HiπŸ‘‹πŸΌ I’m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 81 of 86

[METASPLOIT] Veil Framework(Payload Generator)λ₯Ό μ΄μš©ν•œ Antivirus μš°νšŒν•˜κΈ°

  • 1 min read

Payload Generator λ₯Ό 찾던 쀑 μž¬λ―ΈμžˆλŠ” νˆ΄μ„ λ°œκ²¬ν•˜μ˜€μŠ΅λ‹ˆλ‹€. λ°”λ‘œ Veilμ΄λΌλŠ” νˆ΄μΈλ°μš”, MSFμ—μ„œ μ‚¬μš©ν•˜λŠ” Meterpreter Shell에 λŒ€ν•΄ Antivirusλ₯Ό μš°νšŒν•˜κΈ° μœ„ν•΄ 인코딩할 수 μžˆλŠ” νˆ΄μž…λ‹ˆλ‹€. λ‘œκ³ λ„ μ–‘κ³Ό λŠ‘λŒ€μ˜ κ·Έλ¦Όμžμ΄λ„€μš”. (λ­”κ°€ μ–‘μ˜ νƒˆμ„ μ“΄ λŠ‘λŒ€λž„κΉŒμš”)

Read More

[Exploit] SSLv3 POODLE Attack 확인 및 λŒ€μ‘λ°©μ•ˆ(Check and Modify)

  • 3 min read

이전에 SSL3 Version μ‚¬μš© μ‹œ λ³΄μ•ˆμ μΈ μ΄μŠˆκ°€ μžˆμ—ˆλ˜ POODLE Attack에 κ΄€ν•œ μ΄μ•ΌκΈ°μž…λ‹ˆλ‹€. λ‚˜μ˜¨μ§€λ„ μ’€ λ˜μ—ˆκ³ , 이미 λΈŒλΌμš°μ € κ°œλ°œμ‚¬ 및 μ„œλ²„ μΈ‘μ—μ„œ SSLv3 λ₯Ό μ‚¬μš©ν•˜μ§€ μ•ŠλŠ” μ‹μœΌλ‘œ ν•˜μ—¬μ„œ 영ν–₯λ ₯은 많이 λ–¨μ–΄μ‘Œμ§€λ§Œ κ·Έλž˜λ„ κ°„λ‹¨ν•˜κ²Œ μ •λ¦¬ν•΄λ†“λŠ”κ²Œ 쒋을 것 κ°™μ•„ μž‘μ„±ν•©λ‹ˆλ‹€.

Read More

Javascript 이벀트 ν•Έλ“€λŸ¬λ₯Ό μ΄μš©ν•˜μ—¬ Input νƒœκ·Έ μ—”ν„° 처리 Char Codes)

  • 1 min read

μ›Ή κ°œλ°œμ„ ν•˜λ‹€ 보면 ν…μŠ€νŠΈ λ°•μŠ€μ—μ„œ submit, button 을 λˆ„λ₯΄μ§€ μ•Šκ³  μ—”ν„°λ§ŒμœΌλ‘œ 데이터λ₯Ό μ „μ†‘ν•˜κ±°λ‚˜ νŽ˜μ΄μ§€λ₯Ό μ΄λ™ν•˜λŠ” λ“± μ•‘μ…˜μ΄ λ“€μ–΄κ°€μ•Όν•  뢀뢄듀이 μžˆμŠ΅λ‹ˆλ‹€. κ°„λ‹¨ν•˜κ²Œ 이벀트 ν•Έλ“€λŸ¬λž‘ javascript λ₯Ό μ΄μš©ν•΄μ„œ ν…μŠ€νŠΈ μž…λ ₯μ°½μ—μ„œ μ—”ν„°λ₯Ό λˆ„λ₯Ό μ‹œ 처리λ₯Ό ν•˜λ„λ‘ μ½”λ“œλ₯Ό λ§Œλ“€μ–΄λ³Ό 수 μžˆμŠ΅λ‹ˆλ‹€.

