Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 9 of 86

Metasploit ๋ฐ์ดํ„ฐ๋ฅผ Httpx๋กœ?

  • 3 min read

์˜ค๋žœ๋งŒ์— Metasploit ๊ด€๋ จ ๊ธ€์„ ์“ฐ๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๋‹ค๋ฆ„์ด ์•„๋‹ˆ๋ผ netpen์ด๋ผ๋Š” plugin์„ ํ•˜๋‚˜ ์ฐพ์•˜๋Š”๋ฐ, ์ด๋ฅผ ์ด์šฉํ•˜๋ฉด Metasploit์œผ๋กœ ์ˆ˜์ง‘ํ•œ ์ •๋ณด๋ฅผ ๊ฐ€์ง€๊ณ  nuclei๋‚˜ zap/burp ๋“ฑ ๋‹ค๋ฅธ ๋„๊ตฌ์™€ ํŒŒ์ดํ”„ ๋ผ์ธ์œผ๋กœ ๊ตฌ์„ฑํ•ด์„œ ์‚ฌ์šฉํ•˜๊ธฐ ์ข‹์•„๋ณด์˜€์Šต๋‹ˆ๋‹ค.

Read More

ZAP HUNT Remix

  • 1 min read

์ œ๊ฐ€ ์˜ค๋žฌ๋™์•ˆ ์ž˜ ์จ์˜ค๋˜ ๋„๊ตฌ๊ฐ€ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ HUNT์ธ๋ฐ์š”! ์ € ๋˜ํ•œ ๋ถ„์„ํ•˜๋Š” ๋ฐฉ๋ฒ• ์ค‘ Data Driven Testing์„ ์„ ํ˜ธํ•˜๋Š” ํŽธ์ด๋ผ HUNT ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์ •๋ง ์ž˜ ์“ฐ๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

Context Technology๋กœ ZAP ์Šค์บ” ์†๋„ ์˜ฌ๋ฆฌ๊ธฐ

  • ~1 min read

ZAP์˜ Context(Scope)์—๋Š” Technology ๋ผ๋Š” ํ•ญ๋ชฉ์ด ์กด์žฌํ•ฉ๋‹ˆ๋‹ค. ์ด๋Š” Context > Technology ๊ฒฝ๋กœ์— ์กด์žฌํ•˜๋ฉฐ ์ž์„ธํžˆ ์‚ดํŽด๋ณด๋ฉด DB, Language, OS ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ Technology ๋ฆฌ์ŠคํŠธ์™€ ์ฒดํฌ๋ฐ•์Šค๊ฐ€ ์กด์žฌํ•ฉ๋‹ˆ๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋กœ ์ „๋ถ€ ์ฒดํฌ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Spring4Shell RCE ์ทจ์•ฝ์  (CVE-2022-22965)

  • 2 min read

์ง€๋‚œ ์ฃผ Spring4Shell ์ทจ์•ฝ์ ์œผ๋กœ ์ธํ•ด ์ธํ„ฐ๋„ท์ด ๋˜ ๋ถˆํƒˆ ๋ป” ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋‹คํ–‰ํžˆ Log4Shell ๋ณด๋‹จ ์žฌํ˜„ํ•˜๊ธฐ ์–ด๋ ต๋‹ค๋Š” ๋ฌธ์ œ๋กœ ๋ฌด๋‚œํ•˜๊ฒŒ ์ง€๋‚˜๊ฐ”๋Š”๋ฐ์š”. ๊ฒธ์‚ฌ๊ฒธ์‚ฌ ์ข€ ๋Šฆ์—ˆ์ง€๋งŒ ์ด์Šˆ ์ •๋ฆฌํ•ด์„œ ๊ธ€๋กœ ์˜ฌ๋ ค๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

ZAP Structural Modifier

  • 2 min read

์ €๋Š” ์ทจ์•ฝ์ ์„ ์ฐพ์„ ๋•Œ ์ค‘์š”ํ•œ 3๊ฐ€์ง€๋ฅผ ๋ฝ‘์œผ๋ผ๊ณ  ํ•œ๋‹ค๋ฉด ์•„๋งˆ๋„ ๊ธฐ์ˆ ์— ๋Œ€ํ•œ ์ดํ•ด, ๋Œ€์ƒ์— ๋Œ€ํ•œ ์ดํ•ด, ๊ทธ๋ฆฌ๊ณ  ์„ผ์Šค๋ฅผ ํƒํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์ด์™ธ์—๋„ ์ค‘์š”ํ•œ ์š”์†Œ๋“ค์€ ์ •๋ง ๋งŽ๊ฒ ์ง€๋งŒ ์ด 3๊ฐ€์ง€๋Š” ์ผํ•  ๋•Œ ๊ฐ€์žฅ ๋งŽ์ด ๋Š๋ผ๋Š” ๋ถ€๋ถ„์ด์˜€์–ด์š”.

Read More

Ajax Spidering ์‹œ ๋ธŒ๋ผ์šฐ์ € ์—”์ง„ ๋ณ„ ์„ฑ๋Šฅ ๋น„๊ต ๐Ÿ

  • 3 min read

ZAP์˜ AjaxSpider๋Š” headless browser๋ฅผ ํ†ตํ•ด์„œ ์ง์ ‘ ๋ธŒ๋ผ์šฐ์ง•ํ•˜๋ฉฐ Spidering ํ•˜๋Š” ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋กœ๋Š” Firefox๊ฐ€ ์„ค์ •๋˜์–ด ์žˆ์ง€๋งŒ, ๊ฐœ์ธ์˜ ์ทจํ–ฅ์— ๋”ฐ๋ผ Chrome, PhantomJS ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ browser(headless or common)๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More