20140714 SITCON Camp 揭開駭客的神祕面紗

20140714 SITCON Camp 揭開駭客的神祕面紗

2014-07-14 SITCON Camp 揭開駭客的神祕面紗

51b26506f600ed92d091ce6e2dfdcc1f?s=128

Allen Own

July 14, 2014
Tweet

Transcript

  1. 揭開駭客的神祕面紗 4*5$0/$BNQ 翁浩正 Allen Own allenown@devco.re Ꮦ˃੒ဧٰ΅Ϟࠢʮ̡

  2. ᑺ٫ᔊʧ ॽख͍ "MMFO0XO  %&7$03&Ꮦ˃੒ဧٰ΅Ϟࠢʮ̡ੂБڗ BMMFOPXO!EFWDPSF ! )*5$0/̨ᝄᎡ܄ϋึਓᐼ̜ /*43"༟τྠඟ௴፬ɛ ༟τҦঐږ޷ᆤᘩᒄϋڿࠏeϋԭࠏ

    ༟τద᜗ၣ१ታ१ᚥਪ
  3. ٷ᧼㔃க൥፞)*5$0/9 "%"15505)&/&8&3"0'4&$63*5:5)3&"54  ˾ _ ̄  ٷ׸ޠΥḛ৮㑱ൽ㡴˒৴ἵ⃄㋒̙ቢῳ፞⁠୹㒔 IUUQIJUDPOPSH

  4. None
  5. νОϓމ੶٫k

  6. None
  7. None
  8. ኪࣧʔ݊Ϟ઺෗k މʡჿᒔࠅІʉрɢk

  9. ኪࣧ઺ԃ ଣሞeʫ̌
 
 ุޢ ྼਕeуࣛ኷ɢe؛̌

  10. ኪࣧ઺ԃ ଣሞeʫ̌ 
 ุޢ ྼਕeуࣛ኷ɢe؛̌ ๖

  11. ৷ ʕ ɽ ኪ ޼ Ӻ ה ఱ ุ

  12. ৷ ʕ ɽ ኪ ޼ Ӻ ה ఱ ุ 為什麼?

  13. ৷ ʕ ɽ ኪ ޼ Ӻ ה ఱ ุ ????

  14. ৷ ʕ ɽ ኪ ޼ Ӻ ה ఱ ุ ㄨ

  15. ੽ྼਕࠦ̈೯ ᓘ՟ุޢeၣ༩ɪٙٝᗆ ໾ԑኪࣧίྼਕɪٙʔԑ

  16. ᜊ੶ٙږᝌjІ˴ኪ୦

  17. 老老師領領進門,修行行在個㆟人

  18. None
  19. None
  20. І˴ኪ୦ ഛ͜ၣ༩ɪٙ઺ኪ༟๕ ʔࠅ׊ᔊ᜗ʕ˖eߵ˖ й፰ဲdਗ˓ਂఱ࿁əl ϓఱชܘࠠࠅl

  21. ʔࠅ׊̰઻ ̰઻ٙɛdʑ݊ኪՑ௰εٙ

  22. ࡳԬٝᗆ݊Ңࡁ̀௪ٙճk

  23. ೻όႧԊ $$ +BWB$ ໔͉ႧԊ 4DSJQUJOH-BOHVBHF  4IFMM4DSJQU+BWB4DSJQU1ZUIPO3VCZ1FSM ၣࠫᏐ͜೻όႧԊ "41/&51)1+413P3 Бਗༀໄ೻όႧԊ

    "OESPJE +BWB J04 0CKFDUJWF$ 8JOEPXT 1IPOF
  24. νО፯኿೻όႧԊk 5*0#&1SPHSBNNJOH$PNNVOJUZ*OEFY IUUQXXXUJPCFDPNJOEFYQIQDPOUFOUQBQFSJOGPUQDJ JOEFYIUNM ੽રБᒈැ̙˸޶ՑႧԊٙᆠژ೻ܓ˸ʿุޢٙცӋ

