http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=173 [º¹»ç]
#À̰͵µ ÀÚÀ¯ °Á¿¡ µé¾î°¡´ÂÁö... °Á´ ° îµ¥...^^
±×³àÀÇ Vulnerabilities¿¡ µû¸¥ Remote/local one night stand exploit.
±×³à´Â multiple vulnerability¸¦ °¡Áö°í ÀÖ¾î malicious code¸¦ »ðÀÔÇϱâ À¯¿ëÇÏ´Ù.
ÀÏ´Ü ¾ÖÀÎÀÌ ÀÖ´Â ±×³à´Â ¾ÖÀÎÀÚü°¡ Ãë¾àÇÏ´Ù.
Phone number spoofing ±â¹ýÀ» ÀÌ¿ëÇÏ¿© sms message¿¡ malicious code¸¦ »ðÀÔÇÏ¿© º¸³»¸é
½Å·ÚµÈ °ü°è¸¦ ¾ø¾Ù¼ö ÀÖ´Ù.
ÀÏ´Ü DDOS°ø°ÝÀ¸·Î ½Å·Ú°ü°è¿¡ ÀÖ´Â ¾ÖÀÎÀÇ SMS¿¡ ´õÀÌ»óÀÇ message°¡ °¡Áö ¾Ê°Ô ¸¸µç´Ù.
ÀÎÅÍ³Ý »ó¿¡´Â ¿ì¸®°¡ »ç¿ëÇϱ⠽¬¿î ¹«·á SMS Message sending service°¡ ÁñºñÇÏ´Ù.
±×ÈÄ Phone number spoofing ±â¹ýÀ¸·Î ±×³àÀÇ SMS¿¡ malicious message¸¦ º¸³»°í
±×³àÀÇ ack message¸¦ ÃßÃøÇÏ¿© ´ÙÀ½ message¸¦ º¸³½´Ù.
±×³à¿Í ¾ÖÀÎÀÇ ½Å·Ú°ü°è°¡ ±úÁö±â ½ÃÀÛÇϸé ÀÏ´Ü Æ´»õ°¡ º¸À̱⠽ÃÀÛÇÑ°ÍÀÌ´Ù.
±×³àÀÇ nobody privilege shellÀ» ¾ò±â À§ÇÏ¿© ¿ì¸®´Â remote exploitÀ» ÁغñÇÑ´Ù.
ÀÏ´Ü external·Î connectÇÒ¼ö ÀÖ´Â holeÀ» ã¾Æº¸µµ·Ï ÇÏÀÚ.
¿©±â¼ ¿ì¸®´Â ¿©·¯°¡Áö vulnerability¸¦ ã¾Æ¼ Àß Â¥¿©Áø °¢º»´ë·Î ¼ø½Ä°£¿¡ ÇØ°áÇϴ°ÍÀÌ ÇÊ¿äÇÏ´Ù.
ÇÊ¿äÇÏ´Ù¸é ºñ½ÁÇÑ host¸¦ ã¾Æ ÃæºÐÇÑ ¿¬½ÀÈÄ ½ÇÀü¿¡ µé¾î°¡´Â ÁöÇýµµ ¾²Àϼö ÀÖ´Ù.
ÀÏ´Ü ±×³àÀÇ À̸§°ú ³ªÀ̸¦ ÀÌ¿ëÇÏ¿© searching.......
cyworld¿¡ minihome pageÀÇ XSS Vulnerability°¡ ÀÖ´Ù´Â °ÍÀÌ È®ÀεǾú´Ù.
±×³àÀÇ environmentµé¿¡ Á¢±ÙÇÏ¿© À¯¿ëÇÑ scriptµéÀ» ¶ç¿î´Ù.
a coincidence... ÀÌ°ÍÀÌ ±×³àÀÇ nobody privilege shellÀ» ¾ò±â À§ÇÑ ±â¹ÝÀÌ µÇ¾ú´Ù.
ÀÏ´Ü scriptµéÀ» ÀÌ¿ëÇØ ±×³à¿ÍÀÇ ÀÚ¿¬½º·¯¿î drink shellÀ» ¾ò¾ú´Ù.
ÀÌÁ¦ºÎÅÍ´Â local exploitÀ» À§ÇÑ vulnerability¸¦ ã¾Æ¾ßÇÑ´Ù.
ÀÏ´Ü ±×³à¿¡°Ô´Â alcoholic drinks overflow vulnerability°¡ Àִٴ°ÍÀ» ¾Ë°Ô µÇ¾ú´Ù.
°Ô´Ù°¡ ±×³à´Â religion string bug°¡ Àִ°ÍÀ¸·Î ÆÇ¸í³µ´Ù.
ÀÏ´Ü ¾ÈŸ±õ°Ôµµ ù¹ø° vulnerability¿¡¼´Â egg hunterµéÀÎ ¼ú¸ÔÀ¸¸é µ¥·Á´ÙÁִ ģ±¸µéÀÌ Àִ°ÍÀ¸·Î ÆÇ¸í³µ´Ù.
±×¸®°í ´ÜµÑÀÌ ÀÖÀ»¶§´Â 1 cup overflow¹Û¿¡ ÀϾÁö ¾Ê´Â´Ù´Â °ÍÀ» ¾Ë¾Ò´Ù.
±×¸®°í religion string bugÀÎ ±³È¸¿¡¼´Â L.O.V.E·Î ÀÎÇÑ one night stand°¡ Èûµé´Ù´Â°ÍÀ» ¾Ë°Ô µÇ¾ú´Ù.
³ª´Â 1 cup overflowÀÇ ÇعýÀ» ¾Ë°í ÀÖ¾ú±â¿¡ ±×°÷À» °ø·«Çϱâ·Î ¸¶À½¸Ô¾ú´Ù.
½ÇÀü¿¡ µé¾î°¡±â Àü¿¡ °°Àº ȯ°æÀ¸·Î ¸¸µç girl¿¡°Ô ½ÇÀüÅ×½ºÆ®µµ ÀØÁö ¾Ê¾Ò´Ù.
ÀÏ´Ü ´ÜµÑÀÇ drink shellÀ» ºü¸£°Ô ¾ò¾î³ª°£ÈÄ 1 cup overflow¸¦ ÀÏÀ¸Ä×´Ù.
¿ÏÀüÇÑ overflow°¡ ¾Æ´Ï±â ¶§¹®¿¡ Á¶½É½º·´°Ô ³»°¡ ¿øÇÏ´Â place·Î return ½ÃÅ°±â À§ÇØ À¯µµÇß´Ù.
°á±¹ ±×³à´Â ³»°¡ ¿øÇÏ´Â °÷À¸·Î return Çß°í ³ª´Â local root¸¦ µþ¼ö ÀÖ°Ô µÇ¾ú´Ù.
¹°·Ð root¸¦ µý ÈÄ¿¡´Â ³» ÈçÀûÀ» Áö¿ì±â À§ÇØ ±×³àÀÇ cel-PhoneÀÇ log¸¦ deleteÇÏ¿´´Ù.
±×³à´Â µÚ´Ê°Ô ³» ÁÖº¯ÀÇ ¸ðµç marks°¡ spoofingµÈ °ÍÀÓÀ» ¾Ë¼ö ÀÖ¾îÁö¸¸ ÀÌ¹Ì ÆødzÀº Áö³ª°¡°í ³ ÈÄ¿´´Ù.
writed by ganseo.
homepage : http://www.ganseo.com
e-mail : postmaster@ganseo.com
|
Hit : 10765 Date : 2004/03/29 10:48
|