Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
2017/08/25
Search
tanakata
August 25, 2017
0
41
2017/08/25
tanakata
August 25, 2017
Tweet
Share
More Decks by tanakata
See All by tanakata
20171201
tanakata
0
28
20171110
tanakata
0
40
1013
tanakata
0
46
徳丸0922
tanakata
0
58
0901
tanakata
0
36
0802徳丸.pdf
tanakata
0
44
徳丸20170721.pdf
tanakata
0
33
Featured
See All Featured
Automating Front-end Workflow
addyosmani
1366
200k
Code Reviewing Like a Champion
maltzj
521
39k
How to Ace a Technical Interview
jacobian
276
23k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
Agile that works and the tools we love
rasmusluckow
328
21k
The Invisible Side of Design
smashingmag
299
50k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.2k
Testing 201, or: Great Expectations
jmmastey
41
7.2k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.2k
GraphQLとの向き合い方2022年版
quramy
44
13k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
3
250
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
30
2.1k
Transcript
2017/08/25 ಙؙຊྠಡձ ϑΝΠϧΞοϓϩʔυʹ·ͭΘΔ
ϑΝΠϧΞοϓϩʔυʹ·ͭΘΔ
ϑΝΠϧΞοϓϩʔυʹର͢Δ߈ܸ ɾΞοϓϩʔυػೳʹର͢ΔDOS߈ܸʢాʣ ɾαʔόʔ্ͷϑΝΠϧΛεΫϦϓτͱ࣮ͯ͠ߦ͢Δ߈ܸʢాʣ ɾֻ͚ΛؚΉϑΝΠϧΛར༻ऀʹμϯϩʔυͤ͞Δ߈ܸʢXSSʣʢຢʣ ϑΝΠϧΞοϓϩʔυʹ·ͭΘΔ:࣮ʹෆඋ͕͋Δͱ༷ʑͳ੬ऑੑ͕ੜ·ΕΔ
