
...ç§ãã¡ã¯å€§ããªã€ãã³ããšå°ããªäººã ã®æ代ã«çããŠããŸã
...ãŠã£ã³ã¹ãã³ã»ãã£ãŒãã«
æ¬æ¥ã¯ãããç¥ãããŠããäŒè°äž»å¬è ïŒ Black Hat and Pentes Academy ïŒã®ãµããŒããåããŠããªãœãŒã¹attackdefense.comã®åæãšå®éšå®€äœæ¥ã®ãµã€ã¯ã«ã®æåã®èšäºã«æ³šç®ããŸããããã¯ãããŸããŸãªãããã³ã«ããµãŒãã¹ãã·ã¹ãã ã«å¯Ÿããæ»æã®å€ãã®åŽé¢ãç解ã§ãããããžã§ã¯ãã§ãã ã»ãšãã©ã®å Žåããã®ãªãœãŒã¹ã¯ãæãé¢é£æ§ã®é«ããããã¯ã«é¢ããå®éšå®€äœæ¥ã®ãã©ãããã©ãŒã ã§ãã
ãã®è³æãèªãã§ããéã«çºçããå¯èœæ§ã®ããããã€ãã®è³ªåã«ããã«ãçãããŸãã
ãã¿ãã¬
- ãã®ãªãœãŒã¹ã«ã€ããŠäœã奜ãã§ãããïŒ ïŒäœ¿ããããããã¹ãã«ãã磚ãããã«ããã°ã©ã ããµãŒãã¹ã®å šç¯å²ãçšæããå¿ èŠã¯ãããŸããããã§ã«ãããããããŸããïŒ
- ãã®èšäºã¯å®£äŒçšã§ããïŒ ïŒãã®äžé£ã®èšäºã¯çŽç²ã«æè¡çãªæ§è³ªã®ãã®ã§ãããPRãªãœãŒã¹ã§ã¯ãªããå®éšå®€ã§ã®äœæ¥ã«åæ Œããããšãç®çãšããŠããŸãããããããã®ãµã€ããžã®é¢å¿ãé«ãŸãå¯èœæ§ãæé€ããŸãããïŒ
- ãããã«ãã³ãã¥ããã£ã¯è³ªåãããŸããä»ã®äººã
ã®åé¡ã®è§£æ±ºçã説æããããšã¯å«ççã§ããããªãœãŒã¹ã®èè
ããåæ§ã®ã·ãªãŒãºã®èšäºã®æ¿èªãåãããã©ããã
ïŒæ®å¿µãªãããããããç§ãã¡ã¯å ¬éã¡ãŒã«ã¢ãã¬ã¹ãéããŠé£çµ¡ãåãããšããŠããŸãããããããŸã çãã¯ãããŸãããïŒ - ã©ã®ãããã®é »åºŠã§ããã€ã®èšäºããªãªãŒã¹ãããäºå®ã§ããïŒ ïŒãããªãã¬ãŒã³ããŒã·ã§ã³ã§ããã«2ã€ã®è³æãå ¬éããäºå®ã§ããããã«ãã³ã¡ã³ãã§ã®åžæããããããªãèšäºãæ¢ã«äœæãããŸããïŒ
- ãã®ãµã€ãã«ã¯ãå®éšå®€ã§ã®äœæ¥ã«å¯Ÿããåçãšãããªä»ãã®èª¬æãæ¢ã«ãããŸãã ãªããã®èšäºã§ããïŒ ïŒã¯ãã倧äžå€«ã§ãããã®ãããªè³æã¯ç¹ã«å€ãå®éšå®€äœåã«ååšããŸããããããæ®å¿µãªããšã«ããããã¯ã«é¢ããäºå®èª¿æ»è³æã®äžéšã¯æ¯æãããŸãããããªã ãã§ãªãããã¹ãŠã®å®éšå®€äœåã«ã€ããŠã話ãããããã§ã¯ãããŸãããåœç€Ÿã®ãçŽ æããã³ãããªé²ç»ããããã£ãŠãåœç€Ÿã¯ãµã€ãèªäœãšç«¶åãããçŽ æã®ææãµãã¹ã¯ãªãã·ã§ã³ã®è²©å£²ã«ãããŠãµã€ãã劚害ããŸããïŒ
- é©åãªã³ã¡ã³ããæ¹å€ã¯ãããŸããïŒ ïŒãã¡ããïŒåžžã«äŒè©±ã®ããã«éããŠãã ãããããã®ããã«ãããŸãïŒTelegramïŒ@ orion_0ri0nïŒ
- ä»ã®é¢é£ãªãœãŒã¹ã¯ãããŸããïŒ ïŒãã¡ããïŒãããã®å€ãã¯ãããŸãããããã®ããã€ãã¯ãäŸãšããŠãæé«ã®åœŒãã®ãããã圢æããŸãïŒHackTheBoxïŒ
