20140714 SITCON Camp 揭開駭客的神祕面紗

揭開駭客的神祕面紗 4*5$0/$BNQ 翁浩正 Allen Own allenown@devco.re Ꮦ˃੒ဧٰ΅Ϟࠢʮ̡

ᑺ٫ᔊʧ ॽख͍ "MMFO0XO %&7$03&Ꮦ˃੒ဧٰ΅Ϟࠢʮ̡ੂБڗ BMMFOPXO!EFWDPSF ! )*5$0/̨ᝄᎡ܄ϋึਓᐼ̜ /*43"༟τྠඟ௴፬ɛ ༟τҦঐږ޷ᆤᘩᒄϋڿࠏeϋԭࠏ
༟τద᜗ၣ१ታ१ᚥਪ

ٷ᧼㔃க൥፞)*5$0/9 "%"15505)&/&8&3"0'4&$63*5:5)3&"54 ˾ _ ̄ ٷ׸ޠΥḛ৮㑱ൽ㡴˒৴ἵ⃄㋒̙ቢῳ፞⁠୹㒔 IUUQIJUDPOPSH

νОϓމ੶٫k

ኪࣧʔ݊Ϟ઺෗k މʡჿᒔࠅІʉрɢk

ኪࣧ઺ԃ ଣሞeʫ̌    ุޢ ྼਕeуࣛ኷ɢe؛̌

ኪࣧ઺ԃ ଣሞeʫ̌   ุޢ ྼਕeуࣛ኷ɢe؛̌ ๖

৷ ʕ ɽ ኪ ޼ Ӻ ה ఱ ุ

৷ ʕ ɽ ኪ ޼ Ӻ ה ఱ ุ 為什麼？

৷ ʕ ɽ ኪ ޼ Ӻ ה ఱ ุ ????

৷ ʕ ɽ ኪ ޼ Ӻ ה ఱ ุ ㄨ

੽ྼਕࠦ̈೯ ᓘ՟ุޢeၣ༩ɪٙٝᗆ ໾ԑኪࣧίྼਕɪٙʔԑ

ᜊ੶ٙږᝌjІ˴ኪ୦

老老師領領進門，修行行在個㆟人

І˴ኪ୦ ഛ͜ၣ༩ɪٙ઺ኪ༟๕ ʔࠅ׊ᔊ᜗ʕ˖eߵ˖ й፰ဲdਗ˓ਂఱ࿁əl ϓఱชܘࠠࠅl

ʔࠅ׊̰઻ ̰઻ٙɛdʑ݊ኪՑ௰εٙ

ࡳԬٝᗆ݊Ңࡁ̀௪ٙճk

೻όႧԊ $$ +BWB$ ໔͉ႧԊ 4DSJQUJOH-BOHVBHF 4IFMM4DSJQU+BWB4DSJQU1ZUIPO3VCZ1FSM ၣࠫᏐ͜೻όႧԊ "41/&51)1+413P3 Бਗༀໄ೻όႧԊ
"OESPJE +BWB J04 0CKFDUJWF$ 8JOEPXT 1IPOF

νО፯኿೻όႧԊk 5*0#&1SPHSBNNJOH$PNNVOJUZ*OEFY IUUQXXXUJPCFDPNJOEFYQIQDPOUFOUQBQFSJOGPUQDJ JOEFYIUNM ੽રБᒈැ̙˸޶ՑႧԊٙᆠژ೻ܓ˸ʿุޢٙცӋ

ڐಂ༟τࠅၲ

ᒄژ᚛дj ̘ϋΌଢϞᄂഅࡈ༟̮ރ ᒄژ᚛д௰อ*453ၣ༩τΌ۾উజѓܸ̈d̘ϋ೯͛ٙ ༟τԫ΁ᜑͪdᎡ܄ҸᏘ੽Ҟ஺ҸᏘᔷމڗಂᆑͿٙɓ ϣ׌ɽ஝ᅼҸᏘdϋΌଢߒϞᄂഅ༟̮ࣘރf ί༈జѓ୕ࠇʕd̨ᝄίϋ዆᜗ၣ༩۾উʕΤΐΌ ଢୋdԭݲසϣ׵ʕ਷eΙܓf਷ʫϞٙ০࿁׌ ҸᏘᕁ֛Ցɛ஝ᅼٙʕɽۨΆุdҭ೯ʿႡி ุމҸᏘᕁ֛ٙՇɽପุfϾ̘ϋ̨ᝄչѫඉ΁રΤ੽ ୋΤɪʺЇୋdⶋ܉ၣ༩ɰરΤୋf
IUUQXXXJUIPNFDPNUXOFXT