  25. None
  26. None
  27. ڐಂ༟τࠅၲ

  28. ᒄژ᚛дj ̘ϋΌଢϞᄂഅࡈ༟̮ރ ᒄژ᚛д௰อ*453ၣ༩τΌ۾উజѓܸ̈d̘ϋ೯͛ٙ ༟τԫ΁ᜑͪdᎡ܄ҸᏘ੽Ҟ஺ҸᏘᔷމڗಂᆑͿٙɓ ϣ׌ɽ஝ᅼҸᏘdϋΌଢߒϞᄂഅ༟̮ࣘރf ί༈జѓ୕ࠇʕd̨ᝄίϋ዆᜗ၣ༩۾উʕΤΐΌ ଢୋdԭݲසϣ׵ʕ਷eΙܓf਷ʫϞٙ০࿁׌ ҸᏘᕁ֛Ցɛ஝ᅼٙʕɽۨΆุdҭ೯ʿႡி ุމҸᏘᕁ֛ٙՇɽପุfϾ̘ϋ̨ᝄչѫඉ΁રΤ੽ ୋΤɪʺЇୋdⶋ܉ၣ༩ɰરΤୋf

    IUUQXXXJUIPNFDPNUXOFXT
  29. F#BZቊල܄ɝڧ
 ᄂ͜˒༟̮ࣘރ F#BZ˚ί֜˙ၣ१ʮ̺dʦϋ˜ֵЇ˜ڋd ᄂ܄˒ٙཥඉήѧe̋੗ܝٙ੗ᇁë͛˚ಂʿИѧ ഃᅰኽ஗ೳ՟dШ஗ೳ՟ٙ˖΁Ѱʔўৌਕ༟ࣘfʮ ̡ڮሗᄂ͜˒һҷ੗ᇁf F#BZڌͪdմۃ೯ତவԬቊᎡٙਪᕚኯᗇdމə࿏ֵ ૶ݟਪᕚdה˸ٜՑ˚ʑʮ̺dШ൷ᕎ˜ڋቊල܄ ɝڧࣛගʊ຾ڐࡈ˜f IUUQXXXCCDDPVL[IPOHXFOUSBEXPSME@FCBZ@IBDLFSTIUNM

  30. "0-վוӻ୕ቊɝڧd
 Ꭱ܄̙ঐπ՟ɽඎԴ͜٫੮໮ "0-ᆽႩᎡ܄͊຾બᛆπ՟əўϞɽඎԴ͜٫੮໮ٙУ ؂ኜdܼ̍͜˒ٙཥɿඉ΁੮໮eήѧeஷৃ፽e̋ ੗ٙ੗ᇁe̋੗ٙτΌஷᗫ੗Ⴇd˸ʿʈЪఊЗdϾ ˲"0-ɰ޴ڦչѫᔥʊ຾ෂ৔ൟᗺඉ΁ഗߒ͜˒ٙ ஷৃ፽ʾɛf IUUQXXXJUIPNFDPNUXOFXT

  31. ߕ਷ཧਯਠ*5ӻ୕௘Κዚ
 ৰə5BSHFUε࢕ཧਯਠɰቊݪ ௰ڐdԨʔස˟׵5BSHFUɓ࢕೯͛ࠠɽ༟̮ࣘރԫ΁f ࣬ኽ༩ீٟܸ̈dίື˚ᒅي֙ಂගdৰə5BSHFUၾ /FJNBO.BSDVTʘ̮ٙ஢εཧਯਠdɰቊՑᎡ܄ҸᏘf ɪ඄5BSHFUீᚣܸ̈dᎡ܄᛿՟ə΍ ຬഅٙᚥ܄ ֑Τeඉ΁ήѧeཥ༑໮ᇁeཥɿඉ΁ήѧၾ˕˹̔ ༟ࣘdШ̘ϋ˜ʕϚৎ΋జኬ፲̰ٙഅᅰމ ຬ