- æ³ç芳ç¹ããèŠããšããã®ãªãœãŒã¹ã«å¯Ÿããã¢ã¯ã·ã§ã³ã¯æ³åŸã«åããŠããŸããïŒ ïŒãã®ãªãœãŒã¹ã®ã«ãŒã«ã«åŸã£ãŠããããããã®è³ªåã«å¯Ÿããæ確ãªçãã¯ãããŸãããå®éšå®€ã§ã®äœæ¥ãè¡ãå Žåãæ³åŸã«éåããŸããã pp.txt ããã®ãªãœãŒã¹ã¯ãããªãã®ããŒã¿ãèŠå¯ãä»ã®åœå±ã«è»¢éãããå¯èœæ§ãããããšãèŠåããŠããŸã
æ³å·è¡æ©é¢ã®é瀺ïŒç¹å®ã®ç¶æ³äžã§ã¯ãBinary Security Inc. æ³åŸã«ããããŸãã¯å ¬çæ©é¢ïŒè£å€æãŸãã¯æ¿åºæ©é¢ãªã©ïŒããã®æå¹ãªèŠæ±ã«å¿ããŠèŠæ±ãããå Žåãå人ããŒã¿ã®é瀺ãå¿ èŠã«ãªãå ŽåããããŸãã
ãã®èšäºã§ã¯ã以äžãç°¡åã«ç¢ºèªããŸãã
- æ©èœãšãªãœãŒã¹ã«é¢ããæè©ã ãããŠãããã¯ç§ãã¡ã«äœãäžããã§ãããã
- ãªãœãŒã¹ãæäŸãããæ»æãã®çš®é¡ã
- ãããã説æããå®éšå®€ã®äœæ¥ã«ããæ»æãã¯ãã«ã«é¢ããè³æã
- ããã¹ããã©ãã®1ã€ã®ãœãªã¥ãŒã·ã§ã³ã
- çµè«
次ã®èšäºãäºå®ãããŠããŸãã
- 1çš®é¡ã®æ»ææ¹åã®å šã©ã€ã³ãå®äºããŸãã ïŒãã©ãã£ãã¯åæïŒ
- ã³ãŒã¹ã®è³æãæºåããŸãã
- å®éšå®€ã®ä»äºã解決ãããšãã«çããäž»ãªãšã©ãŒãåæããŸãããã
- ãã®æ¹åã§ç°¡åãªçè«ãåéããŸãïŒè«æ/ãããŒãããïŒ
- åã®èšäºã®è³ªåã«çããŸãã
ã¯ããã«
ç§ãã¡ãè¿œæ±ããç®çïŒä»¥åã¯ãã®ãããã¯ã«å°å¿µããŠããªãã£ããããã®åéã«åŒ·ãé¢å¿ãæã£ãŠãã人ã ã®ããã«ããµãŒãã¹ã®ç 究ã«é¢å¿ãé«ããããšã
äžéšã®äººã ãšã³ãã¥ããã£ã¯ãã§ã«ãã®ãããã¯ãéå§ããŠããŸããããªãœãŒã¹ã®å¯èœæ§ãæããã«ãã人ã¯ããŸããã ç§ãã¡ãæäŸããããšããŠãããã®ãä»ã®äººãæäŸããŠããªããã®ã ãããã¯ããã®è匱æ§ãçºçããæè¡ã®èª¬æã§ããããã®è匱æ§ãçºçããçç±ãšããã®è匱æ§ãã©ã®ããã«è§£æ±ºãåé¿ããŸãã¯çžæ®ºã§ããããç解ããã®ã«åœ¹ç«ã¡ãŸãã
ãã§ã«æèŠãè¿°ã¹ãŠãããç¬èªã®éçºã®æ¹åæ§ãæã£ãŠããããçç·Žãã人ã ã®ããã«ãããªãã¯ããªãèªèº«ã®ããã«æ°ãããã¯ãã«ãçºèŠããå¯èœæ§ã«æ £ããããšããå§ãããŸãã
ãããã§ãã·ã§ãã«åãã« ãæ°ãããCapture the FlagããçºèŠããŠãã ããã ãã®æ¹åã«ã¯è©³çŽ°ãªã¬ãã¥ãŒã¯ãããŸããã ããã¯ç¬ç«ããééã®ããã«æ®ããŸãã ïŒãã ããææãçµæããŸãã¯å ã®ãœãªã¥ãŒã·ã§ã³ãå ±æããããã©ã³ãã£ã¢ãããå Žåã¯ãèšäºã®å¥ã®ã»ã¯ã·ã§ã³ã«ããªãã®èããè¿œå ã§ããŸããè¿œå ã®ã¬ãã¥ãŒãšããŠãããŒããŒã«ã€ããŠèšåããŸãã
詳现ã¯ãã¡ããã芧ãã ããïŒ
çµæã®å