F#BZቊල܄ɝڧ  ᄂ͜˒༟̮ࣘރ F#BZ˚ί֜˙ၣ१ʮ̺dʦϋ˜ֵЇ˜ڋd ᄂ܄˒ٙཥඉήѧe̋੗ܝٙ੗ᇁë͛˚ಂʿИѧ ഃᅰኽ஗ೳ՟dШ஗ೳ՟ٙ˖΁Ѱʔўৌਕ༟ࣘfʮ ̡ڮሗᄂ͜˒һҷ੗ᇁf F#BZڌͪdմۃ೯ତவԬቊᎡٙਪᕚኯᗇdމə࿏ֵ ૶ݟਪᕚdה˸ٜՑ˚ʑʮ̺dШ൷ᕎ˜ڋቊල܄ ɝڧࣛගʊ຾ڐࡈ˜f IUUQXXXCCDDPVL[IPOHXFOUSBEXPSME@FCBZ@IBDLFSTIUNM

"0-վוӻ୕ቊɝڧd  Ꭱ܄̙ঐπ՟ɽඎԴ͜٫੮໮ "0-ᆽႩᎡ܄͊຾બᛆπ՟əўϞɽඎԴ͜٫੮໮ٙУ ؂ኜdܼ̍͜˒ٙཥɿඉ΁੮໮eήѧeஷৃ፽e̋ ੗ٙ੗ᇁe̋੗ٙτΌஷᗫ੗Ⴇd˸ʿʈЪఊЗdϾ ˲"0-ɰ޴ڦչѫᔥʊ຾ෂ৔ൟᗺඉ΁ഗߒ͜˒ٙ ஷৃ፽ʾɛf IUUQXXXJUIPNFDPNUXOFXT

ߕ਷ཧਯਠ*5ӻ୕௘Κዚ  ৰə5BSHFUε࢕ཧਯਠɰቊݪ ௰ڐdԨʔස˟׵5BSHFUɓ࢕೯͛ࠠɽ༟̮ࣘރԫ΁f ࣬ኽ༩ீٟܸ̈dίື˚ᒅي֙ಂගdৰə5BSHFUၾ /FJNBO.BSDVTʘ̮ٙ஢εཧਯਠdɰቊՑᎡ܄ҸᏘf ɪ඄5BSHFUீᚣܸ̈dᎡ܄᛿՟ə΍ ຬഅٙᚥ܄ ֑Τeඉ΁ήѧeཥ༑໮ᇁeཥɿඉ΁ήѧၾ˕˹̔ ༟ࣘdШ̘ϋ˜ʕϚৎ΋జኬ፲̰ٙഅᅰމ ຬ
അf IUUQOFXTOFUXPSLNBHB[JOFDPNUXDMBTTJGJDBUJPOTFDVSJUZ

ӚϞʔτΌٙӻ୕  ̥ϞʔτΌٙɛ

A Nice Password, but….? Admin password Admin.R386W

Is Your Password Safe?

΋ซซІʉϞӚϞਂՑτΌf ׉ໆӻ୕ʔτΌʘۃd

༟τ۾উၾᏐ࿁ ԣጏ٫Ԩʔᆞ઄ҸᏘ٫ٙː࿒eͦٙeҦஔഃdኬߧ ԫ΁೯͛ܝʑঐආБࡌ໾fϾʔٝ༸ҸᏘٙҦஔၾ˙ جdࡌ໾ɰසطᅺʔط͉ ෂ୕ٙԣጏ˙όdܼ̍ӻ୕ࡌ໾eԣጏe̋੗dேΪ อҦஔɓɓ஗ॎ༆dԷνʱ౳όஈଣeථ၌e(16e 3BJOCPX5BCMF

