Upgrade to Pro — share decks privately, control downloads, hide ads and more …

P.A.K.U.R.I SECCON2019 Akihabara YOROZU

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Mr.Rabbit Mr.Rabbit
December 21, 2019
Technology
130
1

P.A.K.U.R.I SECCON2019 Akihabara YOROZU

Avatar for Mr.Rabbit

Mr.Rabbit

December 21, 2019

More Decks by Mr.Rabbit

See All by Mr.Rabbit
Azazel Series
Avatar for Mr.Rabbit 01rabbit
0
89
Azazel System for Emergency Shelters
Avatar for Mr.Rabbit 01rabbit
0
190
BOCCHI
Avatar for Mr.Rabbit 01rabbit
0
50
KaliPAKU
Avatar for Mr.Rabbit 01rabbit
0
32
Babbly
Avatar for Mr.Rabbit 01rabbit
0
91
P.A.K.U.R.I AVTOKYO HIVE
Avatar for Mr.Rabbit 01rabbit
0
110
The Empire Strikes Back ~MR.RABBIT 帝国の逆襲~
Avatar for Mr.Rabbit 01rabbit
0
260
地雷探しに脆弱性を使うのは間違っているだろうか Hack a Minesweeper
Avatar for Mr.Rabbit 01rabbit
0
220
あの日学んだ攻撃の方法を僕達はまだ知らない。
Avatar for Mr.Rabbit 01rabbit
0
200

Other Decks in Technology

See All in Technology
PostgreSQL 19 新機能概要 OSC Hokkaido 2026
Avatar for Noriyoshi Shinoda nori_shinoda
0
170
徹底討論!ECS vs EKS!
Avatar for 高棹大樹 daitak
2
830
現地で盛り上がった WWDC26 Keynote
Avatar for ZOZO Developers zozotech
PRO
1
270
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
2k
「勝手に広まる」人気 AI エージェントを爆速で作ろう!(AWS Summit Japan 2026講演資料)
Avatar for みのるん minorun365
PRO
10
2k
2026 TECHFRESH 畢業分享會 - 開發日常大解密!從領域驅動到企業級上線
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
1.3k
GitHub Copilot 最新アップデート – 「一歩先」の実践活用術
Avatar for zhang.william moulongzhang
5
1.5k
AIチャット検索改善の3週間
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
2
140
ACE-Step-1.5で見る 音楽生成AIのしくみと“破綻だけ直す”Retake機能の開発【zennfes spring 2026 登壇資料】
Avatar for asap personabb
1
540
新しいUbuntu/GNOMEが使いたいからXからWaylandへ移行頑張ってるの巻 2026-06-20
Avatar for Nobuto Murata nobutomurata
0
150
AI-DLCを “そのまま導入しなかった”話 ~組織に合わせてアジャストした 私たちの実践共有~
Avatar for hiroramos hiroramos4
PRO
0
230
白金鉱業Meetup_Vol.24_「AIエージェントは分けるほど良い」は本当か? / Is it true that “the more you divide AI agents, the better”?
Avatar for BrainPad brainpadpr
1
420

Featured

See All Featured
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
What Being in a Rock Band Can Teach Us About Real World SEO
Avatar for Ade Holder 427marketing
0
260
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.6k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
58k
Exploring anti-patterns in Rails
Avatar for Elle Meredith aemeredith
3
410
Docker and Python
Avatar for Tania Allard trallard
47
3.9k
What the history of the web can teach us about the future of AI
Avatar for Ines Montani inesmontani
PRO
1
620
Mind Mapping
Avatar for Hélio Medeiros helmedeiros
PRO
1
250
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
150
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
290
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
200
Are puppies a ranking factor?
Avatar for Jono Alderson jonoalderson
1
3.6k

Transcript

  1. 1",63* SECCON 2019 Akihabara 2019/12/21 - 22 YOROZU @Mr.Rabbit 0QFSBUJPOXJUI5FOLFZ