¬éã«èå³ããã人ã¯ããã®ã·ãªãŒãºã®èšäºã«ããããå«ããããšããå§ãããŸãã ããªãããå¿
èŠãªå ŽåïŒ
æäŸã§ãããã®ïŒïŒæ®å¿µãªãããå°ãïŒ
- 解決ããå®éšå®€äœæ¥ã®ã©ã®å±€ãå®èšŒãããã«ã€ããŠã®æ å ±ãæäŸããŸãã ïŒãããã誰ãã«ãã£ãŠæ¢ã«æž¡ãããŠããããã®äžã§è³æãæºåãããŠããŸãïŒ
- ãã®ã©ãã®ãŸãã«ãœãªã¥ãŒã·ã§ã³ã ãœãªã¥ãŒã·ã§ã³ã«ã¯ä»¥äžãå«ããå¿
èŠããããŸãã
- ãã®ã©ãã解決ããããã«å¿ èŠãªã³ãŒãã ïŒã»ãšãã©ã®å Žåããã§ã«ãµã€ãã«ãããŸããäžèŽããå Žåãã³ããŒããå¿ èŠã¯ãããŸããïŒ
- ã³ãŒãã«é¢ããã³ã¡ã³ãã çµå±ãå ã®ãœãªã¥ãŒã·ã§ã³ã䜿çšããå¯èœæ§ããããŸãã ãŸãã¯ãæ¡ä»¶ã«ãã£ãŠæäŸãããªã決å®ã ã¹ããŒãã¢ããããæéãšäººä»¶è²»ãåæžããŸãã
- å®éšå®€ã§ã®çµè«ã ã³ã¡ã³ãã®ææ¡ãããªãã®æèŠã¯äœã§ããã
- ãã®ã³ãŒã¹ã®ææã ïŒå€ãã®æ¹åæ§ããããã³ãã¥ããã£ïŒç§ãã¡ãå«ãïŒã¯ç¥èã«ãããŠããªãããå£ã£ãŠããå¯èœæ§ãããããïŒ
- ãããªçŽ æããã³/ãŸãã¯ã¹ã¯ãªãŒã³ã·ã§ãããå¿ èŠã§ãã
æäŸã§ãããã®ïŒïŒæ®å¿µãªãããå°ãïŒ
- å®éšå®€ã®ä»äºã®ééã«é¢ããäžè¬çãªèšäºã®ã³ã³ããã¹ãã§ããªãã®ææã®åºçã ïŒãã ããè³æãå¥ã®èšäºã«ååãªå Žåã¯ãç¹å¥ãªåé¡ãšããŠæ±ãããŸããïŒ
- ããªããããªãã®ãããã£ãŒã«ããŸãã¯ä»ã®ãªãœãŒã¹ãžã®ãªã³ã¯ïŒãªã¯ãšã¹ãã«å¿ããŠïŒ
- ãµãŒãã¹ãŸãã¯ãªãœãŒã¹ã®åºåèšåã èšäºã®åé ã èè ã«é¢ããã»ã¯ã·ã§ã³ã
- ã³ãã¥ããã£ã«å¯Ÿããå°æ¬ãšèªèã
- èšç»ïŒããªããåå ããå®éšå®€ã®ä»äºã®çµéã®ãããªãå ¬éãããšãã ããªããŸãã¯ããªãã®ãªãœãŒã¹ãžã®ãªã³ã¯ã ïŒèª¬æã®ãããªã®äžïŒ
èªã¿èŸŒã¿äž
ããã€ãã®çµ±èšïŒ
å·çæç¹ã§ãç 究æã®æ°ã¯505-664-700åããå¢å ããŠããŸãã

ã¹ã¯ãªãŒã³ã·ã§ãã


ã¡ãã¥ãŒããã°ãã確èªããŸãã
ãããã¯ãŒã¯åµå¯ | ãããã¯ãŒã¯ã€ã³ããªãžã§ã³ã¹ïŒã¹ãã£ã³ãæãäžè¬çãªãµãŒãã¹ïŒIMAPãµãŒããŒãDNSãSIEMãã©ãããã©ãŒã ãSMBãµãŒããŒãSSHãµãŒããŒãTelnetãµãŒããŒãªã©ïŒã«é¢ããæ å ±ã®åéã |
å®äžçã®Webã¢ã㪠| Webã¢ããªã±ãŒã·ã§ã³ïŒWebäžã®è匱æ§ãæªçšããŸãã SQLã€ã³ãžã§ã¯ã·ã§ã³ããã¡ã€ã«ã¢ããããŒããä¿åãããXSSãªã© |
ãã©ãã£ãã¯åæ | ãã©ãã£ãã¯åæïŒtsharkããã³Wi FIãå«ããã©ãã£ãã¯åæã®äœ¿çšæ¹æ³ãåŠç¿ããŸãã |
Webapp CVE | Webapp CVEïŒCVEã¿ã¹ã¯ã®ã»ããïŒå¹Žããšã«çŽ°ååãããéåžžã«äŸ¿å©ã§ãïŒ |
