŽ˜์ด์ง€์—์„œ ์ตœ์‹  ๋ฐ์ดํ„ฐ๊ฐ€ ์œ ์ง€๋˜๋‹ˆ ์ฐธ๊ณ  ๋ถ€ํƒ๋“œ๋ ค์š” :D

Read More