applicationlayer

csv형식TXT형식으로 저장하여 업로드하면 파싱 후 DB저장
내부에 저장된 아이피로 검색해서 나오면 체크
검색되지 않는 아이피는 reverse-dns-lookup검색후 체크
안나오면 그냥 출력
일단 여기까지 메모메모

http://funnymins.tistory.com/80

관련함수
FindFirstChangeNotification
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365261(v=vs.85).aspx

WaitForMultipleObjects
http://killins.egloos.com/1566005
http://www.joinc.co.kr/modules/moniwiki/wiki.php/man/4200/WaitForMultipleObjects

구글맵연동 - 공격자아이피 빈도별로 쉰위를 매긴후 구글맵에 표시_마커아이콘은 만들던가 구하던가 해야지

파일명 지키자;
 [root@localhost html]# ll /usr/local/GeoIP/share/GeoIP/

webknight 로그수집가능 db적재후 웹출력, 검색기능 추가 완료
(검색인터페이스 ibm proventia참고 ㅋㅋ)

geoip를 이용해 국기그림 출력

계획
geoip로 좌표구하기, googlemap api로 지도에 나타낸후 화면출력

예를들자면

지도그림은 http://techpad.tistory.com/24 에서 퍼옴

 

참고하자
http://techpad.tistory.com/24

테이블 고정 & 글자가 넘어가면 넘어가는 문자를 안보이게 처리
style="white-space:nowrap; overflow:hidden;

 

%%%%%http://blog.daum.net/toddryu/81

http://blog.dasom.pe.kr/20

sdfg

.encoding = "KS_C_5601-1987"

암축풀어서 /lib/firmware/에 붙여넣으면 된다.

기본명령어
lspci - 장치보기
iwconfig
ifconfig

출처 익스플로잇디

http://www.exploit-db.com/download_pdf/17261

Switch#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/1, Gig0/2
2    int_0                            active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10
3    int_1                            active    Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20
4    int_2                            active   
5    int_250                          active   
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
3    enet  100003     1500  -      -      -        -    -        0      0
4    enet  100004     1500  -      -      -        -    -        0      0
5    enet  100005     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0  
1003 tr    101003     1500  -      -      -        -    -        0      0  
1004 fdnet 101004     1500  -      -      -        ieee -        0      0  
1005 trnet 101005     1500  -      -      -        ibm  -        0      0  

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#ip routing
Switch(config)#
Switch(config)#int vlan 2
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up
Switch(config-if)#ip address 192.168.0.1 255.255.255.0
Switch(config-if)#int vlan 3

%LINK-5-CHANGED: Interface Vlan3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3, changed state to up
Switch(config-if)#ip address 192.168.1.1 255.255.255.0
Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
Switch#sh ip int b
Interface              IP-Address      OK? Method Status                Protocol
 