ã¡ã¿ã¹ããã€ã | Metasploitæ»æïŒmetasplitã®æäœã«é¢ããã€ã³ã¹ã¿ã³ã¹ã ããŒãã¯ç°ãªããŸãã |
æ»æçãªPython | Pythonæ»æïŒ |
ãããã¯ãŒã¯ãããã | ãããã¯ãŒã¯ãããã-æ£ãã翻蚳ã®å¯Ÿè±¡å€ |
å²ã | ã¯ã©ããã³ã°*ïŒ |
ã€ã³ãã©ã¹ãã©ã¯ãã£æ»æ | ãããã¯ãŒã¯ã€ã³ãã©ã¹ãã©ã¯ãã£ãžã®æ»æïŒãããã¯ãŒã¯ãµãŒãã¹ã®è匱æ§ãæªçšãã |
ç¹æš©ãšã¹ã«ã¬ãŒã·ã§ã³ | æš©éææ ŒïŒãã©ãããã©ãŒã å šäœã§æš©éãææ Œãããã€ã³ã¹ã¿ã³ã¹ã Linux /ãŠã§ã |
æ æã«è匱 | æå³çãªè匱æ§*ïŒ??? |
æ³å»åŠ | ãã©ã¬ã³ãžãã¯ïŒã»ãšãã©ã®å Žåããã°ã®åæãšãã°ãæäœããèœåã |
ãã¡ãŒã ãŠã§ã¢åæ | ãã¡ãŒã ãŠã§ã¢ã®åæïŒã«ãŒã¿ãŒã®ãã¡ãŒã ãŠã§ã¢ã®åæãããã¯ãã¢ãæ€çŽ¢ããŸãã |
ãªããŒã¹ãšã³ãžãã¢ãªã³ã° | ãªããŒã¹ãšã³ãžãã¢ãªã³ã°ïŒãã¹ã¯ãŒããšããŒãããã«ãããã€ã³ã¹ã¿ã³ã¹ã |
å®å šãªã³ãŒãã£ã³ã° | å®å šãªã³ãŒãã£ã³ã°ïŒæ°ããã»ã¯ã·ã§ã³ããŸã 圢æãããŠããŸã |
IoT | IoTïŒæ°ããã»ã¯ã·ã§ã³ããŸã 圢æãããŠããŸã |
æåŸã®2ã€ã®ãã€ã³ããæ¬åœã«å¥œãã§ããïŒïŒã»ãã¥ã¢ã³ãŒãã£ã³ã°ãšIoTïŒçç±ããããŸãã 以åã¯ããã¹ãçšã®åæ§ã®ç 究æãèŠãããšã¯ãããŸããã ïŒ2019幎2æ27æ¥ã«æ²èŒããããªãœãŒã¹-æ°é®®ïŒèªåã§è§£æ±ºããããšããå§ãããŸãã |
ã©ãåæïŒãããã¯ãŒã¯èª¿æŽ-Memcashed [çè«]
Memcachedã¯ãããã·ã¥ããŒãã«ããŒã¹ã®ããŒã¿ãã£ãã·ã¥ãµãŒãã¹ãå®è£ ãããœãããŠã§ã¢ã§ãã ã¯ã©ã€ã¢ã³ãã©ã€ãã©ãªã䜿çšãããšãå©çšå¯èœãªå€ãã®ãµãŒããŒã®RAMã«ããŒã¿ããã£ãã·ã¥ã§ããŸãïŒ wikiãŸãã¯ããå°ã詳现ãªhabr.comãåç § ïŒã
ãã®è£œåã®èå³ã¯äœã§ããããªããããªã«æ³šç®ãããŠããã®ã§ããïŒ
åé¡ã¯ããã®ã¢ããªã±ãŒã·ã§ã³ã§äœ¿çšããããããã³ã«ãUDPã§ããããããæ»æè ãã®å©çã®ããã«ãã®ããŒã«ã䜿çšããåçŽãã§ãã ãåç¥ã®ããã« ãTCPãããã³ã«ãšUDPãããã³ã«ã®éãã¯äœã§ããïŒäŸã«ã€ããŠå¿ããŠãã人ãæãåºãããŠãã ãã ïŒ otvet.mail / WikiãŸãã¯link ïŒã ã€ãŸã UDPã䜿çšãããšãåä¿¡è ããã¬ãŒã ããŒã¿ãåä¿¡ããããšãå¿é ããã«ããã¬ãŒã ããŒã¿ãéä¿¡ã§ããŸãã ãããŠæãéèŠãªããšã¯ãUDPãä»ããŠéä¿¡ãããããŒã¿ã®éã¯ãTCPãä»ããŠéä¿¡ãããããŒã¿ã®æ°åã§ãã
