Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 78 of 86

Ruby WEBrick์—์„œ ์„œ๋ฒ„ ์‚ฌ์ด๋“œ ์ฝ”๋“œ ์ฒ˜๋ฆฌํ•˜๊ธฐ

  • 1 min read

WEBRick ๋˜ํ•œ ์›น ์„œ๋น„์Šค๋ฅผ ์œ„ํ•œ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ์ด๊ธฐ ๋•Œ๋ฌธ์— ๊ฐ„๋‹จํ•œ ๋ผ์šฐํŒ… ๊ธฐ๋Šฅ์„ ์ง€์›ํ•ฉ๋‹ˆ๋‹ค. ์ด๋ฅผ ์ด์šฉํ•˜๋ฉด Static ํŒŒ์ผ๋งŒ ์„œ๋น™ํ•˜๋Š”๊ฒŒ ์•„๋‹Œ ์‹ค์ œ ์›น ์š”์ฒญ ์‹œ ์›ํ•˜๋Š” ์ฝ”๋“œ๋ฅผ ๋™์ž‘์‹œํ‚ฌ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

WEBrick์„ ์ด์šฉํ•˜์—ฌ ๊ฐ„๋‹จํ•œ Ruby ์›น ์„œ๋ฒ„ ๋งŒ๋“ค๊ธฐ

  • ~1 min read

์˜ˆ์ „์— Ruby on Rails๋ฅผ ๋‹ค๋ฃจ๋ฉด์„œ ์•Œ๊ฒŒ๋œ webrick ์›น์„œ๋ฒ„ ๋ชจ๋“ˆ์ž…๋‹ˆ๋‹ค. ์ด ๋ชจ๋“ˆ์€ ์‰ฌ์šด ๋ฐฉ๋ฒ•์œผ๋กœ ์›น ์„œ๋ฒ„๋ฅผ ๊ตฌ์„ฑํ•  ์ˆ˜ ์žˆ๋„๋ก ์ง€์›ํ•˜๋Š” ์ข‹์€ ๋ชจ๋“ˆ์ด์ง€์š”.

Read More

[SYSTEM HACKING] ShellNoob๋ฅผ ์ด์šฉํ•œ Shellcode ์ž‘์„ฑ ๋ฐ ํ™œ์šฉ (Writing Shell Code with ShellNoob ย  Install and Using ShellNoob)

  • 3 min read

shellcode ๋ฅผ ๋งŒ๋“œ๋Š” ์ผ์€ ์žฌ๋ฏธ์žˆ์ง€๋งŒ, ์ƒ๊ฐ๋ณด๋‹ค ์‹œ๊ฐ„๋„ ํˆฌ์ž๋˜๊ณ  ์•ฝ๊ฐ„ ๊ท€์ฐฎ์€ ๋ถ€๋ถ„๋„ ์กด์žฌํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌํ•œ ๊ณผ์ •์„ ์กฐ๊ธˆ ์ค„์—ฌ์ค„ ์ˆ˜ ์žˆ๋Š” ์ข‹์€ ํˆด์ด ์žˆ์–ด ์ž‘์„ฑํ•˜์˜€์Šต๋‹ˆ๋‹ค.

Read More

64bit Linux Execve Shell Code ๋งŒ๋“ค๊ธฐ

  • 4 min read

์˜ค๋Š˜์€ 64๋น„ํŠธ ์‰˜์ฝ”๋“œ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ์˜ˆ์ „์— ์ด์ชฝ ๋ถ„์•ผ ๊ด€์‹ฌ์„ ๊ฐ€์กŒ์„ ์ดˆ๋ฐ˜ ์ฏค์— 32bit์— ๋Œ€ํ•œ ์‰˜์ฝ”๋“œ๋ฅผ ๋งŒ๋“ค๊ณ  ์‚ฌ์šฉํ–ˆ์—ˆ์ง€๋งŒ ์ง€๊ธˆ์€ ์ผ ํŠน์„ฑ์ƒ ๋”ฑํžˆ ์‰˜์ฝ”๋“œ๋ฅผ ์‚ฌ์šฉํ•  ์ผ์ด ๊ต‰์žฅํžˆ ์ ์–ด์กŒ๊ธฐ์— ๊ฐ„๋งŒ์— ๋ณด๋Š” ๋Š๋‚Œ์ž…๋‹ˆ๋‹ค.

Read More

[EXPLOIT] Joomla 1.5 Object Injection & Remote Command Execution ์ฝ”๋“œ ๋ถ„์„(Code Analysis)

  • 2 min read

EDB์—๋Š” ๊พธ์ค€ํžˆ ๋ช‡๊ฐœ์”ฉ Exploit code, zero day ๋“ฑ์ด ์˜ฌ๋ผ์˜ค๋Š”๋ฐ ์ด๋ฒˆ์— ์•ฝ๊ฐ„ ํŒŒ๊ธ‰๋ ฅ์ด ์ง™์€ ์ทจ์•ฝ์ ์ด ๊ณต๊ฐœ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋น ์„œ ์‹ ๊ฒฝ์„ ๋ชป์“ฐ๊ณ  ์žˆ๋‹ค๊ฐ€ ํ™•์ธํ•ด๋ณด๋‹ˆ ๋งŽ์ด ์‚ฌ์šฉํ•˜๋Š” ํ”„๋ ˆ์ž„์›Œํฌ์— ์˜ํ–ฅ๋ ฅ๊นŒ์ง€ ๋†’์•„๋ณด์—ฌ ์ฐจ๊ทผ์ฐจ๊ทผ ์ฝ”๋“œ๋ฅผ ๋ณผ๊นŒํ•ฉ๋‹ˆ๋‹ค.