༟τ۾উၾᏐ࿁ ٝʉٝ־dϵ኷ʔݫ ኪ୦Ꭱ܄ٙܠၪd௰อٙҦஔdԨ˲ə༆Іʉӻ୕ٙ ঌࢮᓃӺ௞ίОஈ

Cyberwar݊ʡჿk

http://www.ﬂickr.com/photos/42514833@N07/5246970893/ Cyberwar

ၣ༩኷͍ίආБʕl

Ŗϓၣ༩ගፒҸᏘ ԸІ਷࢕ॴዚ࿴೯ਗ ࣬ኽϋ7FSJ[PO௰อ೯̺ٙ༟̮ࣘރሜݟజ ѓܸ̈dίሜݟڐ΁ٙၣ༩ගፒҸᏘԫ΁ʕdϞ ݊ԸІ׵਷࢕ִ݁ॴዚ࿴ٙ೯ਗdՉʕऒʿ༟̮ࣘރٙҸ Ꮨݺਗۆ݊Цəfజѓɰܸ̈dϞਗ਼ڐɓ̒ ٙ ၣ༩ගፒݺਗேԸІ׵ʕ਷ձՉ̴؇ԭ਷࢕ה˴ኬd̤̮ ɰϞĈۆ݊ԸІ؇ᆄήਜ਷࢕f຅ʕһϞ൴ཀ̒ᅰ˸ɪ
ٙၣ༩ගፒҸᏘ࿁൥݊˸ߕ਷މ˴dՉϣ݊˚͉ ձᒵ ਷ f IUUQXXXJUIPNFDPNUXOFXT

Ꭱ܄ᜣ့ཥൖ̨ვБ یᒵజኬj̏ᒵהމ یᒵɪ˜ቊᎡ܄ɝڧdε࢕ཥൖ̨ձვБΌࠦᜣ့d یᒵᙆ˙ɓܓ၈Ꭱ܄ҸᏘԸІʕ਷dܝҷɹ݊ߕ਷ʿ ᆄݲഃࡈ਷࢕dШʦ˂یᒵʮ̺͍όజѓdܸછ̏ᒵ ᆽމவৎҸᏘࣩٙ˴ፑdᘪ೥ࣛගڗ༺˜ʘɮf IUUQXXXBQQMFEBJMZDPNUXSFBMUJNFOFXTBSUJDMFJOUFSOBUJPOBM

Ꭱ܄त၇௅ඟ ږ㛬Έˏ͜ɓ΅̏ᒵִ݁֜˙˖΁༟ܸࣘ̈d̏ᒵʊ ݂ჯኬɛږ͍˚ϋᒔፋІɨ˿ਗ਼ணί̻ᘎٙၣ༩ त၇௅ඟᓒᇜЇ ɛdᒱ್༈΅˖΁ٙॆྼ׌͊຾ ᆽႩdШږ㛬ΈኽϤౣ಻d̏ᒵᎡ܄ɛᅰʘܝʊɽష ᄣ̋dϞԬ݊ݼታʕ਷d˸ک੽ԫသீऎ̮ၣ༩ٙ΂ ਕf IUUQOFXTDIJOBUJNFTDPNXPSMEIUNM

Die Hard 4.0

ၣ༩኷ٙͦٙ݊ʡჿk ᛿՟਷࢕ઋజ ᜣ့ၣ༩ ਔ॰ ܁౮ІҢଣׂ

Ꭱ܄݊ʡჿk What is Hacker?

http://www.flickr.com/photos/torh/5275187124/

Ꭱ܄݊ʡჿ Ꭱ܄ )BDLFS ࡡจމ  ᆠহ׵ཥ໘ӻ୕Ҧஔ޼Ӻٙਖ਼࢕ ɽඎႬ͜ɨᎡ܄ɓ൚੭ϞࠋࠦЍ੹d੬މ ڢجెจॎᕸeɝڧӻ୕ٙɛ

Ꭱ܄݊ʡჿ White Hat 白帽駭客 ༟τਖ਼࢕d࿁ӻ୕τΌආБ޼ӺԨԣጏࡌ໾fεᅰ ੽ԫ༟ৃτΌ޴ᗫБุ Black Hat 黑帽駭客 ආБ͕ໆٙɝڧБމdਖ਼̡ॎᕸd˸ۃ͵̙၈
މ$SBDLFS

Ꭱ܄݊ʡჿ (SFZ)BUϲసᎡ܄ ʧ׵8IJUF)BUʿ#MBDL)BUʘග 4DSJQU,JEEJF ҦஔʔॱᆞאʔᏑࡡଣd̥ึԴ͜ତϞҸᏘ೻ όආБెจॎᕸٙҸᏘ٫d஗Ꮥ၈މ4DSJQU ,JEEJFdͦۃεᅰెจॎᕸ٫ޫ݊

