Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ハニーポット開発でビビってしまった話

292a5fc0722cc2ddabf2b088a8f12793?s=47 Kazuaki Morihisa
April 26, 2018
Technology
4
1.3k

 ハニーポット開発でビビってしまった話

2018年4月26日 StudyCode #3 セキュリティ 懇親会 LT 発表資料 @morihi_soc #studycode

292a5fc0722cc2ddabf2b088a8f12793?s=128

Kazuaki Morihisa

April 26, 2018
Tweet

More Decks by Kazuaki Morihisa

See All by Kazuaki Morihisa
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
1
670
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
1
1.4k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
2
1.4k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
5
2.7k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
0
840
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
0
990
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
0
1.4k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
2
1.1k
292a5fc0722cc2ddabf2b088a8f12793?s=48 morihi_soc
1
970

Other Decks in Technology

See All in Technology
835671ae91e49b2637313b91dacda1db?s=48 tdys13
0
1.3k
Af02fa0e7eab6a7ca9da85052536e8c3?s=48 aar_nobu
0
2.8k
29fc9602e0ed9cca544d677266dadd68?s=48 hikarut
0
16k
847a328633b1df6b11cc2f72430025e6?s=48 ks91
PRO
0
120
F51e113117352226a2583a1f24d4de6d?s=48 shimashima35
0
180
532348a1aba5a909e283624c3d2a9a95?s=48 shift_evolve
0
1.6k
Ae788ab7d139931493941e42584eb456?s=48 asoviewinc
0
1.4k
842515eaf8fbb2dfcc75197e7797dc15?s=48 sat
1
200
9eca6d3a5658ef22998083a3d8e7ec44?s=48 shigeruoda
0
120
F04982ad61107b5408ad139966596316?s=48 hanhan1978
3
250
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
0
300
5314ec2302336bf68c95bdb5b1476227?s=48 furuhashilab
0
130

Featured

See All Featured
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
372
43k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
249
21k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
37
3k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
210
11k
245cee81a9c424266e5e401d844ea881?s=48 lara
175
11k
7c8469ee8c9e594c65c59b919626c08d?s=48 scottboms
253
11k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
123
8.3k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
118
27k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
342
16k
88f4e84b94fe07cddbd9e6479d689192?s=48 soudai
25
11k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
3.7k

Transcript

  1. 2018೥4݄26೔ StudyCode #3 ࠙਌ձLT ൃදࢿྉ ϋχʔϙοτ։ൃͰ ϏϏͬͯ͠·ͬͨ࿩ @morihi_soc

  2. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ XIPBNJ w ৿ٱ࿨ত !NPSJIJ@TPD  w ຊۀ͸ηΩϡϦςΟΤϯδχΞɾΞφϦετ w झຯͰϋχʔϙοτͷӡ༻Λ͢Δϋχʔϙολʔ

    w ϒϩάˠIUUQXXXNPSJIJTPDOFU w ϋχʔϙολʔٕज़ަྲྀձओ࠵ऀ w άϧʔϓˠIUUQTIBOJQPUFDIDPOOQBTTDPN   ˡϒϩάͷʮϋχʔϙοτ؍࡯ه࿥ʯ͕ ຊʹͳΓ·ͨ͠ ೥݄೔ൃച ిࢠॻ੶൛ແྉࢼಡ൛͋Γ·͢  ʮαΠόʔ߈ܸͷ଍੻Λ෼ੳ͢Δ ϋχʔϙοτ؍࡯ه࿥ʯ ஶऀɿ৿ٱ࿨ত ग़൛ɿल࿨γεςϜ ࠓ·Ͱʹ͓ੈ࿩ʹͳͬͨΠϕϯτ ɾ*5,FZT ݱ4FD$BQ  ɾωοτϫʔΫύέοτΛಡΉձ Ծ  ɾ/*4$αΠόʔϋϩ΢Οϯ ɾ*OUFSOFU8FFL ɾ)BSEFOJOH 7BMVF$IBJO༏উ  ɾTTNKQɾ"*4FD ɾULULηΩϡϦςΟษڧձ ɾ૯ؔ੢αΠόʔηΩϡϦςΟ-5େձ

