Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ハニーポット開発でビビってしまった話

292a5fc0722cc2ddabf2b088a8f12793?s=47 Kazuaki Morihisa
April 26, 2018
Technology
4
1.3k

 ハニーポット開発でビビってしまった話

2018年4月26日 StudyCode #3 セキュリティ 懇親会 LT 発表資料 @morihi_soc #studycode

292a5fc0722cc2ddabf2b088a8f12793?s=128

Kazuaki Morihisa

April 26, 2018
Tweet

More Decks by Kazuaki Morihisa

See All by Kazuaki Morihisa
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
1
640
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
1
1.3k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
2
1.3k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
5
2.6k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
0
790
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
0
960
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
0
1.3k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
2
1k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
1
950

Other Decks in Technology

See All in Technology
Fccb5974b63d64636a7c90faf3bab51f?s=48 kikuzo
2
390
B4edef9fde5f33ef95409f564d21e542?s=48 trickart
3
360
347d87fba70c3d08867844bac08d3608?s=48 kochirin
1
140
A41b463f033e1304539253f8a663c950?s=48 moriyuya
2
270
2c51cbf972b0de2e0696c8a26c7d1f4b?s=48 matsuihidetoshi
0
100
D0f23208dff6d54a2a4305e65af569c8?s=48 shiozaki
0
320
2cf373725ded741824c50fd571eda6e1?s=48 udzura
0
110
1ec68e792f99c958b8ffbd0aadaa182a?s=48 ikkou
0
280
7fb060398b26ed622d34921bd64e4f5d?s=48 yoshiakiyamasaki
0
150
6ddc65998177a0f05be629dc31321a8f?s=48 kken78
0
320
Eb6be531bcfaa99714d8d3b48665a5a9?s=48 budougumi0617
2
700
6249f569a29ccb5fd9c1b1b3e572ee89?s=48 omuomugin
1
390

Featured

See All Featured
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
6
920
282d599b414022eba5096510f675b6e2?s=48 chrislema
174
14k
282d599b414022eba5096510f675b6e2?s=48 chrislema
231
16k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
350
20k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
208
20k
5f83ef806155b403c3393160ce51f955?s=48 jlugia
218
16k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
25
910
Ecdea9b9714877b86cee08458f085481?s=48 trallard
24
1.2k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
122
16k
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
195
16k
168ccec72eee0530b818d44f3fedaacf?s=48 shlominoach
177
8.1k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
147
20k

Transcript

  1. 2018೥4݄26೔ StudyCode #3 ࠙਌ձLT ൃදࢿྉ ϋχʔϙοτ։ൃͰ ϏϏͬͯ͠·ͬͨ࿩ @morihi_soc

  2. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ XIPBNJ w ৿ٱ࿨ত !NPSJIJ@TPD  w ຊۀ͸ηΩϡϦςΟΤϯδχΞɾΞφϦετ w झຯͰϋχʔϙοτͷӡ༻Λ͢Δϋχʔϙολʔ

    w ϒϩάˠIUUQXXXNPSJIJTPDOFU w ϋχʔϙολʔٕज़ަྲྀձओ࠵ऀ w άϧʔϓˠIUUQTIBOJQPUFDIDPOOQBTTDPN   ˡϒϩάͷʮϋχʔϙοτ؍࡯ه࿥ʯ͕ ຊʹͳΓ·ͨ͠ ೥݄೔ൃച ిࢠॻ੶൛ແྉࢼಡ൛͋Γ·͢  ʮαΠόʔ߈ܸͷ଍੻Λ෼ੳ͢Δ ϋχʔϙοτ؍࡯ه࿥ʯ ஶऀɿ৿ٱ࿨ত ग़൛ɿल࿨γεςϜ ࠓ·Ͱʹ͓ੈ࿩ʹͳͬͨΠϕϯτ ɾ*5,FZT ݱ4FD$BQ  ɾωοτϫʔΫύέοτΛಡΉձ Ծ  ɾ/*4$αΠόʔϋϩ΢Οϯ ɾ*OUFSOFU8FFL ɾ)BSEFOJOH 7BMVF$IBJO༏উ  ɾTTNKQɾ"*4FD ɾULULηΩϡϦςΟษڧձ ɾ૯ؔ੢αΠόʔηΩϡϦςΟ-5େձ