Read More

[EXPLOIT] StageFright Exploit Code 뢄석(StageFrigt Exploit Analysis)

  • 9 min read

StageFright Vulnerability

졜근 μ•ˆλ“œλ‘œμ΄λ“œμͺ½μ—μ„œ ν•« μ΄μŠˆμ˜€λ˜ StageFright 취약점에 λŒ€ν•΄ κΈ°μ–΅ν•˜μ‹œλ‚˜μš”? λ©€ν‹°λ―Έλ””μ–΄λ₯Ό λ‘œλ“œν•˜λŠ” μŠ€ν…Œμ΄μ§€ν”„λΌμ΄νŠΈ ꡬ간에 μ·¨μ•½μ μœΌλ‘œ 인해 λ―Έλ””μ–΄λ₯Ό μ „μ†‘ν•˜λŠ” MMS둜 μ‚¬μš©μžμ˜ ν•Έλ“œν°μ„ κ°μ—Όμ‹œν‚¬ 수 μžˆλŠ” μ·¨μ•½μ μ΄μ˜€μŠ΅λ‹ˆλ‹€. MMS 이외에도 λ―Έλ””μ–΄λ₯Ό λ‘œλ“œν•˜λŠ” κ΅¬κ°„μ—μ„œ λ‹€μˆ˜ λ°œμƒν•  수 μžˆλŠ” μ·¨μ•½μ μ΄μ˜€μ—ˆμ£ .. λ‚˜λ¦„ 크게 μ΄μŠˆκ°€ 있던 취약점이라 λ”°λ‘œ ν¬μŠ€νŒ…λ„ ν–ˆμ—ˆμŠ΅λ‹ˆλ‹€. λ³΄μ‹œλ©΄ λŒ€μΆ© μ–΄λ–€ μ·¨μ•½μ μ΄κ΅¬λ‚˜.. 라고 μ•Œ 수 μžˆμŠ΅λ‹ˆλ‹€.

Read More

grep -v , -E μ˜΅μ…˜μ„ μ΄μš©ν•œ λ¬Έμžμ—΄ μ œμ™Έν•˜μ—¬ μ°ΎκΈ°

  • ~1 min read

μ˜€λŠ˜μ€ terminalμ—μ„œ 데이터λ₯Ό κ±ΈλŸ¬λ‚Ό λ•Œ 많이 μ‚¬μš©ν•˜μ‹œλŠ” grep에 λŒ€ν•œ 이야기λ₯Ό ν• κΉŒ ν•©λ‹ˆλ‹€. νŠΉλ³„ν•œκ±΄ μ•„λ‹ˆκ³  -v(invert)와 -E(regex)λ₯Ό μ΄μš©ν•΄μ„œ μ›ν•˜λŠ” νŒ¨ν„΄μ˜ κ°’λ§Œ κ±ΈλŸ¬λ‚΄λŠ” λ°©λ²•μž…λ‹ˆλ‹€.

Read More

/proc/self/maps νŒŒμΌμ„ μ΄μš©ν•˜μ—¬ 싀행쀑인 μ‹œμŠ€ν…œ λ©”λͺ¨λ¦¬ μ£Όμ†Œ ν™•μΈν•˜κΈ°

  • 1 min read

λͺ¨λ°”일 μ•…μ„±μ½”λ“œ 뢄석 쀑 /proc/ ν•˜λ‹¨ 데이터λ₯Ό κ±΄λ“œλ¦¬λŠ” μ½”λ“œκ°€ μžˆμ–΄ μΆ”κ°€λ‘œ λ‚΄μš© 더 μ¨μ„œ μž‘μ„±ν•˜μ˜€μŠ΅λ‹ˆλ‹€. 참고둜 /proc λ””λ ‰ν† λ¦¬λŠ” λ¦¬λˆ…μŠ€μ—μ„œ μ‚¬μš©λ˜λŠ” 디렉토리이고 μ‹œμŠ€ν…œμ˜ ν”„λ‘œμ„ΈμŠ€ 정보λ₯Ό λ‹΄κ³  μžˆμŠ΅λ‹ˆλ‹€. κ°„λ‹¨ν•˜κ²Œ ꡬ쑰λ₯Ό μ‚΄νŽ΄λ³΄μžλ©΄ μ•„λž˜μ™€ κ°™μŠ΅λ‹ˆλ‹€.

Read More