  3. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ϋχʔϙοτͱ͸ wϋχʔϙοτ )POFZQPU ͱ͸
 ͋͑ͯ߈ܸΛड͚Δ͜ͱΛ
 લఏͱͨ͠γεςϜͰ͢ɻ wҰݴͰද͢ͱσδλϧ᠘ 3

  4. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ։ൃͨ͠΋ͷɿ808)POFZQPU 4 ߈ܸऀ ϋχʔϙοτ ᶃअຐ͢ΔͰʙ GET /wordpress/wp-admin/ HTTP/1.1 ᶅϑΝΠϧͷΞοϓϩʔυͨ͠Ζ

    POST /wordpress/wp-admin/admin-ajax.phpHTTP/1.1 ˕ ᶄWordPress ͷϖʔδͰ͢ɻͲ͏ͧ! 200 OK ͓ͬ WordPress ಈ͍͍ͯΔ΍Μ wp-admin ͔ͩΒ WordPress Λ૷͓͏ GitHub https://github.com/morihisa/WOWHoneypot →߈ܸऀΛʮ͓΋ͯͳ͠ʯ͢Δ Web ϋχʔϙοτ

  5. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ϋχʔϙοτͷָ͠Έ͔ͨ wᶃͱᶅͷϩάΛ෼ੳ͢Δ͜ͱָ͕͍͠ wຊ൪؀ڥͷݎ࿚Խ w߈ܸݩΛःஅ͢ΔϒϥοΫϦετ wϩά෼ੳٕज़ͷ޲্౳ 5

  6. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ΋͏Ұาɺ౿ΈࠐΜͰ w ߈ܸऀ͕αʔόʹ৵ೖͨ͠ޙɺ֎෦͔Βऔಘ͢Δ
 ϑΝΠϧ XHFUDVSM౳ Λௐ͍ࠪͨ͠ɻ w ͨͱ͑͹ w

    ϒϥ΢β͔Β8FCαʔόΛૢ࡞͢Δ8FC4IFMM w Ծ૝௨՟Λ࠾۷͢ΔϚΠχϯάιϑτ w ϥϯαϜ΢ΣΞ౳ 6 ϋχʔϙοτʹ͜ΕΒͷϑΝΠϧΛ
 ࣗಈతʹऔಘ͢ΔػೳΛ࣮૷͔ͨͬͨ͠

  7. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ ΢Πϧεͷऔಘɾอ؅ࡑ w ਖ਼౰ͳ໨త͕ͳ͍ͷʹɺͦͷ࢖༻ऀͷҙਤͱ͸ແؔ ܎ʹউखʹ࣮ߦ͞ΕΔΑ͏ʹ͢Δ໨తͰɺίϯ ϐϡʔλɾ΢Πϧε΍ίϯϐϡʔλɾ΢Πϧεͷιʔ είʔυΛऔಘɺอ؅͢ΔߦҝΛ͍͍·͢ɻ 7 ෆਖ਼ࢦྩి࣓తه࿥ʹؔ͢Δࡑ(ܯࢹி) ΑΓҾ༻

    http://www.keishicho.metro.tokyo.jp/kurashi/cyber/law/virus.html ※੺৭ଠࣈ͸ൃදऀ͕૷০͠·ͨ͠ɻ ɾʮਖ਼౰ͳ໨తʯΛͲͷΑ͏ʹઆ໌͢Ε͹͍͍ͷ͔  ɾʮ໨తʯΛ֬ೝ͢ΔͨΊʹ͸࿩͠߹͍͕ඞཁ  ϋχʔϙοτ։ൃऀ͸ɺͦΕΛར༻͢Δਓͷ͜ͱ·Ͱ
 ໘౗ΛݟΒΕͳ͍ ໔੹͞ΕΔͷ ɻ

  8. ϋχʔϙοτ։ൃͰϏϏͬͯ͠·ͬͨ࿩ )BQQZ)POFZQPU 8 ͓͠·͍