Upgrade to Pro — share decks privately, control downloads, hide ads and more …

P.A.K.U.R.I SECCON2019 Akihabara YOROZU

Avatar for Mr.Rabbit Mr.Rabbit
December 21, 2019
Technology
130
1

P.A.K.U.R.I SECCON2019 Akihabara YOROZU

Avatar for Mr.Rabbit

Mr.Rabbit

December 21, 2019

More Decks by Mr.Rabbit

See All by Mr.Rabbit
Azazel Series
Avatar for Mr.Rabbit 01rabbit
0
89
Azazel System for Emergency Shelters
Avatar for Mr.Rabbit 01rabbit
0
190
BOCCHI
Avatar for Mr.Rabbit 01rabbit
0
50
KaliPAKU
Avatar for Mr.Rabbit 01rabbit
0
32
Babbly
Avatar for Mr.Rabbit 01rabbit
0
91
P.A.K.U.R.I AVTOKYO HIVE
Avatar for Mr.Rabbit 01rabbit
0
110
The Empire Strikes Back ~MR.RABBIT 帝国の逆襲~
Avatar for Mr.Rabbit 01rabbit
0
260
地雷探しに脆弱性を使うのは間違っているだろうか Hack a Minesweeper
Avatar for Mr.Rabbit 01rabbit
0
220
あの日学んだ攻撃の方法を僕達はまだ知らない。
Avatar for Mr.Rabbit 01rabbit
0
200

Other Decks in Technology

See All in Technology
Kiro Ambassador を目指す話
Avatar for Kazuki Adachi k_adachi_01
0
110
手塩にかけりゃいいってもんじゃない
Avatar for ming ming_ayami
0
610
脆弱性対応、どこで線を引くか
Avatar for ryoji miyamoto rymiyamoto
1
420
Kubernetesにおける学習基盤とLLMOpsの概要
Avatar for ry ry
1
320
エラーバジェットのアラートのタイミングを考える.pdf
Avatar for KairiM kairim0
0
180
10年間のブログ発信を振り返って見えたWebアプリケーションエンジニアとしての軌跡
Avatar for すてにゃん stefafafan
0
170
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
Avatar for Eric Deandrea edeandrea
PRO
1
170
「勝手に広まる」人気 AI エージェントを爆速で作ろう!(AWS Summit Japan 2026講演資料)
Avatar for みのるん minorun365
PRO
10
2k
【NRUG vol.18】KubernetesにおけるNew Relicデータ取得量削減の考え方
Avatar for NRUG member nrug_member
0
170
いまさら聞けない「仕様駆動開発入門」 〜AI活用時代の開発プロセスを考える〜
Avatar for ファインディ株式会社(イベント資料アップ用) findy_eventslides
2
160
SONiC Scale-Up Working Group から探る Scale-UpやUltraEthernet機能の実装方法
Avatar for ebiken ebiken
PRO
2
420
脱SaaS!FDEを支えるプロビジョニングと分離設計
Avatar for Kenichi SUZUKI knih
0
240

Featured

See All Featured
Believing is Seeing
Avatar for Spiro Bolos oripsolob
1
150
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
310
What does AI have to do with Human Rights?
Avatar for Per Axbom axbom
PRO
1
2.2k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
10k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
118
120k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
Avatar for Sophie Logan marketingsoph
0
170
Amusing Abliteration
Avatar for ianozsvald ianozsvald
1
210
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k
WENDY [Excerpt]
Avatar for Tessa Abrams tessaabrams
11
38k
Marketing Yourself as an Engineer | Alaka | Gurzu
Avatar for Gurzu gurzu
0
240
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
Avatar for Aleyda Solis aleyda
1
1.3k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
304
22k

Transcript

  1. 1",63* SECCON 2019 Akihabara 2019/12/21 - 22 YOROZU @Mr.Rabbit 0QFSBUJPOXJUI5FOLFZ

