POC \uc606 \uc774\ubca4\ud2b8\ud640\uc5d0\uc11c \uc9c4\ud589\ub41c Hack The Packet \ub300\ud68c\uc758 \uccab\uc778\uc0c1\uc740..<\/p>\n
\uc30d\ucf64\ud558\ub2e4?\u314b\u314b<\/p>\n
\ub300\ubd80\ubd84\uc774 \ub300\ud559\uc0dd \uac19\uc544 \ubcf4\uc774\uace0, \ub354 \uc5b4\ub9b0 \uace0\ub4f1\ud559\uc0dd\ub3c4 \uc788\ub294 \uac83 \uac19\uc558\ub2e4..<\/p>\n
\uc774\ubca4\ud2b8\ud640 \uc785\uad6c\uc5d0 \ub4e4\uc5b4\uac00\uc790 \ub9c8\uc790 \ubcf4\uc774\ub294 \uc774\uc0c1\ud55c \uc870\ud615\ubb3c\ub4e4.. \uadf8\ub9ac\uace0 \uc880 \uc548\ucabd\uc5d0\ub294 \ub610 \ub2e4\ub978 \ud574\ud0b9\ub300\ud68c\uac00..(Power of XX : \uc5ec\uc131\ud574\ud0b9\ubc29\uc5b4\ub300\ud68c) \uadf8\ub9ac\uace0 \uadf8\uc678\uc5d0\ub3c4 \uba87\uba87 \uc774\ubca4\ud2b8\uac00 \uc788\ub294\uac83 \uac19\uc558\ub2e4.(Hack The Packet \uc606\uc5d0\ub294 \ucd94\uc5b5\uc758 \ud38c\ud504?\ub3c4 \uc788\uc5c8\ub2e4)<\/p>\n Hack The Packet\uc740 \ub79c \ucf00\uc774\ube14\uacfc \uc804\uc6d0\ub4f1\uc758 \uc900\ube44\ub85c 14\uc2dc 30\ubd84\ubd80\ud130 \uc2dc\uc791\ub410\ub2e4..<\/p>\n IP\ub294 \uc608\uc120\uc804 \ub4f1\uc218\ub85c \ud560\ub2f9(\ub09c \uc608\uc120\uc804 19\ub4f1\uc73c\ub85c 192.168.0.119 \uc0ac\uc6a9\u314b)\ud574\uc8fc\uc5c8\uace0, \ud3d0\uc1c4\ub9dd\uc5d0\uc11c \ud328\ud0b7\uc744 \uc2a4\ub2c8\ud551\ud558\uba74\uc11c \ubb38\uc81c\ub97c \ud478\ub294 \ubc29\uc2dd\uc73c\ub85c \uc9c4\ud589\ub418\uc5c8\ub2e4.<\/p>\n \uc77c\ub2e8 \uc26c\uc6b4 \ubb38\uc81c \uba3c\uc800 \ud480\ub824\uace0 tistory\ub97c \uac80\uc0c9\ud574\ubcf4\uc558\ub294\ub370 \uc0dd\uac01\ucc98\ub7fc \uc27d\uac8c \ub098\uc624\uc9c0 \uc54a\uc558\ub2e4.. \uc608\uc120\uacfc \ub2e4\ub974\uac8c \ud328\ud0b7\ucea1\uccd0\ub97c \ud558\uba74\uc11c \ubb38\uc81c\ub97c \ud480\uc5b4\uc57c \ud558\ub294 \uc0c1\ud669\uc774\ub77c \ud328\ud0b7\uc774 \uc5c6\uc5b4\uc11c \uac80\uc0c9\uc774 \uc548\ub418\ub294\uc9c0, \uc788\ub294\ub370 \ud544\ud130\ub97c \uc798\ubabb\uac74\uac83\uc778\uc9c0 \ud310\ub2e8\ud558\uae30\uac00 \ud798\ub4e4\uc5c8\ub2e4..<\/p>\n \uc77c\ub2e8 \ud480 \uc218 \uc788\ub294 \ubb38\uc81c\ub97c \uba3c\uc800 \ud478\ub294 \uac78\ub85c \uc791\uc804\uc744 \ubc14\uafb8\uace0 \uc27d\uac8c \uc811\uadfc\ud560\uc218 \uc788\ub294 \ubb38\uc81c\ubd80\ud130 \uac80\uc0c9\ud574\ubcf4\uae30 \uc2dc\uc791\ud588\ub2e4..