Upgrade to Pro — share decks privately, control downloads, hide ads and more …

P.A.K.U.R.I SECCON2019 Akihabara YOROZU

Avatar for Mr.Rabbit Mr.Rabbit
December 21, 2019
Technology
1
100

P.A.K.U.R.I SECCON2019 Akihabara YOROZU

Avatar for Mr.Rabbit

Mr.Rabbit

December 21, 2019
Tweet

More Decks by Mr.Rabbit

See All by Mr.Rabbit
BOCCHI
Avatar for Mr.Rabbit 01rabbit
0
8
KaliPAKU
Avatar for Mr.Rabbit 01rabbit
0
9
Babbly
Avatar for Mr.Rabbit 01rabbit
0
56
P.A.K.U.R.I AVTOKYO HIVE
Avatar for Mr.Rabbit 01rabbit
0
57
The Empire Strikes Back ~MR.RABBIT 帝国の逆襲~
Avatar for Mr.Rabbit 01rabbit
0
230
地雷探しに脆弱性を使うのは間違っているだろうか Hack a Minesweeper
Avatar for Mr.Rabbit 01rabbit
0
190
あの日学んだ攻撃の方法を僕達はまだ知らない。
Avatar for Mr.Rabbit 01rabbit
0
180
MR.RABBIT 聞いた事はあるけど、実際には見た事がないハッキングガジェット
Avatar for Mr.Rabbit 01rabbit
2
7.3k

Other Decks in Technology

See All in Technology
データベース04: SQL (1/3) 単純質問 & 集約演算
Avatar for Y. Yamamoto trycycle
PRO
0
730
Sleep-time Compute: LLM推論コスト削減のための事前推論
Avatar for sergicalsix sergicalsix
1
120
既存の開発資産を活かしながら、 《新規開発コスト抑制》と《開発体験向上》 を両立する拡張アーキテクチャ事例
Avatar for kubell kubell_hr
0
140
newmo の創業を支える Software Architecture と Platform Engineering
Avatar for Yuki Ito 110y
5
490
dbtとリバースETLでデータ連携の複雑さに立ち向かう
Avatar for Toru Morooka morookacube
0
690
CARTA HOLDINGS エンジニア向け 採用ピッチ資料 / CARTA-GUIDE-for-Engineers
Avatar for CARTA Engineering carta_engineering
0
27k
Vibe Coding Tools
Avatar for Michael H. Oshita ijin
0
210
木を見て森も見る-モジュールが織りなすプロダクトの森
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
100
さくらのクラウド開発の裏側
Avatar for metakoma metakoma
PRO
4
1.6k
20 Years of Domain-Driven Design: What I’ve Learned About DDD
Avatar for Eberhard Wolff ewolff
1
350
経済メディア編集部の実務に小さく刺さるAI / small-ai-with-editorial
Avatar for Yukiya Nakagawa nkzn
2
390
genspark_presentation.pdf
Avatar for h.uriu haruki_uiru
1
250

Featured

See All Featured
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
183
22k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
81
9k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
10k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
10
790
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
38
1.8k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
329
24k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
85
4.7k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
23
1.6k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
52
2.5k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
35
2.7k

Transcript

  1. 1",63* SECCON 2019 Akihabara 2019/12/21 - 22 YOROZU @Mr.Rabbit 0QFSBUJPOXJUI5FOLFZ