  2. Who am i ໊લ.S3BCCJU ࢿ֨ΞʔΫ༹઀ɺখܕҠಈࣜΫ Ϩʔϯɺۄֻ͚ɺେܕࣗಈंɺ 0481ɺ$*441ɺ44$1 طԟ঱ਥೋප झຯαόήʔɺΞχϝ ৬ྺݩαΠόʔσΟϑΣϯεݚڀॴ

    ݚमੜ

  3. What is PAKURI ? 1FOFUSBUJPOUFTU "DIJFWF ,OPXMFEHF 6OJUF 3BQJE *OUFSGBDF

  4. What is PAKURI ? ϖωτϨʔγϣϯςετʹඞཁͦ͏ͳπʔϧΛدͤू Ίͯɺ୭Ͱ΋ɺ؆୯ʹɺͦΕͬΆ࣮͘ߦग़དྷΔ༷ʹߏ ੒ͨ͠πʔϧ ͬ͘͟Γݴ͏ͱύΫͬͯΔXʢݖར͸৵֐ͯ͠·ͤΜʣ ͺ͘Δʢҟ௲ɿύΫΔʣ 

    ύΫύΫͱ৯΂Δɻେ͖ͳޱΛ։͚ͯ৯΂Δɻ  ʢଏޠʣ伱Λ͍ͭͯۚ඼Λ͔ͬ͞Β͏ɻۚમ΍ྉۚΛԣྖ͢Δɻ  ʢଏޠʣ౪༻͢Δɻ  ʢଏޠʣܯ࡯ͳͲ͕ਓΛั·͑ɺัറ͢Δɻ IUUQTKBXJLUJPOBSZPSHXJLJͺ͘Δ

  5. 1",63*ͷೳྗ  ৘ใऩूٴͼྻڍ  ੬ऑੑͷ෼ੳ  ೝূࢼߦ  &YQMPJUʢิॿʣ 

    ৘ใͷՄࢹԽ

  6. ҰൠతͳϖωτϨʔγϣϯςετͷྲྀΕ /P ςετ߲໨ આ໌  ϗετݕग़ *$.1Ԡ౴֬ೝΛ࢖༻ͯ͠ɺର৅ͱͳΔγεςϜ্ͷϗετ Λݕग़͢Δ  5$16%1εΩϟϯ

    ٙࣅ߈ܸͷର৅ͱͳΔϗετ͕ଘࡏ͠ϗετ্Ͱٙࣅ߈ܸର ৅ʹͳΔαʔϏε͕Քಇ͍ͯ͠Δ͜ͱΛ֬ೝ͢Δ  ੬ऑੑͷ֬ೝ ੬ऑੑεΩϟφΛར༻͠໢ཏతʹ੬ऑੑͷଘࡏΛ֬ೝ͢Δ  ೝূࢼߦɾΞΫηεݖऔಘ ਪଌՄೳͳΞΧ΢ϯτɾύεϫʔυΛ༻͍ͯೝূࢼߦΛߦ ͍ɺαʔϏε΍ΞϓϦέʔγϣϯͷར༻Մ൱Λ֬ೝ͢Δ  ط஌੬ऑੑΛར༻ͨٙ͠ࣅ߈ܸ ط஌੬ऑੑΛར༻͠ɺ߈ܸίʔυΛ࢖༻ͯٙ͠ࣅ߈ܸΛߦ ͍ɺ࣮ࡍʹ৵ೖٴͼ৘ใͷ઄औ͕Մೳ͔֬ೝ͢Δ  Өڹ౓ͷ֬ೝ ٙࣅ߈ܸ͕੒ޭͨ͠ϗετͷݖݶ΍ϑΝΠϧ౳Λ෼ੳ͠ଞͷ ϗετ΁ͷӨڹ౓Λ֬ೝ͢Δ

  7. 1",63*Ͱ΍Γ͍ͨ͜ͱ /P ςετ߲໨  ϗετݕग़  5$16%1εΩϟϯ  ੬ऑੑͷ֬ೝ 

    ೝূࢼߦɾΞΫηεݖऔಘ  ط஌੬ऑੑΛར༻ͨٙ͠ࣅ߈ܸ  Өڹ౓ͷ֬ೝ ͜ͷൣғΛαϙʔτ͍ͨ͠  ৘ใऩूٴͼྻڍ  ੬ऑੑͷ෼ੳ  ೝূࢼߦ  &YQMPJUʢิॿʣ  ৘ใͷՄࢹԽ

  8. ૢ࡞͕೉͍͠ͷͰ͸ʁ ೉͍͠ͷ͸ͪΐͬͱͶɾɾɾ

  9. ςϯΩʔ͚ͩͰಈ͘Α

  10. ը໘

  11. جຊίϚϯυ ΤΫεϓϩΠτίϚϯυ ίϯϑΟάίϚϯυ εΩϟϯίϚϯυ ίϯϘΛܾΊͯ ίϚϯυ࣮ߦʂʂ

  12. εΩϟϯίϯϘ Discovery Host Vulnerability Scan Well-known ports Scan(Details) AutoRecon ͳʹΛ͢Δʹ΋·ͣ͸ίϨ