    അf IUUQOFXTOFUXPSLNBHB[JOFDPNUXDMBTTJGJDBUJPOTFDVSJUZ
  32. ӚϞʔτΌٙӻ୕
 ̥ϞʔτΌٙɛ

  33. None
  34. None
  35. A Nice Password, but….? Admin password Admin.R386W

  36. Is Your Password Safe?

  37. ΋ซซІʉϞӚϞਂՑτΌf ׉ໆӻ୕ʔτΌʘۃd

  38. ༟τ۾উၾᏐ࿁ ԣጏ٫Ԩʔᆞ઄ҸᏘ٫ٙː࿒eͦٙeҦஔഃdኬߧ ԫ΁೯͛ܝʑঐආБࡌ໾fϾʔٝ༸ҸᏘٙҦஔၾ˙ جdࡌ໾ɰසطᅺʔط͉ ෂ୕ٙԣጏ˙όdܼ̍ӻ୕ࡌ໾eԣጏe̋੗dேΪ อҦஔɓɓ஗ॎ༆dԷνʱ౳όஈଣeථ၌e(16e 3BJOCPX5BCMF

  39. ༟τ۾উၾᏐ࿁ ٝʉٝ־dϵ኷ʔݫ ኪ୦Ꭱ܄ٙܠၪd௰อٙҦஔdԨ˲ə༆Іʉӻ୕ٙ ঌࢮᓃӺ௞ίОஈ

  40. Cyberwar݊ʡჿk

  41. http://www.flickr.com/photos/42514833@N07/5246970893/ Cyberwar

  42. ၣ༩኷͍ίආБʕl

  43. Ŗϓၣ༩ගፒҸᏘ ԸІ਷࢕ॴዚ࿴೯ਗ ࣬ኽϋ7FSJ[PO௰อ೯̺ٙ༟̮ࣘރሜݟజ ѓܸ̈dίሜݟڐ΁ٙၣ༩ගፒҸᏘԫ΁ʕdϞ ݊ԸІ׵਷࢕ִ݁ॴዚ࿴ٙ೯ਗdՉʕऒʿ༟̮ࣘރٙҸ Ꮨݺਗۆ݊Цəfజѓɰܸ̈dϞਗ਼ڐɓ̒  ٙ ၣ༩ගፒݺਗேԸІ׵ʕ਷ձՉ̴؇ԭ਷࢕ה˴ኬd̤̮ ɰϞĈۆ݊ԸІ؇ᆄήਜ਷࢕f຅ʕһϞ൴ཀ̒ᅰ˸ɪ

    ٙၣ༩ගፒҸᏘ࿁൥݊˸ߕ਷މ˴dՉϣ݊˚͉  ձᒵ ਷  f IUUQXXXJUIPNFDPNUXOFXT
  44. Ꭱ܄ᜣ့ཥൖ̨ვБ یᒵజኬj̏ᒵהމ یᒵɪ˜ቊᎡ܄ɝڧdε࢕ཥൖ̨ձვБΌࠦᜣ့d یᒵᙆ˙ɓܓ၈Ꭱ܄ҸᏘԸІʕ਷dܝҷɹ݊ߕ਷ʿ ᆄݲഃࡈ਷࢕dШʦ˂یᒵʮ̺͍όజѓdܸછ̏ᒵ ᆽމவৎҸᏘࣩٙ˴ፑdᘪ೥ࣛගڗ༺˜ʘɮf IUUQXXXBQQMFEBJMZDPNUXSFBMUJNFOFXTBSUJDMFJOUFSOBUJPOBM