<\/p>\n \uc81c\uc77c \ud655\uc2e4\ud55c \ud0a4\uc6cc\ub4dc\ub97c \uc544\ub294 \ubb38\uc81c\uc778 M3 Apache Struts2 \ucde8\uc57d\uc810 \ubb38\uc81c\ub97c \uba3c\uc800 \ucc3e\uc544\ubd24\ub2e4. \uc0b4\ud3b4\ubcf4\ub2c8 \ubc11\uc5d0 \ubd80\ubd84\uc5d0 K@E_Y:3300-69042-4240 \uc774 \uc788\uc5b4 \ub2f5\uc774\ub2e4 \uc2f6\uc5b4\uc11c \uc785\ub825\ud588\ub354\ub2c8, \uc544\ub2c8\ub77c\uace0\ud55c\ub2e4..\u3160<\/p>\n \uc774\uc0c1\ud574\uc11c \uc6b4\uc601\uc9c4\uc5d0 \ubb3c\uc5b4\ubcf4\ub2c8, \ubb38\uc81c\ub97c \uc798\ubcf4\ub77c\uace0 \ud55c\ub2e4.. \ubb38\uc81c\uac00 \uc694\uad6c\ud558\ub294 \ub2f5\uc740 \uc218\ud589\ub41c \uba85\ub839\uc5b4\ub97c \ucc3e\uc544\ub77c! \ub2e4..\u3160<\/p>\n \uadf8\ub798\uc11c \uba85\ub839\uc5b4\ub97c \ubcf4\ub2c8, 3\uac1c \uc815\ub3c4 \uc788\uc5c8\ub2e4..<\/p>\n url encoding \uc774 \ub418\uc5b4\uc788\uc5b4 \uba85\ub839\uc744 \uc54c\uc544\ubcf4\uae30 \uc704\ud574 \ub514\ucf54\ub529 \ud558\ub824\uace0 \ud588\uc73c\ub098 \uc778\ud130\ub137\uc774 \uc548\ub42c\ub2e4..\u3160\u3160 PC\uc5d0 \uc124\uce58\ub41c Tool \uc911\uc5d0 \ub514\ucf54\ub529\uc774 \uac00\ub2a5\ud55c Tool\uc744 \ucc3e\ub290\ub77c..\ub2e4\ud589\ud788 burp proxy\uc73c\ub85c \ub514\ucf54\ub529\uc744 \ud588\ub2e4. \uadf8\uc911\uc5d0 cat \uba85\ub839\uc774 \ub2f5\uc774\ub2e4 \uc2f6\uc5b4 \uba85\ub839\uc5b4 \ubd80\ubd84\ub9cc \ubf51\uc544\uc11c MD5\uc73c\ub85c encoding \ud588\ub2e4. \uadf8\ub798\ub3c4 \uc624\ub2f5\u3160\u3160<\/p>\n \ub2e4\uc2dc \uc6b4\uc601\uc9c4\uc5d0\uac8c \ubb38\uc758\ud574\ubcf4\ub2c8.. \ud328\ud0b7\uc5d0 \uc788\ub294 \ub0b4\uc6a9 \uadf8\ub300\ub85c MD5 encoding \uc744 \ud574\ubcf4\ub77c\uace0 \ud55c\ub2e4..\u3160\u3160 \ub2e4\uc74c\uc740 M1 XSS Attack \ubb38\uc81c\ub97c \uc0b4\ud3b4\ubcf4\uc558\ub2e4.. \uae30\ubcf8\uc801\uc73c\ub85c http \uc5d0 script \ub97c \uac80\uc0c9\ud574\ubcf4\ub2c8 \ub108\ubb34 \ub9ce\uc774 \ub098\uc640\uc11c cookie \uae4c\uc9c0 \uac19\uc774\ud574\uc11c \ud544\ud130\ud574\ubcf4\uc558\ub2e4.<\/p>\n \uc77c\ub2e8 user id 1\uac1c\ub294 \ucc3e\uc558\ub2e4. (G1A2Li) \ud558\uc9c0\ub9cc \ud0a4 \ud615\uc2dd\uc740 attack id_victim id \ub2e4\ub978 user id \ud558\ub098\ub97c \ub354 \ucc3e\uc544\uc57c \ub418\uc11c \ub2e4 \ud655\uc778\ud574\ubd24\ub294\ub370 \ub098\uc624\uc9c0 \uc54a\uc558\ub2e4..