  2. Who am i ໊લ.S3BCCJU ࢿ֨ΞʔΫ༹઀ɺখܕҠಈࣜΫ Ϩʔϯɺۄֻ͚ɺେܕࣗಈंɺ 0481ɺ$*441ɺ44$1 طԟ঱ਥೋප झຯαόήʔɺΞχϝ ৬ྺݩαΠόʔσΟϑΣϯεݚڀॴ

    ݚमੜ

  3. What is PAKURI ? 1FOFUSBUJPOUFTU "DIJFWF ,OPXMFEHF 6OJUF 3BQJE *OUFSGBDF

  4. What is PAKURI ? ϖωτϨʔγϣϯςετʹඞཁͦ͏ͳπʔϧΛدͤू Ίͯɺ୭Ͱ΋ɺ؆୯ʹɺͦΕͬΆ࣮͘ߦग़དྷΔ༷ʹߏ ੒ͨ͠πʔϧ ͬ͘͟Γݴ͏ͱύΫͬͯΔXʢݖར͸৵֐ͯ͠·ͤΜʣ ͺ͘Δʢҟ௲ɿύΫΔʣ 

    ύΫύΫͱ৯΂Δɻେ͖ͳޱΛ։͚ͯ৯΂Δɻ  ʢଏޠʣ伱Λ͍ͭͯۚ඼Λ͔ͬ͞Β͏ɻۚમ΍ྉۚΛԣྖ͢Δɻ  ʢଏޠʣ౪༻͢Δɻ  ʢଏޠʣܯ࡯ͳͲ͕ਓΛั·͑ɺัറ͢Δɻ IUUQTKBXJLUJPOBSZPSHXJLJͺ͘Δ

  5. 1",63*ͷೳྗ  ৘ใऩूٴͼྻڍ  ੬ऑੑͷ෼ੳ  ೝূࢼߦ  &YQMPJUʢิॿʣ 

    ৘ใͷՄࢹԽ

  6. ҰൠతͳϖωτϨʔγϣϯςετͷྲྀΕ /P ςετ߲໨ આ໌  ϗετݕग़ *$.1Ԡ౴֬ೝΛ࢖༻ͯ͠ɺର৅ͱͳΔγεςϜ্ͷϗετ Λݕग़͢Δ  5$16%1εΩϟϯ

    ٙࣅ߈ܸͷର৅ͱͳΔϗετ͕ଘࡏ͠ϗετ্Ͱٙࣅ߈ܸର ৅ʹͳΔαʔϏε͕Քಇ͍ͯ͠Δ͜ͱΛ֬ೝ͢Δ  ੬ऑੑͷ֬ೝ ੬ऑੑεΩϟφΛར༻͠໢ཏతʹ੬ऑੑͷଘࡏΛ֬ೝ͢Δ  ೝূࢼߦɾΞΫηεݖऔಘ ਪଌՄೳͳΞΧ΢ϯτɾύεϫʔυΛ༻͍ͯೝূࢼߦΛߦ ͍ɺαʔϏε΍ΞϓϦέʔγϣϯͷར༻Մ൱Λ֬ೝ͢Δ  ط஌੬ऑੑΛར༻ͨٙ͠ࣅ߈ܸ ط஌੬ऑੑΛར༻͠ɺ߈ܸίʔυΛ࢖༻ͯٙ͠ࣅ߈ܸΛߦ ͍ɺ࣮ࡍʹ৵ೖٴͼ৘ใͷ઄औ͕Մೳ͔֬ೝ͢Δ  Өڹ౓ͷ֬ೝ ٙࣅ߈ܸ͕੒ޭͨ͠ϗετͷݖݶ΍ϑΝΠϧ౳Λ෼ੳ͠ଞͷ ϗετ΁ͷӨڹ౓Λ֬ೝ͢Δ

  7. 1",63*Ͱ΍Γ͍ͨ͜ͱ /P ςετ߲໨  ϗετݕग़  5$16%1εΩϟϯ  ੬ऑੑͷ֬ೝ 

    ೝূࢼߦɾΞΫηεݖऔಘ  ط஌੬ऑੑΛར༻ͨٙ͠ࣅ߈ܸ  Өڹ౓ͷ֬ೝ ͜ͷൣғΛαϙʔτ͍ͨ͠  ৘ใऩूٴͼྻڍ  ੬ऑੑͷ෼ੳ  ೝূࢼߦ  &YQMPJUʢิॿʣ  ৘ใͷՄࢹԽ

  8. ૢ࡞͕೉͍͠ͷͰ͸ʁ ೉͍͠ͷ͸ͪΐͬͱͶɾɾɾ

  9. ςϯΩʔ͚ͩͰಈ͘Α

  10. ը໘

  11. جຊίϚϯυ ΤΫεϓϩΠτίϚϯυ ίϯϑΟάίϚϯυ εΩϟϯίϚϯυ ίϯϘΛܾΊͯ ίϚϯυ࣮ߦʂʂ

  12. εΩϟϯίϯϘ Discovery Host Vulnerability Scan Well-known ports Scan(Details) AutoRecon ͳʹΛ͢Δʹ΋·ͣ͸ίϨ