FastEthernet0/1        unassigned      YES manual up                    up
 
FastEthernet0/2        unassigned      YES manual down                  down
 
FastEthernet0/3        unassigned      YES manual down                  down
 
FastEthernet0/4        unassigned      YES manual down                  down
 
FastEthernet0/5        unassigned      YES manual down                  down
 
FastEthernet0/6        unassigned      YES manual down                  down
 
FastEthernet0/7        unassigned      YES manual down                  down
 
FastEthernet0/8        unassigned      YES manual down                  down
 
FastEthernet0/9        unassigned      YES manual down                  down
 
FastEthernet0/10       unassigned      YES manual down                  down
 
FastEthernet0/11       unassigned      YES manual up                    up
 
FastEthernet0/12       unassigned      YES manual down                  down
 
FastEthernet0/13       unassigned      YES manual down                  down
 
FastEthernet0/14       unassigned      YES manual down                  down
 
FastEthernet0/15       unassigned      YES manual down                  down
 
FastEthernet0/16       unassigned      YES manual down                  down
 
FastEthernet0/17       unassigned      YES manual down                  down
 
FastEthernet0/18       unassigned      YES manual down                  down
 
FastEthernet0/19       unassigned      YES manual down                  down
 
FastEthernet0/20       unassigned      YES manual down                  down
 
FastEthernet0/21       unassigned      YES manual down                  down
 
FastEthernet0/22       unassigned      YES manual down                  down
 
FastEthernet0/23       unassigned      YES manual down                  down
 
FastEthernet0/24       unassigned      YES manual down                  down
 
GigabitEthernet0/1     unassigned      YES manual down                  down
 
GigabitEthernet0/2     unassigned      YES manual down                  down
 
Vlan1                  unassigned      YES manual administratively down down
 
Vlan2                  192.168.0.1     YES manual up                    up
 
Vlan3                  192.168.1.1     YES manual up                    up
Switch#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.0.0/24 is directly connected, Vlan2
C    192.168.1.0/24 is directly connected, Vlan3
Switch#

http://cve.mitre.org/about/faqs.html#a13

하나씩 공부하자
출처;헐랭이,
       http://jeremiahgrossman.blogspot.com/2010/11/calling-all-security-researchers-submit.html
ASP.NET 'Padding Oracle' Crypto Attack
Attacking HTTPS with Cache Injection
Breaking into a WPA network with a webpage
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
Chrome and Safari users open to stealth HTML5 AppCache attack
Chronofeit Phishing
Converting unimplementable Cookie-based XSS to a persistent attack
Cookie Eviction
Cracking hashes in the JavaScript cloud with Ravan
Cross Site URL Hijacking by using Error Object in Mozilla Firefox
DNS Rebinding on Java Applets
Evercookie
Expanding the Attack Surface
Flash Camera and Mic Remember Function and XSS
Fooling B64_Encode(Payload) on WAFs and filters
Generic cross-browser cross-domain theft
Get Internal Network Information with Java Applets
Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation
Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox, Internet Explorer)
How to Conceal XSS Injection in HTML5
IIS5.1 Directory Authentication Bypass by using ":$I30:$Index_Allocation"
IIS6/ASP & file upload for fun and profit
Improving HTTPS Side Channel Attacks
Internal Port Scanning via Crystal Reports
Java Applet Same IP Host Access
Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem
JavaSnoop
Lost in Translation (ASP’s HomoXSSuality)
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user
MitM DNS Rebinding SSL/TLS Wildcards and XSS
MySQL Stacked Queries with SQL Injection...sort of
NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward)
Next Generation Clickjacking
No Alnum JavaScript (cheat sheet, jjencode demo)
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick
Non-Obvious (Crypto) Bugs by Example
One vector to rule them all
Penetrating Intranets through Adobe Flex Applications
Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers
Persistent Cross Interface Attacks
Poisoning proxy caches using Java/Flash/Web Sockets
Popup & Focus URL Hijacking
Port Scanning with HTML5 and JS-Recon
Posting raw XML cross-domain
Quick Proxy Detection
Re-visiting JAVA De-serialization: It can't get any simpler than this !!
SQLi filter evasion cheat sheet (MySQL)
Side Channel Attacks in SSL
Stealing entire Auto-Complete data in Google Chrome
Stored XSS Vulnerability @ Amazon
Stroke triggered XSS and StrokeJacking
Strokejacking
Tapjacking: owning smartphone browsers
The curse of inverse strokejacking
Turning XSS into Clickjacking
Universal XSS in IE8
Using Cookies For Selective DoS and State Detection
Will it Blend?
XSHM Mark 2
XSS-Track: How to quietly track a whole website through single XSS
XSSing client-side dynamic HTML includes by hiding HTML inside images and more
padding oracle web attack (poet, Padbuster, demo)
phpwn: Attack on PHP sessions and random numbers
출처:최근의 웹 해킹 기술

시간초과로 인한 세션종료를 방지하는법

#unset TMOUT

GUI환경에서 네트워크 트래픽을 감시할 수 있는 (snort내장) HenWen이라는 NIDS프로그램이 있었으나 개발이 중단되어 leopard에서는 돌아가지 않는다.
http://seiryu.home.comcast.net/~seiryu/henwen.html

macports를 이용하여 snort mysql base를 쉽게 연동할 수 있다.
http://homepage.mac.com/duling/halfdozen/Snort-Howto.html