<\/p>\n \uadf8\ub798\uc11c \ub0b4\uac00 \ucea1\uccd0\ud55c \ud328\ud0b7\uc5d0 \uc5c6\ub098\ubcf4\ub2e4 \ud558\uace0 ip.addr == 192.168.216.139 \ud544\ud130\ub97c \uac78\uc5b4\uc11c \ub2e4\uc2dc \ud328\ud0b7\ucea1\uccd0\ub97c \ud558\uace0 \uae30\ub2e4\ub838\ub354\ub2c8..<\/p>\n \ub2e4\ub978 \ud558\ub098\uc758 id \ub97c \ubc1c\uacac\ud560 \uc218 \uc788\uc5c8\ub2e4. \uc815\ub2f5\uc740 G1A2Li_H1T2P1U<\/p>\n L3 \ubb38\uc81c\ub97c \ud480\uae30\uc704\ud574 \ud655\uc7a5\uc790\uac00 exe \uc778 \ud328\ud0b7\uc744 \ucc3e\uc73c\ub824\uace0 \ud544\ud130\ub97c \ud588\ub294\ub370..<\/p>\n M2 \ubb38\uc81c\uac00 \ub098\uc654\ub2e4. \uadf8\ub798\uc11c exe \ud30c\uc77c\uc744 \ucd94\ucd9c\ud574\uc11c \uc2e4\ud589\ud574\ubcf4\ub2c8 Bind Error\uc774 \ubc1c\uc0dd\ud558\uace0 BinText \uc73c\ub85c text \ub97c \ucd94\ucd9c\ud574\ubd10\ub3c4 \ud2b9\uc774\ud55c \uac83\uc744 \ubc1c\uacac\ud560\uc218 \uc5c6\uc5c8\ub2e4.<\/p>\n \uadf8\ub807\uac8c \ud55c\ucc38\uc744 \ud5e4\uba54\ub2e4\uac00 \ud78c\ud2b8\uac00 \uacf5\uac1c\ub418\uc5c8\ub2e4. \uadf8\ub798\uc11c \ubc14\ub85c img_style.jpg \ud30c\uc77c\uc744 \ucc3e\uc558\ub2e4. \ud574\ub2f9 \ud328\ud0b7\uc5d0 \uc911\uac04\ubd80\ubd84\uc5d0 \ubcf4\ub2c8\uae4c \uc18c\uc2a4\uac00 \uc788\uc5c8\ub2e4.. \uc18c\uc2a4 \uc704\ubd80\ubd84\uc5d0 char *key = “HighFive”; \uc778\uac83\uc744 \ubcf4\uace0 \uc785\ub825\ud588\uc9c0\ub9cc \uc5ed\uc2dc \uc624\ub2f5\uc774\uc600\ub2e4.<\/p>\n \uc6b4\uc601\uc9c4\uc5d0 \ubb38\uc758\ud574\ubd24\ub354\ub2c8, \ud574\ub2f9 Key \ub294 \uc815\ub2f5\uc774 \uc544\ub2c8\ub77c \uc815\ub2f5\uc744 \ud480\uc218\uc788\ub294 Key\uc911\uc5d0 \ud558\ub098\ub77c\uace0 \ud588\ub2e4.<\/p>\n \uadf8\ub9ac\uace0 \ubb38\uc81c\ub294 \uba85\ub839\uc5b4\ub97c \ucc3e\ub294 \uac83\uc774\uace0 \uc18c\uc2a4\ub294 \ucc38\uace0\ub9cc \ud558\ub77c\uace0 \uc54c\ub824\uc8fc\uc5c8\ub2e4.<\/p>\n \uadf8 \ub9d0\uc744 \ub4e3\uace0 \ucc2c\ucc2c\ud788 \uc18c\uc2a4\ub97c \uc0b4\ud3b4\ubcf4\ub2c8, ip \uc640 port\ub97c \uc54c\uc218 \uc788\uc5c8\ub2e4. (192.168.137.135, 19830)<\/p>\n \uadf8\ub9ac\uace0 \ub354 \ubc11\uc5d0 \ubd80\ubd84\uc744 \ubcf4\ub2c8 key\uc640 \ubc1b\uc740 \uba85\ub839\uc5b4\ub97c XOR \ud558\ub294 \ubd80\ubd84\uc744 \ubc1c\uacac\ud560\uc218 \uc788\uc5c8\ub2e4.