  2. Who am i ໊લ.S3BCCJU ࢿ֨ΞʔΫ༹઀ɺখܕҠಈࣜΫ Ϩʔϯɺۄֻ͚ɺେܕࣗಈंɺ 0481ɺ$*441ɺ44$1 طԟ঱ਥೋප झຯαόήʔɺΞχϝ ৬ྺݩαΠόʔσΟϑΣϯεݚڀॴ

    ݚमੜ

  3. What is PAKURI ? 1FOFUSBUJPOUFTU "DIJFWF ,OPXMFEHF 6OJUF 3BQJE *OUFSGBDF

  4. What is PAKURI ? ϖωτϨʔγϣϯςετʹඞཁͦ͏ͳπʔϧΛدͤू Ίͯɺ୭Ͱ΋ɺ؆୯ʹɺͦΕͬΆ࣮͘ߦग़དྷΔ༷ʹߏ ੒ͨ͠πʔϧ ͬ͘͟Γݴ͏ͱύΫͬͯΔXʢݖར͸৵֐ͯ͠·ͤΜʣ ͺ͘Δʢҟ௲ɿύΫΔʣ 

    ύΫύΫͱ৯΂Δɻେ͖ͳޱΛ։͚ͯ৯΂Δɻ  ʢଏޠʣ伱Λ͍ͭͯۚ඼Λ͔ͬ͞Β͏ɻۚમ΍ྉۚΛԣྖ͢Δɻ  ʢଏޠʣ౪༻͢Δɻ  ʢଏޠʣܯ࡯ͳͲ͕ਓΛั·͑ɺัറ͢Δɻ IUUQTKBXJLUJPOBSZPSHXJLJͺ͘Δ

  5. 1",63*ͷೳྗ  ৘ใऩूٴͼྻڍ  ੬ऑੑͷ෼ੳ  ೝূࢼߦ  &YQMPJUʢิॿʣ 

    ৘ใͷՄࢹԽ

  6. ҰൠతͳϖωτϨʔγϣϯςετͷྲྀΕ /P ςετ߲໨ આ໌  ϗετݕग़ *$.1Ԡ౴֬ೝΛ࢖༻ͯ͠ɺର৅ͱͳΔγεςϜ্ͷϗετ Λݕग़͢Δ  5$16%1εΩϟϯ

    ٙࣅ߈ܸͷର৅ͱͳΔϗετ͕ଘࡏ͠ϗετ্Ͱٙࣅ߈ܸର ৅ʹͳΔαʔϏε͕Քಇ͍ͯ͠Δ͜ͱΛ֬ೝ͢Δ  ੬ऑੑͷ֬ೝ ੬ऑੑεΩϟφΛར༻͠໢ཏతʹ੬ऑੑͷଘࡏΛ֬ೝ͢Δ  ೝূࢼߦɾΞΫηεݖऔಘ ਪଌՄೳͳΞΧ΢ϯτɾύεϫʔυΛ༻͍ͯೝূࢼߦΛߦ ͍ɺαʔϏε΍ΞϓϦέʔγϣϯͷར༻Մ൱Λ֬ೝ͢Δ  ط஌੬ऑੑΛར༻ͨٙ͠ࣅ߈ܸ ط஌੬ऑੑΛར༻͠ɺ߈ܸίʔυΛ࢖༻ͯٙ͠ࣅ߈ܸΛߦ ͍ɺ࣮ࡍʹ৵ೖٴͼ৘ใͷ઄औ͕Մೳ͔֬ೝ͢Δ  Өڹ౓ͷ֬ೝ ٙࣅ߈ܸ͕੒ޭͨ͠ϗετͷݖݶ΍ϑΝΠϧ౳Λ෼ੳ͠ଞͷ ϗετ΁ͷӨڹ౓Λ֬ೝ͢Δ

  7. 1",63*Ͱ΍Γ͍ͨ͜ͱ /P ςετ߲໨  ϗετݕग़  5$16%1εΩϟϯ  ੬ऑੑͷ֬ೝ 

    ೝূࢼߦɾΞΫηεݖऔಘ  ط஌੬ऑੑΛར༻ͨٙ͠ࣅ߈ܸ  Өڹ౓ͷ֬ೝ ͜ͷൣғΛαϙʔτ͍ͨ͠  ৘ใऩूٴͼྻڍ  ੬ऑੑͷ෼ੳ  ೝূࢼߦ  &YQMPJUʢิॿʣ  ৘ใͷՄࢹԽ

  8. ૢ࡞͕೉͍͠ͷͰ͸ʁ ೉͍͠ͷ͸ͪΐͬͱͶɾɾɾ

  9. ςϯΩʔ͚ͩͰಈ͘Α

  10. ը໘

  11. جຊίϚϯυ ΤΫεϓϩΠτίϚϯυ ίϯϑΟάίϚϯυ εΩϟϯίϚϯυ ίϯϘΛܾΊͯ ίϚϯυ࣮ߦʂʂ

  12. εΩϟϯίϯϘ Discovery Host Vulnerability Scan Well-known ports Scan(Details) AutoRecon ͳʹΛ͢Δʹ΋·ͣ͸ίϨ