ãããããã®ãããªæ³šæã¯äœã§ããïŒ ãããŠãå®éã«ã¯ããããã¯ãŒã¯/ã€ã³ã¿ãŒããããä»ããŠãã®ãœãããŠã§ã¢ã«ã¢ã¯ã»ã¹ããå Žåã100 kbã®çä¿¡ãã±ãããµã€ãºã§ããŒã11211ã«ã¢ã¯ã»ã¹ããŸãã çãã¯1,000ã50,000åã§åŸãããŸãã ãããã 100 kbãéä¿¡ãããšã100,000 kbãè¿ãããŸãã è¯ãæ¯çïŒ æé«ïŒ
ããããå±éºã¯äœã§ããïŒ ãé¡ãããŸãã ãªããã®æ å ±ãå¿ èŠãªã®ã§ããïŒ
ããããåé¡ã¯ããã§ãããã©ãã£ãã¯ãå¶åŸ¡ããªãããŒã«ã«ãããã¯ãŒã¯ãéä¿¡äºæ¥è ã§ã¯ãIPã¹ããŒãã£ã³ã°ãªã©ã®æ»æãå¯èœã§ãã çºä¿¡IPã®çœ®æã ä»ããæªäººã¯ã ãããšããŠèªåèªèº«ã玹ä»ããã ãã§ãªãã圌ã«ä»£ãã£ãŠäœããã®æ å ±ãèŠæ±ããããšãã§ããŸãã
ãããŠãããã§ãããå€æããŸãïŒç»åã«ç°¡åã«ç€ºãããŠããŸãïŒïŒ

- IPã¹ããŒãã£ã³ã°ã䜿çšããæ»æè ãIPãã¹ããŒãã£ã³ã°ããŸãã IPãç ç²è ãã§ã
- MemcashedãµãŒããŒã«èŠæ±ãè¡ããŸãã IPã¢ãã¬ã¹ãå€æŽããã
- ãµãŒããŒã¯ãªã¯ãšã¹ãã«å¿çããŸãã ããããæ§èšŽã«å¯Ÿããåçã¯ãã§ã«ãç ç²è ãã«éãããŠããŸã
- ãç ç²è ãã¯ããªã¯ãšã¹ãã®ãµã€ãºã®100åã®å¿çãåãåããŸãã
ãã®çµæããã®ãããªãªã¯ãšã¹ã/ã¬ã¹ãã³ã¹ãå€æ°çºçããŸãã DosãŸãã¯DDosæ»æã¯ããŸã³ããã·ã³ã®æ°ã«å¿ããŠçºçããå ŽåããããŸãã
詳现ã«ã€ããŠã¯ã securitylab ã xakep.ru ã 360totalsecurityãåç §ããŠãã ããã
ãŸãã¯ãGoogleã§æ€çŽ¢ããŸãã
ç·©åçïŒ MemcachedãµãŒããŒã®è匱æ§ãä¿®æ£ããæ¹æ³
MemcachedãµãŒããŒããªãã¬ã¯ã¿ãŒãšããŠæªçšãããªãããã«ããæãç°¡åãªæ¹æ³ã®1ã€ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããŠãœãŒã¹ããŒã11211ã§UDPé床ããããã¯ãŸãã¯å¶éããããšã§ãã IPã¹ããŒãã£ã³ã°ãã€ã³ã¿ãŒãããã§èš±å¯ãããŠããå ŽåãMemcachedãä»ããæ»æã¯ãã€ã³ã¿ãŒããããµãŒãã¹ãããã€ããŒïŒISPïŒã«ãã£ãŠç°¡åã«é»æ¢ããããšã¯ã§ããŸããã
nmapã䜿çšããŠãµãŒãã¹ãèŠã€ããäŸïŒæãåççãªæ¹æ³ã§ã¯ãããŸããïŒ
nmap 192.168.1.1 -p 11211 -sU -sS --script memcached-info
ãã®äžé£ã®ã©ãäœæ¥ã§ã¯ãMemcashedãµãŒãã¹ã®åçŽãªã€ã³ããªãžã§ã³ã¹æ©èœã«æ £ããããšãã§ããŸãã Metasploitå µåšåº«ã®ããŒã«ã圱é¿ãåããå Žæã ãããŠãæšæºã®Linuxã·ã¹ãã ã³ãã³ãã ããã»ã©è€éã§æ®éã§ã¯ãããŸããã
ã©ãåæ[æŒç¿]
[ã¡ãã¥ãŒ]
åã©ãäœæ¥ã«ã¯ã¡ãã¥ãŒé ç®ããããŸãã
1.å²ãåœãŠ
2.ã«ãŒã«
3.ã¿ã¹ã¯ãžã®åç
4.解決ã®ãã³ãã ïŒå¿ ããããã¹ãŠã®ã©ãã§ã¯ãããŸããïŒ
5.èªã¿åãã®åç §ïŒEnã®ã¿ïŒ
[å²ãåœãŠ]