  3. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ϋχʔϙοτͱ͸ wϋχʔϙοτ )POFZQPU ͱ͸
 ͋͑ͯ߈ܸΛड͚Δ͜ͱΛ
 લఏͱͨ͠γεςϜͰ͢ɻ wҰݴͰද͢ͱσδλϧ᠘ 3

  4. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ։ൃͨ͠΋ͷɿ808)POFZQPU 4 ߈ܸऀ ϋχʔϙοτ ᶃअຐ͢ΔͰʙ GET /wordpress/wp-admin/ HTTP/1.1 ᶅϑΝΠϧͷΞοϓϩʔυͨ͠Ζ

    POST /wordpress/wp-admin/admin-ajax.phpHTTP/1.1 ˕ ᶄWordPress ͷϖʔδͰ͢ɻͲ͏ͧ! 200 OK ͓ͬ WordPress ಈ͍͍ͯΔ΍Μ wp-admin ͔ͩΒ WordPress Λ૷͓͏ GitHub https://github.com/morihisa/WOWHoneypot →߈ܸऀΛʮ͓΋ͯͳ͠ʯ͢Δ Web ϋχʔϙοτ

  5. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ϋχʔϙοτͷָ͠Έ͔ͨ wᶃͱᶅͷϩάΛ෼ੳ͢Δ͜ͱָ͕͍͠ wຊ൪؀ڥͷݎ࿚Խ w߈ܸݩΛःஅ͢ΔϒϥοΫϦετ wϩά෼ੳٕज़ͷ޲্౳ 5

  6. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ΋͏Ұาɺ౿ΈࠐΜͰ w ߈ܸऀ͕αʔόʹ৵ೖͨ͠ޙɺ֎෦͔Βऔಘ͢Δ
 ϑΝΠϧ XHFUDVSM౳ Λௐ͍ࠪͨ͠ɻ w ͨͱ͑͹ w

    ϒϥ΢β͔Β8FCαʔόΛૢ࡞͢Δ8FC4IFMM w Ծ૝௨՟Λ࠾۷͢ΔϚΠχϯάιϑτ w ϥϯαϜ΢ΣΞ౳ 6 ϋχʔϙοτʹ͜ΕΒͷϑΝΠϧΛ
 ࣗಈతʹऔಘ͢ΔػೳΛ࣮૷͔ͨͬͨ͠

  7. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ΢Πϧεͷऔಘɾอ؅ࡑ w ਖ਼౰ͳ໨త͕ͳ͍ͷʹɺͦͷ࢖༻ऀͷҙਤͱ͸ແؔ ܎ʹউखʹ࣮ߦ͞ΕΔΑ͏ʹ͢Δ໨తͰɺίϯ ϐϡʔλɾ΢Πϧε΍ίϯϐϡʔλɾ΢Πϧεͷιʔ είʔυΛऔಘɺอ؅͢ΔߦҝΛ͍͍·͢ɻ 7 ෆਖ਼ࢦྩి࣓తه࿥ʹؔ͢Δࡑ(ܯࢹி) ΑΓҾ༻

    http://www.keishicho.metro.tokyo.jp/kurashi/cyber/law/virus.html ※੺৭ଠࣈ͸ൃදऀ͕૷০͠·ͨ͠ɻ ɾʮਖ਼౰ͳ໨తʯΛͲͷΑ͏ʹઆ໌͢Ε͹͍͍ͷ͔  ɾʮ໨తʯΛ֬ೝ͢ΔͨΊʹ͸࿩͠߹͍͕ඞཁ  ϋχʔϙοτ։ൃऀ͸ɺͦΕΛར༻͢Δਓͷ͜ͱ·Ͱ
 ໘౗ΛݟΒΕͳ͍ ໔੹͞ΕΔͷ ɻ

  8. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ )BQQZ)POFZQPU 8 ͓͠·͍