w ຊۀωοτϫʔΫηΩϡϦςΟΤϯδχΞɾΞφϦετ w झຯͰϋχʔϙοτͷӡ༻Λ͢Δϋχʔϙολʔ w ϒϩάˠIUUQXXXNPSJIJTPDOFU w ϋχʔϙολʔٕज़ަྲྀձओ࠵ऀ w IUUQTIBOJQPUFDIDPOOQBTTDPN 2 ࠓ·Ͱʹ͓ੈʹͳͬͨΠϕϯτ(Ұ෦) ɾ*5,FZT ݱ4FD$BQ
ϋχʔϙοτͱ੬ऑੑεΩϟϯ ϋχʔϙοτͱϋχʔϙολʔ w ϋχʔϙοτ )POFZQPU ͱɺ͋͑ͯ߈ܸΛ ड͚Δ͜ͱΛલఏͱͨ͠γεςϜͰ͢ɻ w ϋχʔϙοτ͕ه͢ΔϩάΛ؍͢Δ͜ͱͰɺ ੜͷ߈ܸใΛऩू͢Δ͜ͱ͕Ͱ͖·͢ɻ w ϋχʔϙολʔ ˠϋχʔϙοτΛӡ༻͢Δਓͷ͜ͱ w 8FCʹಛԽͨ͠ϋχʔϙοτΛ࡞ͬͯΈͨΑ ˠ8FMDPNFUP0NPUFOBTIJ8FC)POFZQPU ɹ௨শɿ808)POFZQPU 3
ϋχʔϙοτͱ੬ऑੑεΩϟϯ ͦΜͳͱ͖ɺ੬ऑੑεΩϟφ w ෳͷ੬ऑੑͷଘࡏ༗ແΛௐࠪͯ͘͠ΕΔπʔϧ w Φʔϓϯιʔεɾ༗ঈιϑτΣΞαʔϏε͕ ଟఏڙ͞Ε͍ͯΔ w ઈରʹ੬ऑੑݟ͚ͭΔͱ͍͏Ϟνϕʔγϣϯ w ײతʹɺʮ͋ɺ͜ͷαΠτ੬ऑੑ͋Γͦ͏ʯͱ ͍͏Α͏ͳ৬ਓܳͰݟ͚ͭΔ੬ऑੑলུɻ 6 ͱ͋Δஅһͱ৭ʑհͳ੬ऑੑୡ https://www.slideshare.net/zaki4649/ss-39061128
ϋχʔϙοτͱ੬ऑੑεΩϟϯ ނࣄ w ʮͲΜͳ६ಥ͖௨͢ໃʯͱ w ʮͲΜͳໃ͙६ʯΛച͍ͬͯͨஉ͕ɺ w ٬͔ΒʮͦͷໃͰͦͷ६Λಥ͍ͨΒͲ͏ͳΔͷ͔ʯͱ ΘΕɺฦͰ͖ͳ͔ͬͨͱ͍͏ɻ 7 https://ja.wikipedia.org/wiki/%E7%9F%9B%E7%9B%BE ϋχʔϙοτʹ੬ऑੑεΩϟφΛ ଧͪࠐΜͩΒͲ͏ͳΔͷ?
ϋχʔϙοτͱ੬ऑੑεΩϟϯ ੬ऑੑεΩϟφଆ w ؾ࣋ͪΑ͘߈ܸ͕Ͱ͖ͨ˕ w ੬ऑੑεΩϟφͷ͍ํͷษڧʹͳΔ w ಈ࡞ςετʹ͑Δ w ੬ऑੑͷݕূڥΛ͙͢ʹ࡞Εͳͯ͘ɺϋχʔϙο τͰઃఆΛՃ͑Εɺ੬ऑੑεΩϟφΛ͑Δ 12 metasploit→ https://www.exploit-db.com/exploits/43055/ ઃఆલΤΫεϓϩΠτࣦഊ ઃఆޙΤΫεϓϩΠτޭ
ϋχʔϙοτͱ੬ऑੑεΩϟϯ ϋχʔϙοτଆ w ߈ܸ௨৴Λͨ͘͞Μ࠾औͰ͖ͨ˕ w ௨৴༰͔ΒɺϩάੳτϨʔχϯά͕Ͱ͖Δ˞ w ੬ऑੑεΩϟφଆͰɺͲͷ੬ऑੑΛͬͨ߈ܸͩͬ ͨͷ͔ௐΔ͜ͱ͕Ͱ͖Δɻ 13 ※WOWHoneypot ͷΞΫηεϩάཁٻ༰ΛBASE64ͰΤϯίʔυͨ͠ܗͰه͢Δɻ
morihi_soc
koba789
murachiakira
neuecc
oracle4engineer
muture
yoshiakiyamasaki
akkie76
ryosk7
yutokomai
okiyuki99
yoshiitaka
fkmy
colly
sonatard
marktimemedia
thekraken
eileencodes
rasmusluckow
phodgson
afnizarnur
danielanewman
philhawksworth
chriscoyier
keathley