<\/p>\n \uadf8\ub798\uc11c \ub2e4\uc2dc ip.addr == 192.168.137.135 && tcp.port == 19830 \ud544\ud130\ub97c \uac78\uc5b4 \uc0b4\ud3b4\ubcf4\ub2c8 \uaf64\ub9ce\uc740 \ud328\ud0b7\uc774 \uc788\uc5c8\ub2e4.. \uadf8 \uc911\uc5d0 \uc6ec\uc9c0 \ub290\ub08c\uc788\ub294 \ud328\ud0b7\uc774 \ud558\ub098 \ub208\uc5d0 \ub4e4\uc5b4\uc654\ub2e4.(\uc704\uc5d0 \uc120\ud0dd\ub41c \ud328\ud0b7)<\/p>\n \uadf8\ub798\uc11c Hex editer \uc73c\ub85c HighFive\ub97c Hex\uac12\uc744 \ubcc0\ud658\ud588\ub2e4. \uadf8\ub9ac\uace0 malzilla \uc73c\ub85c xor \ud574\ubcf4\uc558\ub2e4. \uc815\ub2f5\uc740 h1ghf1ve_0n_your_way<\/p>\n \uc774\ub807\uac8c M\ubb38\uc81c\ub9cc 3\uac1c \ud480\uace0 \uc885\ub8cc..<\/p>\n \uadf8\ub798\ub3c4 600\uc810\uc73c\ub85c 4\ub4f1!! \ub098\ub984 \uc990\uac81\uace0 \uc7ac\ubbf8\uc788\ub294 \uc2dc\uac04\uc774\uc600\ub358 \uac83 \uac19\ub2e4^^<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" 2013 Hack The Packet \uc608\uc120\uc804(2013 HTP_prequal) POC \uc606 \uc774\ubca4\ud2b8\ud640\uc5d0\uc11c \uc9c4\ud589\ub41c Hack The Packet \ub300\ud68c\uc758 \uccab\uc778\uc0c1\uc740.. \uc30d\ucf64\ud558\ub2e4?\u314b\u314b \ub300\ubd80\ubd84\uc774 \ub300\ud559\uc0dd \uac19\uc544 \ubcf4\uc774\uace0, \ub354 \uc5b4\ub9b0 \uace0\ub4f1\ud559\uc0dd\ub3c4 \uc788\ub294 \uac83 \uac19\uc558\ub2e4.. \uc774\ubca4\ud2b8\ud640 \uc785\uad6c\uc5d0 \ub4e4\uc5b4\uac00\uc790 \ub9c8\uc790 \ubcf4\uc774\ub294 \uc774\uc0c1\ud55c \uc870\ud615\ubb3c\ub4e4.. \ub098\uc911\uc5d0 \uae30\uc0ac\ubcf4\uace0 \uc54c\uc558\ub294\ub370 \uc774\uac8c \uc2a4\uce74\ub2e4(SCADA) \uc2dc\uc2a4\ud15c!!(Choo … Continue reading
\n![\"CameraZOOM-20131108140447039\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/CameraZOOM-20131108140447039.jpg\")
\n\ub098\uc911\uc5d0 \uae30\uc0ac\ubcf4\uace0 \uc54c\uc558\ub294\ub370 \uc774\uac8c \uc2a4\uce74\ub2e4(SCADA) \uc2dc\uc2a4\ud15c!!(Choo Choo Pwn)
\n\uc880 \uc77c\ucc0d\uac00\uc11c \ub458\ub7ec\ubcf4\uace0 \ud560 \uc2dc\uac04\uc774 \uc5c8\uc5c8\uc74c \uc88b\uc558\uc744\ud150\ub370.. \ub118 \ube61\ube61\ud558\uac8c \ub3c4\ucc29\ud574\uc11c \uc544\uc26c\uc6e0\ub2e4.