ϑΝΠϧΞοϓϩʔυʹର͢Δ߈ܸ ɾΞοϓϩʔυػೳʹର͢ΔDOS߈ܸ→DOS߈ܸͱʁ ɾαʔόʔ্ͷϑΝΠϧΛεΫϦϓτͱ࣮ͯ͠ߦ͢Δ߈ܸ
ϑΝΠϧΞοϓϩʔυʹର͢ΔDOS߈ܸ ˕DOS(DENIAL OF SERVICE)߈ܸ αʔόʔʹରͯ͠ڊେͳϑΝΠϧΛ࿈ଓͯ͠ૹ৴͢Δ͜ͱʹΑ ΓWEBαΠτʹաେͳෛՙΛ͔͚Δ ˕Өڹ ɾӨڹԠͷԼ ɾ࠷ѱͷ߹ɺαʔόͷఀࢭ
ϑΝΠϧΞοϓϩʔυʹର͢ΔDOS߈ܸ ˕ରࡦ ΞοϓϩʔυϑΝΠϧͷ༰ྔ੍ݶ͕༗ޮ PHPͷ߹ PHP.INI Ͱઃఆ͢Δ͜ͱ͕Ͱ͖Δɻ
ϑΝΠϧΞοϓϩʔυʹର͢Δ߈ܸ ɾΞοϓϩʔυػೳʹର͢ΔDOS߈ܸ ɾαʔόʔ্ͷϑΝΠϧΛεΫϦϓτͱ࣮ͯ͠ߦ͢Δ߈ܸ ɾֻ͚ΛؚΉϑΝΠϧΛར༻ऀʹμϯϩʔυͤ͞Δ߈ܸ
αʔόʔ্ͷϑΝΠϧΛεΫϦϓτͱ࣮ͯ͠ߦ͢Δ߈ܸ ˕֓ཁ Ξοϓϩʔμͷதʹར༻ऀ͕Ξοϓϩʔυͨ͠ϑΝΠϧΛWEBαʔόͷ ެ։σΟϨΫτϦʹอଘ͢Δͷ͕͋ΔɻϑΝΠϧͷ֦ுࢠ͕PHPͷΑ͏ ͳεΫϦϓτݴޠ͕ΞοϓϩʔυͰ͖ͯ͠·͏ͱWEBαʔό্Ͱ࣮ߦͰ͖ ͯ͠·͏ɻ ˕Өڹ ֎෦͔ΒεΫϦϓτ͕࣮ߦ͞ΕΔ͜ͱͰOSίϚϯυɾΠϯδΣΫγϣϯͷةݥ͕͋Δɻ WEBαʔό্ͷϑΝΠϧͷӾཡɾվ͟Μɾআ ֎෦αʔόͷϝʔϧૹ৴
ϑΝΠϧ QIQͳͲ ެ։σΟϨΫτϦ
αʔόʔ্ͷϑΝΠϧΛεΫϦϓτͱ࣮ͯ͠ߦ͢Δ߈ܸ ˕߈ܸख๏ ߈ܸͰը૾ϑΝΠϧͷมΘΓʹεΫϦϓτΛΞοϓϩʔυ͢Δɻྫͱͯ͠ҎԼͷPHPεΫϦ ϓτΛΞοϓϩʔυ͢Δɻ Ξοϓϩʔυ͞ΕͨϑΝΠϧը૾Ͱͳ͍͕IMGཁૉͷ෦ʹɺ×ϚʔΫ͕දࣔ͞ΕΔɻ ϦϯΫΛΫϦοΫ͢ΔͱεΫϦϓτ͕࣮ߦ͞Εͯ /ETC/PASSWD ͕දࣔ͞ΕΔɻ ˕ରࡦ ֦ுࢠΛνΣοΫ͢Δ
Ξοϓϩʔυ͞ΕͨϑΝΠϧެ։σΟϨΫτϦʹஔ͔ͣɺεΫϦϓτܦ༝ͰӾ ཡͤ͞Δ HACK.PHP IUUQFYBNQMFKQPQFO@EJS)"$,QIQ
·ͱΊ ϑΝΠϧΞοϓϩʔυʹର͢Δ߈ܸ ɾΞοϓϩʔυػೳʹର͢ΔDOS߈ܸ →Ξοϓϩʔυ࣌ɺ༰ྔ੍ݶ ɾαʔόʔ্ͷϑΝΠϧΛεΫϦϓτͱ࣮ͯ͠ߦ͢Δ߈ܸ →֦ுࢠʢJPGɾPNGʣνΣοΫɾεΫϦϓτܦ༝ͰӾཡʢ࣮ߦͰ͖ͳ͍Α͏ʹʣ ɾֻ͚ΛؚΉϑΝΠϧΛར༻ऀʹμϯϩʔυͤ͞Δ߈ܸʢXSSʣʢຢʣ
͋Γ͕ͱ͏͍͟͝·ͨ͠ ϑΝΠϧΞοϓϩʔυʹ·ͭΘΔ
ֻ͚ΛؚΉϑΝΠϧΛར༻ऀʹμϯϩʔυͤ͞Δ߈ܸ ˕֓ཁ ߈ܸ༻ʢֻ͚ʣϑΝΠϧΞοϓϩʔυˠར༻ऀ͕ϑΝΠϧΛӾཡˠJSͷ ࣮ߦɺϚϧΣΞײછ ˕Өڹ ֎෦͔ΒεΫϦϓτ͕࣮ߦ͞ΕΔ͜ͱͰOSίϚϯυɾΠϯδΣΫγϣϯͷةݥ͕͋Δɻ WEBαʔό্ͷϑΝΠϧͷӾཡɾվ͟Μɾআ ֎෦αʔόͷϝʔϧૹ৴ ˕ରࡦ Ξοϓϩʔυ͞ΕͨϑΝΠϧެ։σΟϨΫτϦʹஔ͔ͣɺ
εΫϦϓτܦ༝ͰӾཡͤ͞Δ ϑΝΠϧ