  45. Ꭱ܄त၇௅ඟ ږ㛬Έˏ͜ɓ΅̏ᒵִ݁֜˙˖΁༟ܸࣘ̈d̏ᒵʊ ݂ჯኬɛږ͍˚ϋᒔፋІɨ˿ਗ਼ணί̻ᘎٙၣ༩ त၇௅ඟᓒᇜЇ ɛdᒱ್༈΅˖΁ٙॆྼ׌͊຾ ᆽႩdШږ㛬ΈኽϤౣ಻d̏ᒵᎡ܄ɛᅰʘܝʊɽష ᄣ̋dϞԬ݊ݼታʕ਷d˸ک੽ԫသீऎ̮ၣ༩ٙ΂ ਕf IUUQOFXTDIJOBUJNFTDPNXPSMEIUNM

  46. None
  47. Die Hard 4.0

  48. ၣ༩኷ٙͦٙ݊ʡჿk ᛿՟਷࢕ઋజ ᜣ့ၣ༩ ਔ॰ ܁౮ІҢଣׂ

  49. Ꭱ܄݊ʡჿk What is Hacker?

  50. http://www.flickr.com/photos/torh/5275187124/

  51. Ꭱ܄݊ʡჿ Ꭱ܄ )BDLFS ࡡจމ
 ˜ᆠহ׵ཥ໘ӻ୕Ҧஔ޼Ӻٙਖ਼࢕™ ɽඎႬ͜ɨ˜Ꭱ܄™ɓ൚੭ϞࠋࠦЍ੹d੬މ ڢجెจॎᕸeɝڧӻ୕ٙɛ

  52. Ꭱ܄݊ʡჿ White Hat 白帽駭客 ༟τਖ਼࢕d࿁ӻ୕τΌආБ޼ӺԨԣጏࡌ໾fεᅰ ੽ԫ༟ৃτΌ޴ᗫБุ Black Hat 黑帽駭客 ආБ͕ໆٙɝڧБމdਖ਼̡ॎᕸd˸ۃ͵̙၈

    މ$SBDLFS
  53. Ꭱ܄݊ʡჿ (SFZ)BUϲసᎡ܄ ʧ׵8IJUF)BUʿ#MBDL)BUʘග 4DSJQU,JEEJF ҦஔʔॱᆞאʔᏑࡡଣd̥ึԴ͜ତϞҸᏘ೻ όආБెจॎᕸٙҸᏘ٫d஗Ꮥ၈މ4DSJQU ,JEEJFdͦۃεᅰెจॎᕸ٫ޫ݊

