Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
地雷探しに脆弱性を使うのは間違っているだろうか Hack a Minesweeper
Search
MR.RABBIT
December 07, 2017
0
180
地雷探しに脆弱性を使うのは間違っているだろうか Hack a Minesweeper
2017年6月3日(土) AKIBASECで発表さてもらったLT資料です。
MR.RABBIT
December 07, 2017
Tweet
Share
More Decks by MR.RABBIT
See All by MR.RABBIT
P.A.K.U.R.I SECCON2019 Akihabara YOROZU
01rabbit
1
98
P.A.K.U.R.I AVTOKYO HIVE
01rabbit
0
49
The Empire Strikes Back ~MR.RABBIT 帝国の逆襲~
01rabbit
0
230
あの日学んだ攻撃の方法を僕達はまだ知らない。
01rabbit
0
170
MR.RABBIT 聞いた事はあるけど、実際には見た事がないハッキングガジェット
01rabbit
2
7.2k
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
72
5.3k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Speed Design
sergeychernyshev
24
570
How to Ace a Technical Interview
jacobian
275
23k
Statistics for Hackers
jakevdp
796
220k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
A Tale of Four Properties
chriscoyier
156
23k
Imperfection Machines: The Place of Print at Facebook
scottboms
264
13k
GitHub's CSS Performance
jonrohan
1030
460k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
GraphQLの誤解/rethinking-graphql
sonatard
66
9.9k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
790
Transcript
BLJCBTFD ͏͗͞ !SBJU
ࣗݾհ ͏͗͞ w झຯͰϖωτϨʔγϣϯςετΛͯ͠Δ w झຯͰ߈ܸݕূΛ͍ͯ͠Δ w ݱࡏɺઈࢍෆൃதX ͏͞ϒϩ ɹIUUQSBJUCMPHIBUFCMPKQ
5XJUUFS ɹ!SBJU
–ͱ͋Δຐज़ͷېॻ lຐज़ͱɺ࠽ೳͷແ͍ਓ͕ؒͦΕͰ࠽ೳ͋Δ ਓؒͱରʹͳΔҝͷٕज़z
ಥવͰ͕࣭͢Ͱ͢ʂ ϚΠϯεΠʔύͬͯͬͯ·͔͢ʁ ɹϚΠϯεΠʔύʢ.JOFTXFFQFSʣ ʹൃ໌͞ΕͨɺҰਓ༻ͷίϯϐϡʔλήʔϜͰ͋ ΔɻήʔϜͷతཕݪ͔ΒཕΛऔΓআ͘͜ ͱͰ͋Δɻ 8JLJQFEJBΑΓ
;ͱࢥͬͨɾɾɾ
্ڃΛΫϦΞ͍ͨ͠ʂ ˞্ڃͷੈքهඵɹ8JLJQFEJBΑΓ
ͨͱ͑ ͲΜͳखஈΛͬͯͰʂʂ
ඪͱ͢Δ͜ͱ w ϚΠϯεΠʔύ͕ಈ͍͍ͯΔ8JOEPXTͷ੬ऑੑΛ ಥ͍ͯϋοΫ͢Δ w 8JOEPXTΛϋοΫͨ͠ޙɺϚΠϯεΠʔύΛϋο Ϋͯ͠Έͯཪٕ͕ແ͍͔୳ͯ͠ݟΔ
ڥ 8JOEPXT91 ,BMJ-JOVY
खॱ /NBQΛͬͯ8JOEPXT91Λௐࠪ͢Δ .FUBTQMPJUΛ༻ͯ͠৵ೖ͢Δ ৵ೖͨ͠Β.FUFSQSFUFSΛۦͯ͠.JOFTXFFQFS ΛϋοΫ͢ΔXɹʢ࣮ԋʣ
ϙʔτεΩϟϯͯ͠Έͨ ͕ɺ։͍͍ͯΔͱ͍͏͜ͱɾɾɾ /4"ͷΞϨ͕ɾɾɾ
&UFSOBM#MVF .4 ͷ֬ೝ %PVCMF1VMTBSΛࠐΊΔʂʂ ੬ऑੑൃݟʂʂ
&YQMPJU͢Δ ৵ೖྃʂ
.FUFSQSFUFS͔Β .JNJLBU[ΛಡΈࠐΉ ಡΈࠐΉ͜ͱͰʮNJNJLBU[@DPNNBOEʯ͕͑ ΔΑ͏ʹͳΔ ˞NJNJLBU[ͱ 8JOEPXTͷύεϫʔυΛΫϥοΫ͢Δπʔϧ
NJNJLBU[@DPNNBOEͷ࣮ߦ ͜͜ͰʮNJNJLBU[@DPNNBOEGXJONJOFJOGPTʯ ͱೖྗ͢Δͱɾɾɾ
͋Εʁ͑ݟ͑ͯΔX ,BMJ-JOVY 8JOEPXT91
͋Εʁ͑ݟ͑ͯΔX ,BMJ-JOVY 8JOEPXT91
͜ΕͰ্ڃΫϦΞͰ͖Δ ??
൱
NJNJLBU[@DPNNBOEʹ ͬͱੌ͍͕͋Δ ͜͜ͰʮNJNJLBU[@DPNNBOEGXJONJOFDIFBUʯ ͱೖྗ͢Δͱɾɾɾ
͑ʂʁ DIFBUίϚϯυΛૹͬͨޙʹɺ൫໘ͷۭ͖εϖʔεΛΫϦοΫ ͢ΔͱΫϦΞʂʂॴཁ࣌ؒ ̍ඵʂʂ
࣮ԋ
·ͱΊ w ੬ऑੑͷΔ8JOEPXT্ͷϚΠϯεΠʔύɺҶ ͮΔࣜʹήʔϜΛ߈ུ͞Εͯ͠·͏ w ཁ͢Δʹେਓؾͳ͍ϋοΧʔ͕ɺϜΩʹͳΔͱϚΠ ϯεΠʔύΛ̍ඵͰΫϦΞ͢Δ w ࣄΛଟ֯తʹݟΔͱ໘ന͍ൃݟ͋Δ
ऴΘΓ