Archive for Dev. (junyup2)

์ง€์‹์„ ์ฑ„์›Œ๊ฐ€๋Š” ใ€Ž๊ฐœ๋ฐœ์ž/ํ™”์ดํŠธํ•ด์ปคใ€๋ฅผ ๋ชฉํ‘œ๋กœ ์ •๋ฆฌํ•˜๋Š” ๋ธ”๋กœ๊ทธ

login 7

[SegFault] (Authentication Bypass) - Secret Login

[SegFault] Authentication Bypass (Login) Secret Login. ๊ด€๋ฆฌ์ž ๊ณ„์ •์œผ๋กœ ๋กœ๊ทธ์ธํ•˜์ž! ๊ทธ๋Ÿฐ๋ฐ... ๊ด€๋ฆฌ์ž ๊ณ„์ •์ด ๋ญ”์ง€ ๋ชจ๋ฅธ๋‹ค..!? ๋ฌธ์ œ ํŒŒ์•… ์œ„์˜ ํŽ˜์ด์ง€์— ์ ‘์†ํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ํ™”๋ฉด์ด ๋‚˜์˜จ๋‹ค. ์•Œ๊ณ  ์žˆ๋Š” ๊ณ„์ • : [ID/PW] : doldol / dol1234 ๋กœ๊ทธ์ธ ๊ณผ์ •์˜ ๊ตฌ์กฐ๋ฅผ ์•Œ๊ธฐ ์œ„ํ•ด, ์•Œ๊ณ  ์žˆ๋Š” ์ •๋ณด๋กœ ๋กœ๊ทธ์ธ ํ•ด๋ณธ๋‹ค. ์ƒ๊ฐ ๊ณผ์ • 1. ๋กœ๊ทธ์ธ ํ•˜์˜€์„ ๋•Œ ํŠน๋ณ„ํ•œ ์ ์ด ๋ณด์ด์ง€ ์•Š๋Š”๋‹ค. 2. SQL Injection์ด ๊ฐ€๋Šฅํ•œ๊ฐ€? Yes -> doldol'and'1'='1 / dol1234 ๋กœ ๋กœ๊ทธ์ธ ์‹œ๋„ : ์„ฑ๊ณต 3. 'or'1'='1 ๋กœ ์‹œ๋„ ๊ด€๋ฆฌ์ž ๊ณ„์ •์— ๋Œ€ํ•œ ์ •๋ณด๊ฐ€ ์—†๋‹ค. ๊ทธ๋Ÿฌ๋ฏ€๋กœ ์ „์ฒด ๋ฐ์ดํ„ฐ๋ฅผ ์กฐํšŒํ•˜๋Š” ๊ฒƒ์„ ๋ชฉํ‘œ๋กœ ํ•˜์ž. 3-1. doldol'or'1'..