  54. None
  55. Ꭱ܄ଡ଼ᔌ ֜˙ᇜՓ ਷࢕ ִ݁ Άุ ڢ֜˙ᇜՓ€ήɨ

  56. Ꭱ܄ҸᏘٙͦᅺ ͦᅺjУ؂ኜࡈɛཥ໘ ెจᎡ܄މə༺ՑݔԬͦٙdึҸᏘУ؂ኜא ࡈɛཥ໘fʔΝٙͦᅺึϞʔΝٙҸᏘ˓جd ɰึϞഹʔΝٙͦٙf

  57. ၣ१஗ɝڧٙܝ؈k Ꭱ܄Ցֵࠅٙ݊ʡჿk

  58. ၣ१஗ɝڧٙܝ؈k ᛿՟ၣ१ʫ௅༟ࣘ ਂމ༪ؐҸᏘՉ˼˴ዚ નᇁא׳ໄెจ೻ό ໄ౬ࠫࠦאॎᕸ ᛿՟१ʫ੮໮੗ᇁࡈ༟

  59. None
  60. None
  61. None
  62. None
  63. None
  64. Ꭱ܄՟੻੮໮੗ᇁνОԴ͜ ০࿁׌ٙೳ͜ݔ੮໮ ՟੻၍ଣ٫ᛆࠢ ਗ਼੗ᇁᏦႡЪϓοՊᏦ

  65. None
  66. None
  67. ࡈɛཥ໘஗ɝڧٙܝ؈k Ꭱ܄Ցֵࠅٙ݊ʡჿk

  68. ࡈɛཥ໘஗ɝڧٙܝ؈k  ᛿՟ཥ໘ʫ௅༟ࣘ  ᛿՟ཥ໘ʫ੮໮੗ᇁࡈ༟  ਂމ༪ؐҸᏘՉ˼˴ዚ

  69. 㔃கሯᇜḢပᚓ㢂

  70. ೸⁰ഥ ␶㉺ ⁔ፇ ሟᇌ␹ ༃༦⾬̳ ⳽୷⭶ё ῳ̎ഇ₁༓༶⾽̿

  71. ೸⁰ഥ ␶㉺ ⁔ፇ ሟᇌ␹ ⳽୷⭶ё ᖤஞቒ̳ ῳ̎ഇ₁༓༶⾽̿

  72. ሟᇌ␹ ⳽୷⭶ё ⋣⃳ ⳽ቛൻ #PUOFU %%P4ሯᇜ

  73. ሟᇌ␹ ⳽୷⭶ё ⋣⃳ ⳽ቛൻ #PUOFU %%P4ሯᇜ

  74. ሟᇌ␹ ⳽୷⭶ё ⋣⃳ ⳽ቛൻ ṬᄍӴξͥ፦࠵

  75. http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/ 你更新了嗎?

  76. 你更新了嗎?

  77. ੬ԈτΌဍݸ࡚ؓ

  78. ၣ१༟ৃރဍ ၣ१፹Ⴌৃࢹ͊ᒯᔛ У؂ኜක೯٫و͉છ၍ࠫࠦ͊୅ৰ ၣࠫУ؂ኜක઼ͦ፽ΐڌ *OEFY0G  ࠬᎈjഗʚᎡ܄ɝڧٙ༟ৃdܼ̍ӻ୕ৣໄeͦ፽dޟ Ї੮໮e੗ᇁഃ

  79. ⊷ਘῠ῵໊aіa⊷ਘῠ଀Ẁ஥ᇂ

  80. ↌ᅟℯⅴਫ਼῅

  81. None
  82. B 網站 密碼:1qaz2wsx C 網站 密碼:1@#$%^%^*ag 密碼:1qaz2wsx A 網站 (遭⼊入侵)

    (⼊入侵)
  83. ၍ଣ٫͊းப΂ ᒯਛʔజˏ೯һᘌࠠٙԫ࿒ પ՝ப΂ೌج༆Ӕਪᕚ ಴๘ᗇኽਪᕚԱᔚπίdᎡ܄ஶჇІί

  84. None
  85. None
  86. None
  87. ၣ१τΌᏨ಻νОྼЪ

  88. ၣ१τΌᏨ಻νОྼЪ ݟ༔У؂ኜeࢁ΁ٙو͉༟ৃ ᝈ࿀ၣ१ࠫࠦeʩ९eආɝᓃ ഗʚ͍੬ٙ፩ɝeମ੬ٙ፩ɝdᝈ࿀ၣ१ٙˀᏐʿৃ ࢹ 5SJBMBOE&SSPS

  89. ಻༊ʈՈ .BOUSBIUUQXXXHFUNBOUSBDPN #VSQ4VJUFIUUQQPSUTXJHHFSOFUCVSQ 'JEEMFSIUUQGJEEMFSDPN

  90. None
  91. τΌᏨ಻ʃҦ̷ Ꮸ಻ၣ१݊щಀ஗Ꭱ IUUQXXXHPPHMFDPNTBGFCSPXTJOHEJBHOPTUJD TJUF IUUQ[POFIPSH IUUQXXXNBMXBSFEPNBJOMJTUDPNNEMQIQ IUUQXXXVSMWPJEDPN

  92. Ꭱ܄ٙܠၪ༧Ңࡁʔɓᅵ

  93. None
  94. Injection? Path? Path?

  95. None
  96. admin ‘ or 1=1 -- admin
 abc123
 123456
 password 3939889


    19831001
 A12345678 87468c07c02e370ef84d4b7e3a668589 Try to get the password WordPress Vulnerability?
  97. Ꭱ܄ҸᏘݴ೻ 3FDPOOBJTTBODF 4DBOOJOH (BJOJOH"DDFTT .BJOUBJOJOH"DDFTT $MFBSJOH5SBDLT Reconnaissance Scanning Gaining
 Access