    ΦεεϝίϯϘ "VUP3FDPO %JTDPWFSZ)PTU

  13. ΤΫεϓϩΠτίϯϘ Password Crack Create MSF DB Import to MSF DB

    Start Metasploit Check the service ৘͚͸ແ༻ɺୟ͖ࠐΊʂ ΦεεϝίϯϘ 1BTTXPSE$SBDL

  14. ίϯϑΟάίϯϘ Import data into Faraday Switch CUI mode Configure targets

    Switch GUI mode ੒ޭͷΧΪ͸ɺ४උീׂ ΦεεϝίϯϘ *NQPSUEBUBJOUP'BSBEBZ

  15. ϥʔχϯά ෼͔Βͳ͍ࣄΛ஌Δࣄ͕Ұ൪ͷֶͼ "TTJTU MFBSOUP ίϯϘͷ࠷ޙʹMFBSOUPΛબͿͱ ը໘ӈଆʹ࣮ߦ͞ΕΔίϚϯυͷ આ໌͕දࣔ͞ΕΔ "TTJTUΛબͿͱɺ֤جຊίϚϯ υͰͷಈ࡞ʹ͍ͭͯͷղઆΛද ࣔ͢Δ

  16. 1",63*ΛऔΓೖΕֶͨशαΠΫϧ ࣮ԋ ղઆ ʢϥʔχϯάʣ ࣮श ʢίϯϘʣ ੒ޭମݧ ʢ݁ՌͷՄࢹԽʣ ΍ͬͯΈͤɺݴͬͯฉ͔ͤͯɺͤͯ͞Έͤɺ΄Ίͯ΍ΒͶ͹ɺਓ͸ಈ͔͡ ࢁຊޒे࿡

  17. Your benefits ϨουνʔϜͷ৔߹  1",63*Λ࢖༻͢ΔࣄͰɺසൟʹར༻͢ΔίϚϯυΛ ೖྗ͢Δख͕ؒল͚·͢ɻ  ॳ৺ऀͷϖϯςελʔ͸ɺ1",63*Λ࢖༻ͯ͠߈ܸͷ ྲྀΕΛֶ΂·͢ɻ ϒϧʔνʔϜͷ৔߹

     ؆୯ͳૢ࡞Ͱɺ߈ܸऀͷߦಈΛ໛฿Ͱ͖·͢ɻ ˞͋͘·Ͱ΋ҰྫͰ͢

  18. ֶश͔Β࣮຿·ͰςϯΩʔ͚ͩͰͰ͖Δʂ

  19. テンキーの子 Operation with Ten-key

  20. ·ͱΊ ɹϖϯςελʔ͸खΛಈ͔͢͜ͱ͕େ޷͖Ͱ͢ɻ͔͠͠ɺ ໘౗͍͘͞࡞ۀ͸޷͖Ͱ͸͋Γ·ͤΜɻ1",63*͸ɺϖω τϨʔγϣϯςετͰසൟʹ࢖༻͢ΔίϚϯυΛςϯΩʔ ͷૢ࡞͚ͩͰ࣮ߦ͠·͢ɻ·ΔͰ֨ಆήʔϜΛ΍͍ͬͯΔ Α͏ͳײ֮ͰͰ͖·͢ɻ

  21. ·ͱΊ ɹ1",63*͸ϖωτϨʔγϣϯςελʔͷΩϟϦΞΛ։ ࢝͢Δͷʹ΋໾ʹཱͯΔͱࢥ͍·͢ɻ,BMJ5PPMTʹ४ڌ ͢ΔπʔϧΛ࢖༻͍ͯ͠ΔͷͰඞཁҎ্ʹഁյ͢Δ͜ͱ ͸͠·ͤΜɻ1",63*Λ࢖༻͢Δ͜ͱͰɺϖωτϨʔ γϣϯςετͷϑϩʔΛ؆୯ʹମݧֶ͠Ϳ͜ͱ͕ग़དྷ· ͢ɻ ɹ1",63*Λ࢖ͬͯΈͯɺϖωτϨʔγϣϯςετʹڵ ຯΛ͍࣋ͬͯͩ͘͞ɻ

  22. Thank you! Please give me advice and feedback. [email protected] @PAKURI9

    @01ra66it https://github.com/01rabbit/PAKURI