\n[POC2013] \ub7ec\uc2dc\uc544 \ud574\ucee4\ub4e4\uc774 \ub9d0\ud558\ub294 SCADA \ud574\ud0b9!<\/a>
\n[POC2013-TV] \uc2e4\uc81c \uc2a4\uce74\ub2e4 \uc2dc\uc2a4\ud15c, 2\uc2dc\uac04 \ub9cc\uc5d0 \ud574\ud0b9\ub2f9\ud574<\/a><\/p>\n
\n![\"CameraZOOM-20131108140529404\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/CameraZOOM-20131108140529404.jpg\")
\n[POC2013] \uc62c\ud574 \ucd5c\uace0 \uc5ec\uc131 \ud574\ucee4\ud300\uc740…\uc21c\ucc9c\ud5a5\ub300 Security First!<\/a><\/p>\nL1-K : \ube14\ub85c\uadf8\uac00 \ud574\ud0b9 \ub2f9\ud588\ub2e4. \ud574\ud0b9 \ub2f9\ud55c \ube14\ub85c\uadf8\ub97c \ubd84\uc11d\ud574\ub77c.\r\nL1-E : A blog website was hacked. Analyze of it.\r\nHint : tistory\r\n\r\nL2-K : \ud574\ucee4\uac00 \ubcf4\ub0b8 \ud30c\uc77c \ucc3e\uae30(\ubd80\uc81c: \ud3ec\ucf13\ubaac\uc758 \ubc18\ub780)\r\nL2-E : Find leaked file(The revolt of Poketmon)\r\n\r\nL3-K : \uc5b4\ub290\ub0a0 \uac1c\uad6c\ub9ac\ub294 \ucef4\ud4e8\ud130\uac00 \ub108\ubb34 \ub290\ub824\uc11c PC\ubc29 \ud558\uc528\ub97c \ucc3e\uc544\uac00 \uc544\uc774\uc2a4\ud06c\ub9bc\uc744 \uc0ac\uc8fc\uba70 \uc810\uac80\uc744 \ubd80\ud0c1\ud588\ub2e4.\r\n\ud558\uc528\ub294 \uba54\ubaa8\uc7a5\uacfc \uadf8\ub9bc\ud310\uc744 \uc774\uc6a9\ud558\uc5ec \uc5f4\uc2ec\ud788 \ubd84\uc11d\uc744 \uc9c4\ud589\ud558\ub2e4 \uacb0\uad6d\uc740 \ub9c8\uc6b0\uc2a4 \ud074\ub9ad \uba87 \ubc88\uc744 \ud1b5\ud574 \uad6c\uae00\uc744 ddos \ud558\ub294 \uc545\uc131\ucf54\ub4dc 3\ub9c8\ub9ac\ub97c \ucc3e\uc544\ub0c8\ub2e4. \uacfc\uc5f0 \uac1c\uad6c\ub9ac \ucef4\ud4e8\ud130\uc5d0 \uc0b4\uace0 \uc788\ub294 \uc545\uc131\ucf54\ub4dc\ub294 \ubb34\uc5c7\uc77c\uae4c?\r\nL3-E : Find 3 ddos malwares.\r\n* Key format : \ud30c\uc77c\uc774\ub9841_\ud30c\uc77c\uc774\ub9842_\ud30c\uc77c\uc774\ub9843 (sort by filename asc)\r\nex) asdfd1.exe_gkgkgk2.exe_hahaha9.exe\r\n\r\nL4-K : \uc9c4\ud604\uc774\ub294 \uc6a9\uc790\uc758 \ucef4\ud4e8\ud130\uc5d0 \ubab0\ub798 \uc811\uadfc\ud558\uc5ec(\ub098\uc05c\ub188) \uc9c4\uc2e4\uc744 \uc54c\uc544\ub0c8\ub2e4! \uacfc\uc5f0 \uc9c4\uc2e4\uc740 \ubb34\uc5c7\uc778\uac00??