==========Mysql설정 ====================================

1. mysql 설치
$sudo port install mysql5 +server

2. 데이터베이스 셋업
$sudo -u mysql mysql_install_db5

2.1 만약 퍼미션 에러가 발생할 경우 아래와 같이 입력한다.
$sudo mysql_install_db5
$sudo chown -R _mysql:_mysql /opt/local/var/db/mysql5

3. mysql 실행
$sudo /opt/local/lib/mysql5/bin/mysqld_safe &

3.1 /opt/local/var/run 경로를 찾을 수 없다고 나올 경우 직접 수동으로 생성 해 준다.
$sudo mkdir /opt/local/var/run
$sudo chmod g+w /opt/local/var/run
$sudo mkdir /opt/local/var/run/mysql5
$sudo chown mysql /opt/local/var/run/mysql5

4. 패스워드 설정
$sudo /opt/local/lib/mysql5/bin/mysqladmin -u root password '암호'

 
==========php설정 ====================================
php패키지 설치
http://www.entropy.ch/software/macosx/php/

==========http 설정 ====================================
leopard는 apache를 이용한 웹 공유 기능이 내장되어있으므로 apache를 다시 설치할 필요가 없다.

apache 설정파일은 /private/etc/apache2/httpd.conf에 있다 주석을 제거하여 php와 연동시킨다.
#LoadModule php5_module        libexec/apache2/libphp5.so

apache는 환경설정 > 공유 에서 [웹 공유]를 체크하여 활성화시킬 수 있다
(DocumentRoot는 /Library/WebServer/Documents/ 이다)


나머지는 아래 링크를 따라하면 된다.
http://homepage.mac.com/duling/halfdozen/Snort-Howto.html

주의: 웹 루트에 adodb링크를 만들때 메뉴얼과 비교해서 약간 경로명이 다르니 확인해야함.
        base_conf.php파일에서 db연동정보를 localhost가 아니라 127.0.0.1로 해야 페이지가 정상적으로 뜬다. 이유는 모르겠다.

#!/usr/bin/perl
 
use IO::Socket;
 
sub connection {
    my ($a_sock) = @_;
 
    print $a_sock "        *** TCP ECHO SRV ***\n\n\r";
    while( defined($buf = <$a_sock>)) {
        print $a_sock $buf;
    }
    exit;
}
 
my $sock = new IO::Socket::INET (LocalHost => 'ANY',
                              LocalPort => 4242,
                              Proto => 'tcp',
                              Listen => 5,
                              Reuse => 1);
 
die "Unable to create Socket, error: $!" unless $sock;
 
print "Tcp server running\n";
 
sub REAPER {
    while(waitpid(-1,WNOHANG) > 0) { ; }
    $SIG{CHLD} = \&REAPER;
}
 
$SIG{CHLD} = \&REAPER;
 
my $a_sock;
 
while (1) {
    $a_sock = $sock->accept();
    if (defined($a_sock)) {
        my $pid = fork;
        if ($pid == 0) {
            connection($a_sock);
            exit(0);
        } else {
            close($a_sock);
        }
    }
}
 
close $sock;
 

SharinGan Scanner 1.2.1 이거뭐냐

## History:
## + Fixed cryptz command (v4.5)
## + Fixed user commands execution by unauthorized user (v4.6) (thx to ajegile)
## + Added options to enable/disable encrypted password (v4.7)
## + Fixed missing hostname on sublink (v4.8)
## + Added links filter to exclude exploiting bad links (v4.9)
## + Fixed private message scanning (v4.9.2) (thx to BLood_roSE)
## + Added spread configuration (v5.0)
## + Updated search engines (v5.1)
## + Added HTTP Error handler for search engines (v5.2)
## + Added more search engines (v5.3) (thx to kaMtiEz, arianom, tukulesto, & Mask_Magician)
## + Added md5 hash & crack tool (v5.4)

http://msdn.microsoft.com/en-us/library/cc144200%28VS.85%29.aspx

볼줄아는것과 할줄 아는건 다르다