    ΦεεϝίϯϘ "VUP3FDPO %JTDPWFSZ)PTU

  13. ΤΫεϓϩΠτίϯϘ Password Crack Create MSF DB Import to MSF DB

    Start Metasploit Check the service ৘͚͸ແ༻ɺୟ͖ࠐΊʂ ΦεεϝίϯϘ 1BTTXPSE$SBDL

  14. ίϯϑΟάίϯϘ Import data into Faraday Switch CUI mode Configure targets

    Switch GUI mode ੒ޭͷΧΪ͸ɺ४උീׂ ΦεεϝίϯϘ *NQPSUEBUBJOUP'BSBEBZ

  15. ϥʔχϯά ෼͔Βͳ͍ࣄΛ஌Δࣄ͕Ұ൪ͷֶͼ "TTJTU MFBSOUP ίϯϘͷ࠷ޙʹMFBSOUPΛબͿͱ ը໘ӈଆʹ࣮ߦ͞ΕΔίϚϯυͷ આ໌͕දࣔ͞ΕΔ "TTJTUΛબͿͱɺ֤جຊίϚϯ υͰͷಈ࡞ʹ͍ͭͯͷղઆΛද ࣔ͢Δ

  16. 1",63*ΛऔΓೖΕֶͨशαΠΫϧ ࣮ԋ ղઆ ʢϥʔχϯάʣ ࣮श ʢίϯϘʣ ੒ޭମݧ ʢ݁ՌͷՄࢹԽʣ ΍ͬͯΈͤɺݴͬͯฉ͔ͤͯɺͤͯ͞Έͤɺ΄Ίͯ΍ΒͶ͹ɺਓ͸ಈ͔͡ ࢁຊޒे࿡

  17. Your benefits ϨουνʔϜͷ৔߹  1",63*Λ࢖༻͢ΔࣄͰɺසൟʹར༻͢ΔίϚϯυΛ ೖྗ͢Δख͕ؒল͚·͢ɻ  ॳ৺ऀͷϖϯςελʔ͸ɺ1",63*Λ࢖༻ͯ͠߈ܸͷ ྲྀΕΛֶ΂·͢ɻ ϒϧʔνʔϜͷ৔߹

     ؆୯ͳૢ࡞Ͱɺ߈ܸऀͷߦಈΛ໛฿Ͱ͖·͢ɻ ˞͋͘·Ͱ΋ҰྫͰ͢

  18. ֶश͔Β࣮຿·ͰςϯΩʔ͚ͩͰͰ͖Δʂ

  19. テンキーの子 Operation with Ten-key

  20. ·ͱΊ ɹϖϯςελʔ͸खΛಈ͔͢͜ͱ͕େ޷͖Ͱ͢ɻ͔͠͠ɺ ໘౗͍͘͞࡞ۀ͸޷͖Ͱ͸͋Γ·ͤΜɻ1",63*͸ɺϖω τϨʔγϣϯςετͰසൟʹ࢖༻͢ΔίϚϯυΛςϯΩʔ ͷૢ࡞͚ͩͰ࣮ߦ͠·͢ɻ·ΔͰ֨ಆήʔϜΛ΍͍ͬͯΔ Α͏ͳײ֮ͰͰ͖·͢ɻ

  21. ·ͱΊ ɹ1",63*͸ϖωτϨʔγϣϯςελʔͷΩϟϦΞΛ։ ࢝͢Δͷʹ΋໾ʹཱͯΔͱࢥ͍·͢ɻ,BMJ5PPMTʹ४ڌ ͢ΔπʔϧΛ࢖༻͍ͯ͠ΔͷͰඞཁҎ্ʹഁյ͢Δ͜ͱ ͸͠·ͤΜɻ1",63*Λ࢖༻͢Δ͜ͱͰɺϖωτϨʔ γϣϯςετͷϑϩʔΛ؆୯ʹମݧֶ͠Ϳ͜ͱ͕ग़དྷ· ͢ɻ ɹ1",63*Λ࢖ͬͯΈͯɺϖωτϨʔγϣϯςετʹڵ ຯΛ͍࣋ͬͯͩ͘͞ɻ

  22. Thank you! Please give me advice and feedback. [email protected] @PAKURI9

    @01ra66it https://github.com/01rabbit/PAKURI