[SegFault] (Authentication Bypass) - Login Bypass 5

[SegFault] Authentication Bypass (Login) Login Bypass 5. normaltic5 ๋กœ ๋กœ๊ทธ์ธํ•˜์ž! ๋ฌธ์ œ ํŒŒ์•… ์œ„์˜ ํŽ˜์ด์ง€์— ์ ‘์†ํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ํ™”๋ฉด์ด ๋‚˜์˜จ๋‹ค. ์•Œ๊ณ  ์žˆ๋Š” ๊ณ„์ • : [ID/PW] : doldol / dol1234 ๋กœ๊ทธ์ธ ๊ณผ์ •์˜ ๊ตฌ์กฐ๋ฅผ ์•Œ๊ธฐ ์œ„ํ•ด, ์•Œ๊ณ  ์žˆ๋Š” ์ •๋ณด๋กœ ๋กœ๊ทธ์ธ ํ•ด๋ณธ๋‹ค. ๋กœ๊ทธ์ธ ํ›„์˜ index ํŽ˜์ด์ง€์˜ ์š”์ฒญ์„ ํ™•์ธํ•ด๋ณธ๋‹ค. ์œ„์˜ ์š”์ฒญ์„ ํ™•์ธํ•ด๋ณด๋ฉด ์ฟ ํ‚ค(Cookie)์— loginUser๋ผ๊ณ  ํ•˜๋Š” ํŒŒ๋ผ๋ฏธํ„ฐ(Params)๊ฐ€ ์กด์žฌํ•œ๋‹ค. ํ•ด๋‹น ํŒŒ๋ผ๋ฏธํ„ฐ์˜ ์ž…๋ ฅ๊ฐ’์€ doldol, ์ฆ‰ ๋กœ๊ทธ์ธํ•œ ์œ ์ €๋ช…๊ณผ ๊ฐ™๋‹ค๋Š” ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค. ์ƒ๊ฐ ๊ณผ์ • ์ฟ ํ‚ค์— loginUser = doldol ์ด๋ผ๊ณ  ํ•˜๋Š” ํŒŒ๋ผ๋ฏธํ„ฐ๊ฐ€ ๋กœ๊ทธ์ธ ํ›„์— ํ™•์ธ๋œ๋‹ค. ์ฟ ํ‚ค๋Š” ์‰ฝ๊ฒŒ ๋ณ€์กฐ๊ฐ€ ๊ฐ€๋Šฅํ•˜๊ธฐ ๋•Œ..

[SegFault] (Authentication Bypass) - Login Bypass 4

[SegFault] Authentication Bypass (Login) Login Bypass 4. normaltic4 ๋กœ ๋กœ๊ทธ์ธํ•˜์ž! ๋ฌธ์ œํŒŒ์•… ์œ„์˜ ํŽ˜์ด์ง€์— ์ ‘์†ํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ํ™”๋ฉด์ด ๋‚˜์˜จ๋‹ค. ์•Œ๊ณ  ์žˆ๋Š” ๊ณ„์ • : [ID/PW] : doldol / dol1234 ํ•ด๋‹น ๊ณ„์ •์œผ๋กœ ๋กœ๊ทธ์ธํ•˜์—ฌ ํ™•์ธํ•ด๋ณธ๋‹ค. ๋กœ๊ทธ์ธ ๊ณผ์ •์˜ ๊ตฌ์กฐ๋ฅผ ์•Œ๊ธฐ ์œ„ํ•ด, ์•Œ๊ณ  ์žˆ๋Š” ์ •๋ณด๋กœ ๋กœ๊ทธ์ธ ํ•ด๋ณธ๋‹ค. ์ƒ๊ฐ๊ณผ์ • 1. SQL Injection์ด ๊ฐ€๋Šฅํ•œ๊ฐ€? Yes -> doldol'and'1'='1 / dol1234๋กœ ๋กœ๊ทธ์ธ ์‹œ๋„ : ์„ฑ๊ณต 2. ์–ด๋–ค ๋กœ์ง์œผ๋กœ ์ด๋ฃจ์–ด์ ธ ์žˆ์„๊นŒ? 2-1. ์‹๋ณ„/์ธ์ฆ ๋™์‹œ normaltic3'or'1'='1 ์‹œ๋„ : ์‹คํŒจ(Fail) 2-2. or ํ•„ํ„ฐ๋ง normaltic'# / dol1234 ์‹œ๋„ : ์‹คํŒจ 2-3..