\r\nL4-E : jinhyun made a good job(got a true from yong-ja's computer without yong-js's agree)! what is the ture?\r\nHINT : truecrypt\r\n\r\nM1-K : \ub204\uad70\uac00 \ub098\uc758 Cookie \uac12\uc744 \uac00\uc838\uac14\ub2e4!!!! \ucc3e\uc544\uc918!\r\nM1-E : Someone stealed my Cookie. Find it!\r\nHint : XSS Attack\r\n*Key format : attack id_victim id\r\n\r\nM2-K. \uc545\uc131\ucf54\ub4dc\uac00 \ub3d9\uc791\uc911\uc778 \ucef4\ud4e8\ud130\uc758 \ud328\ud0b7\uc774\ub2e4. \uc545\uc131\ucf54\ub4dc\uac00 \uc11c\ubc84\ub85c\ubd80\ud130 \ubc1b\uc740 \uba85\ub839\uc744 \ucc3e\uc544\ub77c\r\nM2-E. There is a malware\u2019s activity in this packet, what is the command from malware\u2019s server?\r\nHINT : Source of malware.exe is in img_style.jpg file \r\n\r\nM3-K : Apache \ud658\uacbd\uc5d0\uc11c \uce68\ud574\uc0ac\uace0\uac00 \ubc1c\uc0dd\ud558\uc5ec \uc2dc\uc2a4\ud15c \uc811\uc18d KEY\ub97c \ube7c\uc557\uc544 \uac14\ub2e4. \uc218\ud589\ub41c \uba85\ub839\uc5b4\ub97c \ucc3e\uc544\ub77c!\r\nM3-E: System account key was stealed of apache system. What command executed for it?\r\nHint : Apache Struts2\r\nKey format : md5(key)\r\n\r\nH1-K : \uc815\ubcf4\uac00 \uc720\ucd9c\ub418\uace0 \uc788\ub2e4. \ubb34\uc5c7\uc778\uac00? \r\nH1-E : Information leak! what?\r\nHint : DNS. Covert Data Storage Channel Using IP Packet Headers\r\n\r\nH2-K : \ud3ec\ub80c\uc2dd \uc870\uc0ac\uad00\uc740 \ube44\ubc00\uc774 \ub2f4\uae34 \ud558\ub4dc\ub97c dd \uba85\ub839\uc5b4\ub85c \ub514\uc2a4\ud06c \uc774\ubbf8\uc9c0\ub97c \ud68d\ub4dd\ud558\uace0 \ub124\ud2b8\uc6cc\ud06c\ub85c \uc804\uc1a1\ud558\uc600\ub2e4.\r\nH2-E : Forensic investigator collects the hard disk image which contains a secret message with the dd command and sent it on the network.\r\n\r\nH3-K : \uc545\uc131\uc571\uc758 C&C IP \uc8fc\uc18c\ub97c \ucc3e\uc544\ub77c\r\nH3-E : What is the C&C IP of malicious android application?<\/pre>\n
\n(\uc5ec\uae30\uc11c \uc2dc\uac04\uc744 \ub108\ubb34 \uc18c\ube44\ud55c\uac8c \ud070 \uc2e4\uc218\uc5c8\ub2e4..\u3160)<\/p>\n
\nProcessBuilder \ub97c \ud0a4\uc6cc\ub4dc\ub85c \uac80\uc0c9\ud574\ubcf4\ub2c8 \uae08\ubc29 \ud328\ud0b7\uc774 \ub098\uc654\ub2e4.