Ꭱ܄ଡ଼ᔌ ֜˙ᇜՓ ਷࢕ ִ݁ Άุ ڢ֜˙ᇜՓήɨ

Ꭱ܄ҸᏘٙͦᅺ ͦᅺjУ؂ኜࡈɛཥ໘ ెจᎡ܄މə༺ՑݔԬͦٙdึҸᏘУ؂ኜא ࡈɛཥ໘fʔΝٙͦᅺึϞʔΝٙҸᏘ˓جd ɰึϞഹʔΝٙͦٙf

ၣ१஗ɝڧٙܝ؈k Ꭱ܄Ցֵࠅٙ݊ʡჿk

ၣ१஗ɝڧٙܝ؈k ᛿՟ၣ१ʫ௅༟ࣘ ਂމ༪ؐҸᏘՉ˼˴ዚ નᇁא׳ໄెจ೻ό ໄ౬ࠫࠦאॎᕸ ᛿՟१ʫ੮໮੗ᇁࡈ༟

Ꭱ܄՟੻੮໮੗ᇁνОԴ͜ ০࿁׌ٙೳ͜ݔ੮໮ ՟੻၍ଣ٫ᛆࠢ ਗ਼੗ᇁᏦႡЪϓοՊᏦ

ࡈɛཥ໘஗ɝڧٙܝ؈k Ꭱ܄Ցֵࠅٙ݊ʡჿk

ࡈɛཥ໘஗ɝڧٙܝ؈k ᛿՟ཥ໘ʫ௅༟ࣘ ᛿՟ཥ໘ʫ੮໮੗ᇁࡈ༟ ਂމ༪ؐҸᏘՉ˼˴ዚ

㔃கሯᇜḢပᚓ㢂

೸⁰ഥ ␶㉺ ⁔ፇ ሟᇌ␹ ༃༦⾬̳ ⳽୷⭶ё ῳ̎ഇ₁༓༶⾽̿

೸⁰ഥ ␶㉺ ⁔ፇ ሟᇌ␹ ⳽୷⭶ё ᖤஞቒ̳ ῳ̎ഇ₁༓༶⾽̿

ሟᇌ␹ ⳽୷⭶ё ⋣⃳ ⳽ቛൻ #PUOFU %%P4ሯᇜ

ሟᇌ␹ ⳽୷⭶ё ⋣⃳ ⳽ቛൻ ṬᄍӴξͥ፦࠵

http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/ 你更新了嗎？

你更新了嗎？

੬ԈτΌဍݸ࡚ؓ

ၣ१༟ৃރဍ ၣ१፹Ⴌৃࢹ͊ᒯᔛ У؂ኜක೯٫و͉છ၍ࠫࠦ͊୅ৰ ၣࠫУ؂ኜක઼ͦ፽ΐڌ *OEFY0G ࠬᎈjഗʚᎡ܄ɝڧٙ༟ৃdܼ̍ӻ୕ৣໄeͦ፽dޟ Ї੮໮e੗ᇁഃ

⊷ਘῠ῵໊aіa⊷ਘῠ଀Ẁ஥ᇂ

↌ᅟℯⅴਫ਼῅

B 網站密碼：1qaz2wsx C 網站密碼：1@#$%^%^*ag 密碼：1qaz2wsx A 網站 (遭⼊入侵)
(⼊入侵)

၍ଣ٫͊းப΂ ᒯਛʔజˏ೯һᘌࠠٙԫ࿒ પ՝ப΂ೌج༆Ӕਪᕚ ಴๘ᗇኽਪᕚԱᔚπίdᎡ܄ஶჇІί

ၣ१τΌᏨ಻νОྼЪ

ၣ१τΌᏨ಻νОྼЪ ݟ༔У؂ኜeࢁ΁ٙو͉༟ৃ ᝈ࿀ၣ१ࠫࠦeʩ९eආɝᓃ ഗʚ͍੬ٙ፩ɝeମ੬ٙ፩ɝdᝈ࿀ၣ१ٙˀᏐʿৃ ࢹ 5SJBMBOE&SSPS

಻༊ʈՈ .BOUSBIUUQXXXHFUNBOUSBDPN #VSQ4VJUFIUUQQPSUTXJHHFSOFUCVSQ 'JEEMFSIUUQGJEEMFSDPN

τΌᏨ಻ʃҦ̷ Ꮸ಻ၣ१݊щಀ஗Ꭱ IUUQXXXHPPHMFDPNTBGFCSPXTJOHEJBHOPTUJD TJUF IUUQ[POFIPSH IUUQXXXNBMXBSFEPNBJOMJTUDPNNEMQIQ IUUQXXXVSMWPJEDPN

Ꭱ܄ٙܠၪ༧Ңࡁʔɓᅵ

Injection? Path? Path?

admin ‘ or 1=1 -- admin  abc123  123456  password 3939889 
19831001  A12345678 87468c07c02e370ef84d4b7e3a668589 Try to get the password WordPress Vulnerability?