[SegFault] (Authentication Bypass) - Login Bypass 3

[SegFault] Authentication Bypass (Login) Login Bypass 3. normaltic3 ๋กœ ๋กœ๊ทธ์ธํ•˜์ž! ๋ฌธ์ œ ํŒŒ์•… ์œ„์˜ ํŽ˜์ด์ง€์— ์ ‘์†ํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ํ™”๋ฉด์ด ๋‚˜์˜ด ์•Œ๊ณ  ์žˆ๋Š” ๊ณ„์ • : [ID/PW] : doldol / dol1234 Burp Suite์„ ์ด์šฉํ•˜์—ฌ ์‚ฌ์ดํŠธ ์ ‘์† ๊ณผ์ •์˜ ์ƒํƒœ์ฝ”๋“œ(Status code) ํ™•์ธํ•œ๋‹ค. 302 Found 200 OK ๋กœ๊ทธ์ธ ๊ณผ์ •์˜ ๊ตฌ์กฐ๋ฅผ ์•Œ๊ธฐ ์œ„ํ•ด, ์•Œ๊ณ  ์žˆ๋Š” ์ •๋ณด๋กœ ๋กœ๊ทธ์ธ ํ•ด๋ณธ๋‹ค. ๋กœ๊ทธ์ธ ๊ณผ์ •์˜ ํžˆ์Šคํ† ๋ฆฌ(HTTP history), ์ƒํƒœ์ฝ”๋“œ(Status code) ํ™•์ธํ•œ๋‹ค. 302 Found - Params ํ™•์ธ 200 OK ์š”์ฒญ(Request)์„ ์‚ดํŽด๋ณด์ž ! /login3/login.php ๊ฒฝ๋กœ์— post ๋ฉ”์„œ๋“œ๋กœ ํŒŒ๋ผ๋ฏธํ„ฐ UserI..

[SegFault] (Authentication Bypass) - Login Bypass 2

[SegFault] Authentication Bypass (Login) Login Bypass 2. normaltic2 ๋กœ ๋กœ๊ทธ์ธํ•˜์ž! ๋ฌธ์ œ ํŒŒ์•… ์œ„์˜ ํŽ˜์ด์ง€์— ์ ‘์†ํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ํ™”๋ฉด์ด ๋‚˜์˜จ๋‹ค. ์•Œ๊ณ  ์žˆ๋Š” ๊ณ„์ • : [ID/PW] : doldol / dol1234 Burp Suite์„ ์ด์šฉํ•˜์—ฌ ์‚ฌ์ดํŠธ ์ ‘์† ๊ณผ์ •์˜ ์ƒํƒœ์ฝ”๋“œ(Status code) ํ™•์ธํ•œ๋‹ค. 200 OK ๋กœ๊ทธ์ธ ๊ณผ์ •์˜ ๊ตฌ์กฐ๋ฅผ ์•Œ๊ธฐ ์œ„ํ•ด, ์šฐ์„  ์•Œ๊ณ  ์žˆ๋Š” ์ •๋ณด๋กœ ๋กœ๊ทธ์ธ ํ•ด๋ณธ๋‹ค. ๋กœ๊ทธ์ธ ๊ณผ์ •์˜ ํžˆ์Šคํ† ๋ฆฌ(HTTP history), ์ƒํƒœ์ฝ”๋“œ(Status code) ํ™•์ธํ•œ๋‹ค. 302 Found 200 OK ์š”์ฒญ(Request)์„ ์‚ดํŽด๋ณด์ž ! /login2/login.php ๊ฒฝ๋กœ์— post๋ฉ”์„œ๋“œ๋กœ ํŒŒ๋ผ๋ฏธํ„ฐ UserId=doldol&Password=..