\n![\"HTP-M3-1\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M3-1.png\")
<\/p>\n![\"HTP-M3-2\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M3-2.png\")
<\/p>\n
\n\ubcf4\ud1b5 \uac04\ub2e8\ud55c \ub514\ucf54\ub529\uc740 \uc778\ud130\ub137\uc73c\ub85c \ud558\ub294 \ud3b8\uc774\ub77c \ub09c\uac10\ud588\ub2e4..<\/p>\n
\n![\"HTP-M3-4\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M3-4.png\")
<\/p>\n
\n![\"HTP-M3-5\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M3-5.png\")
<\/p>\n
\n\uadf8\ub798\uc11c redirect: \ubd80\ubd84 \uc804\uccb4\ub97c \ud574\ubd10\ub3c4 \uc624\ub2f5.. \uba87\ubc88\uc744 \uc2dc\ub3c4\ud55c\ub05d\uc5d0 \uc544\ub798\uc640 \uac19\uc774 \ud574\uc11c \uc131\uacf5!
\n![\"HTP-M3-6\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M3-6.png\")
<\/p>\ntcp.segment_data contains \"script\" && tcp.segment_data contains \"cookie\"<\/pre>\n
![\"HTP-M1-1\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M1-1.png\")
<\/p>\n![\"HTP-M1-2\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M1-2.png\")
<\/p>\n
\n![\"HTP-M1-3\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M1-3.png\")
<\/p>\n
\n![\"HTP-M2-1\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M2-1.png\")
<\/p>\n![\"HTP-M2-2\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M2-2.png\")
<\/p>\n
\nHINT : Source of malware.exe is in img_style.jpg file<\/p>\n
\n![\"HTP-M2-3\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M2-3.png\")
<\/p>\n
\n![\"HTP-M2-4\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M2-4.png\")
<\/p>\n char str[BUFLEN]=\"\";\r\n int len;\r\n len=recv(ClientSocket,str,BUFLEN,0);\r\n printf(\"\\t [+] len = %d\\n\",len);\r\n\r\n if(len >52){\r\n printf(\"\\t [-] overcount\\n\");\r\n break;\r\n }\r\n else if(len<52){\r\n for(int p =0;p<52-len;p++)\r\n strcat(str,\" \");\r\n }\r\n int cnt =0;\r\n int i =0;\r\n for(i=0;i<52;i++){\r\n result[i] = key[cnt]^str[i];\r\n cnt++;\r\n if(cnt == 8)\r\n cnt =0;\r\n }<\/pre>\n
\n![\"HTP-M2-5\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M2-5.png\")
<\/p>\n
\n![\"HTP-M2-6\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M2-6.png\")
<\/p>\n
\n![\"HTP-M2-7\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M2-7.png\")
<\/p>\n![\"HTP-M2-8\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/HTP-M2-8.png\")
<\/p>\n![\"KakaoTalk_7bd510f60f7f7bc2\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/KakaoTalk_7bd510f60f7f7bc2.png\")
<\/p>\n
\n\uc608\uc12019\ub4f1\uc5d0\uc11c \ucd9c\ubc1c\ud574\uc11c \ubcf8\uc120 4\ub4f1\uc774\uba74 \uad1c\ucc2e\uc740\ub4ef!!<\/p>\n![\"KakaoTalk_530de585201e8418\"](\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/11\/KakaoTalk_530de585201e8418.jpg\")
\nhttp:\/\/hackthepacket.com\/entry\/2013-Hack-The-Packet-QUAL<\/a><\/p>\n