1. nmapã䜿çšããŠmemcachedãµãŒããŒã®ããŒãžã§ã³ãèŠã€ããŸãã
2. netcatãŸãã¯telnetã䜿çšããŠããŒãžã§ã³æ å ±ãèŠã€ããŸãã
3. memcachedãµãŒããŒãèš±å¯ããåæçä¿¡æ¥ç¶ã®æ倧æ°ã確èªãã䜿çšå¯èœãªnmapã¹ã¯ãªããã䜿çšããŸãã
4. memcstatã䜿çšããŠãmemcachedãµãŒããŒäžã®çŸåšã®ã¢ã€ãã ã®æ°ãèŠã€ããŸãã
5.å©çšå¯èœãªmetasploitã¢ãžã¥ãŒã«ã«ãã£ãŠãã³ããããããŒãšå€ã®ãã¢ããããŒããã©ã°ãã«ä¿åãããŠããå€ãèŠã€ããŸãã
6. memcdumpã䜿çšããŠãmemcachedãµãŒããŒã«ååšãããã¹ãŠã®ããŒã®ååãèŠã€ããŸãã
[éå§]

ãLad linkããã¯ãªãã¯ãããšãæ°ãããŠã£ã³ããŠãéããkali linuxã¿ãŒããã«ã衚瀺ãããŸã

ãããããªãã®ã¡ã€ã³ãŠã£ã³ããŠã«ãªããŸãã ïŒä»®æ³ãã·ã³ã§ã¯ãããŸããããã¹ãŠãæ¢ã«ã€ã³ã¹ããŒã«ãããæ§æãããŠããŸããã©ãã®ãã¹ãŠã®ã¹ã¯ãªããã¯æ¢ã«å éšã«ãããŸããããŠã³ããŒããæ€çŽ¢ãäœããçºæããå¿ èŠã¯ãããŸããïŒïŒ ååãšããŠïŒåžžã«ã§ã¯ãªããïŒãããªã¢ã«ãã¹ã¯ãªãããããã³ããŒã¿ããŒã¹ã¯ã«ãŒããã©ã«ããŒã«ããããŸãã¯èªå® ã§ã
ã¿ã¹ã¯1ïŒ nmapã䜿çšããŠmemcachedãµãŒããŒã®ããŒãžã§ã³ãèŠã€ããŸãã
ãã³ãã¯æ¢ã«äžããããŠããŸãã nmapã䜿çšããŸã
Nmap âp 11211 ipaddress âsV âp . 11211 -sV â

nmapã®è©³çŽ°ã«ã€ããŠã¯ãèšäºã®æåŸãã芧ãã ããã ã»ã¯ã·ã§ã³Extrasã ææã ããã«ãããŒãããã眮ããŸãã
çµæïŒ 1.5.12ïŒã©ãã§1.5.6ãæžããåç-ããç¥ã£ãŠããïŒ
ã¿ã¹ã¯2ïŒ netcatãŸãã¯telnetã䜿çšããŠããŒãžã§ã³æ å ±ãæ€çŽ¢ããŸãã
圌ããå°ããªãã£ãéïŒ

ãŸã è¿äºããããŸããã
çµæïŒçµæã®ååŸã«å€±æããŸããã
ã¿ã¹ã¯3ïŒå©çšå¯èœãªnmapã¹ã¯ãªããã䜿çšããããã«memcachedãµãŒããŒãèš±å¯ããåæçä¿¡æ¥ç¶ã®æ倧æ°ãèŠã€ããŸãã
ãã³ãïŒ Googleæ€çŽ¢ïŒmemcached nmap

ãªã³ã¯ããã©ããšãmemcacheã«é¢ããæ å ±ãèŠã€ããããã®æ¢è£œã®ãœãªã¥ãŒã·ã§ã³ãæ¢ã«ããããšãããããŸãã ãã¹ãŠã®ã¹ã¯ãªãããæ¢ã«ã€ã³ã¹ããŒã«ãããŠããããšãä¿èšŒãããŠããããã次ã®ããšãè©Šã¿ãŸãã
Nmap âp 111211 âscript memcached-info 182.220.144.3

çµæïŒ 2147
ã¿ã¹ã¯4ïŒ memcstatã䜿çšããŠãmemcachedãµãŒããŒäžã®çŸåšã®ã¢ã€ãã ã®æ°ãèŠã€ããŸãã


memcstat âh memcstat --servers=âIPâ
çµæïŒ curr_itemsïŒ10
ã¿ã¹ã¯5ïŒå©çšå¯èœãªmetasploitã¢ãžã¥ãŒã«ã«ãã£ãŠãªã»ãããããããŒå€ã®ãã¢ããããã©ã°ãããŒã«ä¿åãããŠããå€ãèŠã€ãã