[SegFault] (Authentication Bypass) - Login Bypass 1

[SegFault] Authentication Bypass (Login) Login Bypass 1. normaltic1 ๋กœ ๋กœ๊ทธ์ธํ•˜์ž! ๋ฌธ์ œ ํŒŒ์•… ์œ„์˜ ํŽ˜์ด์ง€์— ์ ‘์†ํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ํ™”๋ฉด์ด ๋‚˜์˜จ๋‹ค. ์•Œ๊ณ  ์žˆ๋Š” ๊ณ„์ • : [ID/PW] : doldol / dol1234 Burp Suite์„ ์ด์šฉํ•˜์—ฌ ์‚ฌ์ดํŠธ ์ ‘์† ๊ณผ์ •์˜ ์ƒํƒœ์ฝ”๋“œ(Status code) ํ™•์ธํ•œ๋‹ค. 302 Found 200 OK ๋กœ๊ทธ์ธ ๊ณผ์ •์˜ ๊ตฌ์กฐ๋ฅผ ์•Œ๊ธฐ ์œ„ํ•ด, ์•Œ๊ณ  ์žˆ๋Š” ์ •๋ณด๋กœ ๋กœ๊ทธ์ธ์„ ์‹œ๋„ ํ•ด๋ณธ๋‹ค. 302 Found 200 OK ์œ„์˜ ๋‘ history์— ๋Œ€ํ•œ ์š”์ฒญ(Request)์„ ์‚ดํŽด๋ณด์ž ! ์š”์ฒญ(Requset)์—์„œ POST ๋ฉ”์„œ๋“œ๋ฅผ ์ด์šฉํ•˜์—ฌ /login1/login.php ๊ฒฝ๋กœ์— ํŒŒ๋ผ๋ฏธํ„ฐUserId=doldol&Password=dol12..

[๊ณผ์ œ] 03์ฃผ์ฐจ(3-2) JWT ๊ตฌํ˜„ - jwt ๊ทœ๊ฒฉ์— ์–ด๊ธ‹๋‚จ

๋ชจ์˜ ํ•ดํ‚น ์Šคํ„ฐ๋”” - 3์ฃผ์ฐจ ๊ณผ์ œ (3-2) JWT ๊ตฌํ˜„(๋กœ๊ทธ์ธ ์œ ์ง€) ๋ฌธ์ œ์  ๋ฐœ๊ฒฌ ๊ธฐ์กด์˜ ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€์˜ Develop ๊ณผ์ œ ๋ชจ์˜ ํ•ดํ‚น ์Šคํ„ฐ๋”” - 3์ฃผ์ฐจ ๊ณผ์ œ(1) ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€ ๋ณด์™„ ๋ชจ์˜ ํ•ดํ‚น ์Šคํ„ฐ๋”” - ๊ณผ์ œ 03์ฃผ์ฐจ(1) ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€ ๋ณด์™„ ๋ชจ์˜ ํ•ดํ‚น ์Šคํ„ฐ๋”” - ๊ณผ์ œ 03์ฃผ์ฐจ(1) ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€ ๋ณด์™„ ๋ชจ์˜ ํ•ดํ‚น ์Šคํ„ฐ๋”” - 2์ฃผ์ฐจ ๊ณผ์ œ (๋งˆ์ดํŽ˜์ด์ง€ - ๋‚˜์˜ ์ •๋ณด) ๋ชจ์˜ ํ•ดํ‚น ์Šคํ„ฐ๋”” - ๊ณผ์ œ 02์ฃผ์ฐจ(3) (๋งˆ์ดํŽ˜์ด์ง€ - ๋‚˜์˜ ์ •๋ณด) ๋ชจ์˜ ํ•ดํ‚น ์Šคํ„ฐ๋”” - 2์ฃผ codegear-archive.tistory.com ์œ„์˜ ๊ณผ์ œ๋ถ€ํ„ฐ JWT๋ฅผ ์‚ฌ์šฉ, ์ด์ „์—๋Š” ์„ธ์…˜(SESSION)์„ ์ด์šฉ (๊ธฐ์กด์˜ ๊ณผ์ œ ์ง„ํ–‰์— ์žˆ์–ด GET์„ ์ด์šฉํ•˜์—ฌ ๋‹ค๋ฅธ ํŽ˜์ด์ง€๋กœ ์ •๋ณด๋ฅผ ๋ณด๋‚ด๋ ค ํ–ˆ์Œ) ๋ณด์•ˆ์ ์ธ ๋ฌธ์ œ๋งŒ ๋ฐœ์ƒํ•  ๋ฟ, JWT๋ฅผ ์ด์šฉํ•˜์—ฌ..