Ꭱ܄ҸᏘݴ೻ 3FDPOOBJTTBODF 4DBOOJOH (BJOJOH"DDFTT .BJOUBJOJOH"DDFTT $MFBSJOH5SBDLT Reconnaissance Scanning Gaining  Access
Maintaining  Access Clearing  Tracks

ॆྼҸᏘԫԷ Ꭱ܄຾͟ၣ१ҬՑɪෂeᄳᏦഃࢮᓃdಔɝXFCTIFMM ܝژஹɝ˴ዚf IUUQWJDUJNPSHTIFMMQIQ DNEPYPY ΢၇ၣࠫτΌਪᕚޫ̙л͜dܼ̍ᄳᏦeҷᏦeɪ ෂᏦࣩf

ॆྼҸᏘԫԷ $POU ஹɝ˴ዚܝ೯ତ੮໮ᛆࠢʔԑd੽˴ዚʫరҬ̙ٙ͜ ༟ৃf ᛆࠢjOPCPEZOPHSPVQ Ҭర̙͜੮໮FUDQBTTXE ݟ༔ӻ୕̙͜༟ৃWBSMPH ฤరϞೌTFUVJEGJMFT̙Զл͜

ॆྼҸᏘԫԷ $POU ೯ତ˴ዚ,FSOFMو͉ཀᔚdϞ̙౤ᛆٙࢮᓃf ᅠᄳฤర&YQMPJUҸᏘd՟੻SPPUᛆࠢf IUUQXXXFYQMPJUECDPN (PPHMF #ZZPVSTFMG

ॆྼҸᏘԫԷ $POU ׳ໄܝژ3PPULJU˸Զ˚ܝԴ͜f FUDQBTTXEܔͭ੮໮ FUDSDE׳ໄܝژ ˾౬TTIEഃ

ॆྼҸᏘԫԷ $POU ૶ৰԑ༦jা፽Ꮶʿӻ୕ߏ፽ _IJTUPSZ _CBTI@IJTUPSZ WBSMPH

ၣ༩݊τΌٙ෗k

8FMDPNFUPQIQ.Z"ENJO"/%  $SFBUFOFXEBUBCBTFGJMFUZQFQIQ

ІҢኪ୦

༟τהცٙٝᗆߠ౻ၾҦঐ ༟ৃϗණ*OGPSNBUJPO(BUIFSJOH ӻ୕τΌ4ZTUFN4FDVSJUZ ၣ༩τΌ/FUXPSL4FDVSJUZ ၣ१ၾၣࠫᏐ͜೻ότΌ8FC4FDVSJUZ ̋੗ၾ༆੗$SZQUPHSBQIZ ెจ೻όᏨ಻.BMXBSF%FUFDUJPO ৕Σʈ೻3FWFSTJOH&OHJOFFSJOH ᅰЗᛠᗆ%JHJUBM'PSFOTJDT Бਗༀໄ.PCJMF%FWJDFT

ІҢᇖ୦ IUUQTXXXPXBTQPSHJOEFYQIQ$BUFHPSZ08"41@8FC(PBU@1SPKFDU IUUQTQFOUFTUFSMBCDPN IUUQXXXEWXBDPVL IUUQXXXIBDLUIJTTJUFPSH IUUQIBDLBEFNJDUFJMBSHS IUUQTIBDLNF IUUQ[FSPXFCBQQTFDVSJUZDPN IUUQTPVSDFGPSHFOFUQSPKFDUTNVUJMMJEBF

ᑌഖ˙ό ߰Ϟ΂ОٙဲਪdᛇڎᎇࣛၾҢᑌᖩf " " ॽख͍"MMFO0XO IUUQEFWDPSF BMMFOPXO!EFWDPSF

20140714 SITCON Camp 揭開駭客的神祕面紗

20140714 SITCON Camp 揭開駭客的神祕面紗

More Decks by Allen Own

Other Decks in Technology

Featured

Transcript