Read More

JS,CSS๋ฅผ ์ด์šฉํ•ด ํŒ์—… ๋ ˆ์ด์–ด ๋งŒ๋“ค๊ธฐ

  • 1 min read

๋ธ”๋กœ๊ทธ ๋””์ž์ธ ์ˆ˜์ • ์ค‘ ๊ฒ€์ƒ‰ ๋ถ€๋ถ„์— ์žฌ๋ฏธ์žˆ๋Š” ์ƒ๊ฐ์ด ๋‚˜์„œ ์•ฝ๊ฐ„ ์ž‘์—…์„ ํ•˜์˜€์Šต๋‹ˆ๋‹ค. ๊ธฐ์กด์— ์“ฐ๋˜ ๊ฒ€์ƒ‰์ฐฝ์€ ๋ธ”๋กœ๊ทธ์—์„œ ๋ฐ”๋กœ ๋ณด์ด๊ณ  ์ž…๋ ฅ ํ›„ ๊ฒ€์ƒ‰ํ•˜๋Š” ๋ฐฉ๋ฒ•์œผ๋กœ ๊ตฌ์„ฑํ•˜์˜€๋Š”๋ฐ, ํด๋ฆญํ•˜์—ฌ ๋”ฐ๋กœ ํŒ์—…์„ ๋„์šด ํ›„ ๊ฑฐ๊ธฐ์„œ ๊ฒ€์ƒ‰ํ•˜๋Š” ๋ฐฉ๋ฒ•์ด ๋” ์ข‹์„ ๊ฒƒ ๊ฐ™๋‹ค๋Š” ์ƒ๊ฐ์— ์ˆ˜์ •ํ•˜์˜€์Šต๋‹ˆ๋‹ค.

Read More

[WEB HACKING] Weevely๋ฅผ ์ด์šฉํ•˜์—ฌ Stealth Webshell ๋งŒ๋“ค๊ธฐ(weevely ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ)

  • 3 min read

Web Hacking ์—์„œ ๊ฐ€์žฅ ํŒŒ๊ธ‰๋ ฅ์ด ๊ฐ•ํ•œ ๊ณต๊ฒฉ์ด๋ผ๊ณ  ์ƒ๊ฐ๋˜๋Š” ์›น์‰˜์— ๊ด€ํ•œ ์ด์•ผ๊ธฐ์ž…๋‹ˆ๋‹ค. ๋ณดํ†ต ๋งŽ์ด ์•Œ๋ ค์ง„ r57๋“ฑ์˜ ์‰˜์„ ์‚ฌ์šฉํ•˜๊ฑฐ๋‚˜ one line shell์„ ์‚ฌ์šฉํ•˜๊ธฐ ๋‚˜๋ฆ„์ธ๋ฐ ์ฐพ๋‹ค๋ณด๋‹ˆ ์ข‹์€ ํˆด์ด ์žˆ์–ด ๊ฒธ์‚ฌ๊ฒธ์‚ฌ ์ž‘์„ฑํ•˜์˜€์Šต๋‹ˆ๋‹ค.

Read More

[ANDROID] ADB๋ฅผ ์ด์šฉํ•œ Android Remote Shell/Debugging (with ADB)

  • ~1 min read

์•ฑ ๋ถ„์„ ๋„์ค‘ USB ์ผ€์ด๋ธ” ์ ‘์ง€ ๋ถˆ๋Ÿ‰์œผ๋กœ USB๋ฅผ ํ†ตํ•œ ADB ์‚ฌ์šฉ์ด ์–ด๋ ค์›Œ์ ธ Adb Remote ์—ฐ๊ฒฐ์— ๋Œ€ํ•œ ๋ถ€๋ถ„์„ ์ฐพ์•„๋ณด์•˜๊ณ , ์ •๋ฆฌ ์ฐจ์›์—์„œ ์ž‘์„ฑํ•ฉ๋‹ˆ๋‹ค.

Read More

Burp Suite๋ฅผ ํ†ตํ•œ Android SSL Packet ๋ถ„์„(Android Proxy + SSL Certificate)

  • 1 min read

Android ๋ถ„์„ ์ค‘ ๋ฐœ์ƒํ•˜๋Š” ํŒจํ‚ท์— ๋Œ€ํ•ด ๋ถ„์„ํ•  ๋•Œ ๋Œ€๋ถ€๋ถ„ tcpdump + wireshark ์กฐํ•ฉ์„ ๋งŽ์ด ์‚ฌ์šฉํ•˜๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. ๊ทธ ์ค‘ http ํŒจํ‚ท์— ๋Œ€ํ•ด์„œ๋Š” wireshark ๋ณด๋‹ค ์ต์ˆ™ํ•œ burp๊ฐ€ ์ข‹๊ธฐ ๋•Œ๋ฌธ์— ํ”„๋ก์‹œ๋ฅผ burp๋กœ ๊ฑธ๊ณ  ๋ณด๋Š” ๊ฒฝ์šฐ๊ฐ€ ๋งŽ์•˜์ง€์š”.

Read More