use auxiliary/gather/memcached_extractor show options set rhosts 192.220.144.3 run
ã¹ã¯ãªããã®å¿çïŒãã©ã° "VALUE flag 0 32 \ r \ n25c8dc1c75c9965dff9afd3c8ced2775 \ r \ nEND \ r \ n"
çµæïŒ ãVALUEãã©ã°0 32 \ r \ n25c8dc1c75c9965dff9afd3c8ced2775 \ r \ nEND \ r \ nã
ïŒ25c8dc1c75c9965dff9afd3c8ced2775ïŒååãšããŠãåãããšã
ã¿ã¹ã¯6ïŒ memcdumpã䜿çšããŠãmemcachedãµãŒããŒäžã®ãã¹ãŠã®ããŒã®ååãèŠã€ããŸãã
ãã³ãïŒãã§ã«ç¥ã£ãŠããŸãã åã®ã¿ã¹ã¯ã®metasplitã®å©ããåããŠã ãŸããç§ãã¡ã¯ãŸã èŠãããšãã§ããŸãïŒ
root@attackdefense:~# memcdump 192.220.144.3
ãã©ã°ããã¹ã¯ãŒããåœãéµäŸ¿çªå·ãå·ãéœåžãäœæãããã¯ããŒã ãã©ã¹ãããŒã ããã¡ãŒã¹ãããŒã

çµæïŒãã©ã°ããã¹ã¯ãŒããåœãéµäŸ¿çªå·ãå·ãåžãäœæãããã¯ããŒã ãã©ã¹ãããŒã ããã¡ãŒã¹ãããŒã
ã¿ã¹ã¯7ïŒ memcached-toolã䜿çšããŠããfirst_nameãããŒã«ä¿åãããŠããå€ãèŠã€ããŸãã
memcached-toolã䜿ã£ãŠèªåã§è©ŠããŠã¿ãã
çµæïŒããããçãã¯åãã«ãªããŸãïŒãžããŒ
ã©ããã£ãŠç¥ããŸãããïŒ ãçµæ5ãã®ã¹ã¯ãªãŒã³ã·ã§ãããèŠãŠãã ããã
ãŸãšãããš
1.ãã®ã©ãã«ã€ããŠ
èŠãŠããããã«ãå²ãåœãŠãããã¿ã¹ã¯ã解決ããããã®ã¢ãããŒããããã€ãããïŒè³ªå5ã6ãããã³7ã§ã¯ã£ãããšããããŸãïŒãæãéèŠãªããšã¯ãããªãã®æéã¯ãœãªã¥ãŒã·ã§ã³ã®éžæã«äŸåããŸãã
æ®å¿µãªãããç§ã¯ãŸã ã¿ã¹ã¯çªå·2ã®æ¬è³ªãç解ããŠããŸããã§ããã ããããæ®å¿µãªãããç§ã¯æåããŸããã§ããïŒ
2.ãªãœãŒã¹å šäœã«ã€ããŠã
ãã®ãªãœãŒã¹ãæ°ã«å ¥ã£ãç¹ïŒ
ãã¿ãã¬èŠåºã
1.ããŸããŸãªãããã¯ã«é¢ããå€ãã®å®éšå®€äœæ¥
2.ãã®æ»æãŸãã¯ãã®æ»æã®ããã«ããŸããŸãªãŠãŒãã£ãªãã£ãæ¢ãå¿ èŠã¯ãããŸããã ïŒãã¹ãŠãæ¢ã«ã©ãã«ãããŸãïŒ
3.ããŒããŠã§ã¢ã«ä»®æ³ã€ã¡ãŒãž/ã³ã³ãããå±éããå¿ èŠã¯ãããŸããã ãããŠããã«æéããããŸãã ïŒå€ãã®æéãç¯çŽããŸãïŒ
4.ãã¹ãŠããã©ãŠã¶ãä»ããŠæ©èœããŸãã ããããã®ä»ã®ãŠãŒãã£ãªãã£ãæå ã«çšæããå¿ èŠã¯ãããŸããã ãã§ã«ããããã¹ãŠæã£ãŠããŸã
5.ç¡æïŒ
6.ç¶ç¶çãªæŽæ°ïŒæçµæŽæ°+ 160ã®å®éšå®€äœæ¥ãïŒ
7.åã©ãã«ã¯åçããããŸãã çµæãããããªãå Žåã§ããèªåã§ãã¹ãã§ããŸãã
