모의해킹 58

[Vulnhub] Kioptrix_Level_1.3(#4) Walkthrough

https://www.vulnhub.com/entry/kioptrix-level-13-4,25/ Kioptrix: Level 1.3 (#4)This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release. It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack.www.vulnhub.comkioptrix 4번째 실습입니다. 실습 VM 구축은 이전에 설정하는 것과 똑같이 진행하면 이상없이 IP가 잘 잡힐것입..

Vulnhub 2024.06.19

[Vulnhub] Kioptrix_Level_1.2(#3) Walkthrough

https://www.vulnhub.com/entry/kioptrix-level-12-3,24/ Kioptrix: Level 1.2 (#3)This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release. It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack.www.vulnhub.com이번 실습 VM의 특이사항이라면 /etc/hosts에 실습 VM의 IP를 넣어줘야한다는 점이 있습니다.sudo vi /..

Vulnhub 2024.06.18

[Vulnhub] Kioptrix_Level_1.1 (#2) Walkthrough

https://www.vulnhub.com/entry/kioptrix-level-11-2,23/ Kioptrix: Level 1.1 (#2)This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release. It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack.www.vulnhub.com실습 VM이 IP가 안잡힌다면 이전 글에서 설명한 실습 VM 셋팅을 보시고 셋팅을 하면 잘 잡힙니다. 실습 환경 : V..

Vulnhub 2024.06.17

[Vulnhub] Kioptrix_Level_1 Walkthrough

https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ Kioptrix: Level 1 (#1)This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release. It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack.www.vulnhub.com이번 시나리오 모의해킹은 Kioptrix 입니다. 이 실습 VM은 IP가 잘안잡혀서 살짝 삽질을 좀 했는데 IP 설정하는 것..

Vulnhub 2024.06.14

[Vulnhub] Dina: 1.0.1 Walkthrough

https://www.vulnhub.com/entry/dina-101,200/  Dina: 1.0.1This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release. It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack.www.vulnhub.com시나리오 모의해킹을 공부하고 연습하기 위해서 수많은 ctf, wargame 사이트 중에서 제가 선택한 사이트는 vulnhub 입니다. ctf에서 출제된 문제들..

Vulnhub 2024.06.13

[CVE-2021-43798] Grafana 8.3.0 공개 취약점 분석 (2)

이전 게시글에서는 익스플로잇 하는 방법에 대해서 살펴보았다. 이 취약점은 21년도 12월에 제로데이로 트위터에 게시되어 많은 관심이 있었다고 한다 이 취약점이 공개된 이후 단 4일만에 공식 패치가 출시되어 짧은 시간동안만 제로데이였다고 한다.  이제 익스플로잇 코드에 대한 분석을 해볼 것이다. # Exploit Title: Grafana 8.3.0 - Directory Traversal and Arbitrary File Read# Date: 08/12/2021# Exploit Author: s1gh# Vendor Homepage: https://grafana.com/# Vulnerability Details: https://github.com/grafana/grafana/security/advisorie..

CVE 2024.06.12