    ΦεεϝίϯϘ "VUP3FDPO %JTDPWFSZ)PTU

  13. ΤΫεϓϩΠτίϯϘ Password Crack Create MSF DB Import to MSF DB

    Start Metasploit Check the service ৘͚͸ແ༻ɺୟ͖ࠐΊʂ ΦεεϝίϯϘ 1BTTXPSE$SBDL

  14. ίϯϑΟάίϯϘ Import data into Faraday Switch CUI mode Configure targets

    Switch GUI mode ੒ޭͷΧΪ͸ɺ४උീׂ ΦεεϝίϯϘ *NQPSUEBUBJOUP'BSBEBZ

  15. ϥʔχϯά ෼͔Βͳ͍ࣄΛ஌Δࣄ͕Ұ൪ͷֶͼ "TTJTU MFBSOUP ίϯϘͷ࠷ޙʹMFBSOUPΛબͿͱ ը໘ӈଆʹ࣮ߦ͞ΕΔίϚϯυͷ આ໌͕දࣔ͞ΕΔ "TTJTUΛબͿͱɺ֤جຊίϚϯ υͰͷಈ࡞ʹ͍ͭͯͷղઆΛද ࣔ͢Δ

  16. 1",63*ΛऔΓೖΕֶͨशαΠΫϧ ࣮ԋ ղઆ ʢϥʔχϯάʣ ࣮श ʢίϯϘʣ ੒ޭମݧ ʢ݁ՌͷՄࢹԽʣ ΍ͬͯΈͤɺݴͬͯฉ͔ͤͯɺͤͯ͞Έͤɺ΄Ίͯ΍ΒͶ͹ɺਓ͸ಈ͔͡ ࢁຊޒे࿡

  17. Your benefits ϨουνʔϜͷ৔߹  1",63*Λ࢖༻͢ΔࣄͰɺසൟʹར༻͢ΔίϚϯυΛ ೖྗ͢Δख͕ؒল͚·͢ɻ  ॳ৺ऀͷϖϯςελʔ͸ɺ1",63*Λ࢖༻ͯ͠߈ܸͷ ྲྀΕΛֶ΂·͢ɻ ϒϧʔνʔϜͷ৔߹

     ؆୯ͳૢ࡞Ͱɺ߈ܸऀͷߦಈΛ໛฿Ͱ͖·͢ɻ ˞͋͘·Ͱ΋ҰྫͰ͢

  18. ֶश͔Β࣮຿·ͰςϯΩʔ͚ͩͰͰ͖Δʂ

  19. テンキーの子 Operation with Ten-key

  20. ·ͱΊ ɹϖϯςελʔ͸खΛಈ͔͢͜ͱ͕େ޷͖Ͱ͢ɻ͔͠͠ɺ ໘౗͍͘͞࡞ۀ͸޷͖Ͱ͸͋Γ·ͤΜɻ1",63*͸ɺϖω τϨʔγϣϯςετͰසൟʹ࢖༻͢ΔίϚϯυΛςϯΩʔ ͷૢ࡞͚ͩͰ࣮ߦ͠·͢ɻ·ΔͰ֨ಆήʔϜΛ΍͍ͬͯΔ Α͏ͳײ֮ͰͰ͖·͢ɻ

  21. ·ͱΊ ɹ1",63*͸ϖωτϨʔγϣϯςελʔͷΩϟϦΞΛ։ ࢝͢Δͷʹ΋໾ʹཱͯΔͱࢥ͍·͢ɻ,BMJ5PPMTʹ४ڌ ͢ΔπʔϧΛ࢖༻͍ͯ͠ΔͷͰඞཁҎ্ʹഁյ͢Δ͜ͱ ͸͠·ͤΜɻ1",63*Λ࢖༻͢Δ͜ͱͰɺϖωτϨʔ γϣϯςετͷϑϩʔΛ؆୯ʹମݧֶ͠Ϳ͜ͱ͕ग़དྷ· ͢ɻ ɹ1",63*Λ࢖ͬͯΈͯɺϖωτϨʔγϣϯςετʹڵ ຯΛ͍࣋ͬͯͩ͘͞ɻ

  22. Thank you! Please give me advice and feedback. [email protected] @PAKURI9

    @01ra66it https://github.com/01rabbit/PAKURI