8.å®å šïŒ æ³åŸã§çœ°ããããŸããã ïŒå£ããªãå ŽåïŒ
9.å®è¡æéãšè©Šè¡åæ°ã«å¶éã¯ãããŸããã ïŒç§ã¯åãã€ããŠããŸã-ãããŸãããããã詳现ã«ã€ããŠã¯ããããžã§ã¯ãã®çæãåç §ããŠãã ããïŒ
10.ãããŠããã®ãããžã§ã¯ããç§ã倢äžã«ãããæãéèŠãªããšã ãšæããŸãã ããã¯ãæ°ããåéãç¬èªã«æ¢æ±ããæ©äŒã§ãã æ¢æã®ãœãªã¥ãŒã·ã§ã³ã¯ãããŸãããïŒã©ãã«ã¯æãããããããŸãïŒãç¹å®ã®çµæãæåŸ ãããæ¹åã®ã¿ããããŸãã
11.ã©ãã®äžéšã«äžç·ã«è¡ãããšãã§ããŸãã
12. CSFããããŸãã
2.ãã®æ»æãŸãã¯ãã®æ»æã®ããã«ããŸããŸãªãŠãŒãã£ãªãã£ãæ¢ãå¿ èŠã¯ãããŸããã ïŒãã¹ãŠãæ¢ã«ã©ãã«ãããŸãïŒ
3.ããŒããŠã§ã¢ã«ä»®æ³ã€ã¡ãŒãž/ã³ã³ãããå±éããå¿ èŠã¯ãããŸããã ãããŠããã«æéããããŸãã ïŒå€ãã®æéãç¯çŽããŸãïŒ
4.ãã¹ãŠããã©ãŠã¶ãä»ããŠæ©èœããŸãã ããããã®ä»ã®ãŠãŒãã£ãªãã£ãæå ã«çšæããå¿ èŠã¯ãããŸããã ãã§ã«ããããã¹ãŠæã£ãŠããŸã
5.ç¡æïŒ
6.ç¶ç¶çãªæŽæ°ïŒæçµæŽæ°+ 160ã®å®éšå®€äœæ¥ãïŒ
7.åã©ãã«ã¯åçããããŸãã çµæãããããªãå Žåã§ããèªåã§ãã¹ãã§ããŸãã
8.å®å šïŒ æ³åŸã§çœ°ããããŸããã ïŒå£ããªãå ŽåïŒ
9.å®è¡æéãšè©Šè¡åæ°ã«å¶éã¯ãããŸããã ïŒç§ã¯åãã€ããŠããŸã-ãããŸãããããã詳现ã«ã€ããŠã¯ããããžã§ã¯ãã®çæãåç §ããŠãã ããïŒ
10.ãããŠããã®ãããžã§ã¯ããç§ã倢äžã«ãããæãéèŠãªããšã ãšæããŸãã ããã¯ãæ°ããåéãç¬èªã«æ¢æ±ããæ©äŒã§ãã æ¢æã®ãœãªã¥ãŒã·ã§ã³ã¯ãããŸãããïŒã©ãã«ã¯æãããããããŸãïŒãç¹å®ã®çµæãæåŸ ãããæ¹åã®ã¿ããããŸãã
11.ã©ãã®äžéšã«äžç·ã«è¡ãããšãã§ããŸãã
12. CSFããããŸãã
æ°ã«å ¥ããªãã£ããã®ïŒ
ãã¿ãã¬èŠåºã
1.ã€ã³ã¹ã¿ã³ã¹ã®èµ·åæ°ã®å¶éã 1æ¥ã«èµ·åããã€ã³ã¹ã¿ã³ã¹ã¯10åã®ã¿ã§ãã
2.çµæã®ããã€ãã¯ããµã€ãã®åçãšäžèŽããŸãã
3.ãã·ã¢èªã®ãµããŒãã¯ãããŸããã
4.åã€ã³ã¹ã¿ã³ã¹ã«å²ãåœãŠããã匱ãéã ïŒã³ãã³ãã¯ãŸã é·æéåŠçãããŸãïŒ
5.ã³ã³ãœãŒã«ã¯ãäžå®æéåŸã«æ¥ç¶ãçµäºããŸãã åéããå¿ èŠããããŸãã
2.çµæã®ããã€ãã¯ããµã€ãã®åçãšäžèŽããŸãã
3.ãã·ã¢èªã®ãµããŒãã¯ãããŸããã
4.åã€ã³ã¹ã¿ã³ã¹ã«å²ãåœãŠããã匱ãéã ïŒã³ãã³ãã¯ãŸã é·æéåŠçãããŸãïŒ
5.ã³ã³ãœãŒã«ã¯ãäžå®æéåŸã«æ¥ç¶ãçµäºããŸãã åéããå¿ èŠããããŸãã
è¿œå ããŸãã çŽ æ
ãã³nmap ïŒ
ããŒãã·ãŒã ïŒ
ãã³ã»ã©ã¹ã»ãããã
èè ããã®PSè¿œå ïŒ
å¿
èŠãªãµãŒãã¹ãèŠã€ããããã®ãµã€ã