    Maintaining
 Access Clearing
 Tracks
  98. ॆྼҸᏘԫԷ Ꭱ܄຾͟ၣ१ҬՑɪෂeᄳᏦഃࢮᓃdಔɝXFCTIFMM ܝژஹɝ˴ዚf IUUQWJDUJNPSHTIFMMQIQ DNEPYPY ΢၇ၣࠫτΌਪᕚޫ̙л͜dܼ̍ᄳᏦeҷᏦeɪ ෂᏦࣩf

  99. ॆྼҸᏘԫԷ $POU ஹɝ˴ዚܝ೯ତ੮໮ᛆࠢʔԑd੽˴ዚʫరҬ̙ٙ͜ ༟ৃf ᛆࠢjOPCPEZOPHSPVQ Ҭర̙͜੮໮FUDQBTTXE ݟ༔ӻ୕̙͜༟ৃWBSMPH ฤరϞೌTFUVJEGJMFT̙Զл͜

  100. ॆྼҸᏘԫԷ $POU ೯ତ˴ዚ,FSOFMو͉ཀᔚdϞ̙౤ᛆٙࢮᓃf ᅠᄳฤర&YQMPJUҸᏘd՟੻SPPUᛆࠢf IUUQXXXFYQMPJUECDPN (PPHMF #ZZPVSTFMG

  101. ॆྼҸᏘԫԷ $POU ׳ໄܝژ3PPULJU˸Զ˚ܝԴ͜f FUDQBTTXEܔͭ੮໮ FUDSDE׳ໄܝژ ˾౬TTIEഃ

  102. ॆྼҸᏘԫԷ $POU ૶ৰԑ༦jা፽Ꮶʿӻ୕ߏ፽ _IJTUPSZ _CBTI@IJTUPSZ WBSMPH

  103. ၣ༩݊τΌٙ෗k

  104. None
  105. 8FMDPNFUPQIQ.Z"ENJO"/%
 $SFBUFOFXEBUBCBTFGJMFUZQFQIQ

  106. None
  107. None
  108. None
  109. -BC

  110. ІҢኪ୦

  111. ༟τהცٙٝᗆߠ౻ၾҦঐ ༟ৃϗණ*OGPSNBUJPO(BUIFSJOH ӻ୕τΌ4ZTUFN4FDVSJUZ ၣ༩τΌ/FUXPSL4FDVSJUZ ၣ१ၾၣࠫᏐ͜೻ότΌ8FC4FDVSJUZ ̋੗ၾ༆੗$SZQUPHSBQIZ ెจ೻όᏨ಻.BMXBSF%FUFDUJPO ৕Σʈ೻3FWFSTJOH&OHJOFFSJOH ᅰЗᛠᗆ%JHJUBM'PSFOTJDT Бਗༀໄ.PCJMF%FWJDFT

  112. ІҢᇖ୦ IUUQTXXXPXBTQPSHJOEFYQIQ$BUFHPSZ08"41@8FC(PBU@1SPKFDU IUUQTQFOUFTUFSMBCDPN IUUQXXXEWXBDPVL IUUQXXXIBDLUIJTTJUFPSH IUUQIBDLBEFNJDUFJMBSHS IUUQTIBDLNF IUUQ[FSPXFCBQQTFDVSJUZDPN IUUQTPVSDFGPSHFOFUQSPKFDUTNVUJMMJEBF

  113. None
  114. 2"

  115. ᑌഖ˙ό ߰Ϟ΂ОٙဲਪdᛇڎᎇࣛၾҢᑌᖩf " " ॽख͍"MMFO0XO IUUQEFWDPSF BMMFOPXO!EFWDPSF