Enviar pesquisa
Carregar
Shellshock 威脅案例
•
9 gostaram
•
915 visualizações
Shaolin Hsu
Seguir
HITCON Freetalk 分享的 shellshock 威脅案例,主要著重於顯示駭客入侵的過程,以及入侵之後怎麼利用。
Leia menos
Leia mais
Internet
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 44
Baixar agora
Baixar para ler offline
Recomendados
Python + Hive on AWS EMR で貧者のログサマリ
Python + Hive on AWS EMR で貧者のログサマリ
Akira Chiku
G2 bsc commissioning manual release b7.2
G2 bsc commissioning manual release b7.2
chungminh1108
Calea spre Parteneriat - Programul Introducing Broker
Calea spre Parteneriat - Programul Introducing Broker
SSIF Romcapital SA
Gpc 488 depresion_ap_paciente-1
Gpc 488 depresion_ap_paciente-1
juan luis delgadoestévez
Morning walker-infra-chi-walker
Morning walker-infra-chi-walker
healthshopfor
Mecanismos de falla
Mecanismos de falla
Edy Huanca
SEO - Optimizacion en buscadores
SEO - Optimizacion en buscadores
KanvasMedia
Security: The Great WordPress Lockdown - WordCamp Melbourne - February 2011
Security: The Great WordPress Lockdown - WordCamp Melbourne - February 2011
John Ford
Mais conteúdo relacionado
Destaque
HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析
Hacks in Taiwan (HITCON)
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊
Hacks in Taiwan (HITCON)
HITCON GIRLS_惡意程式分析介紹_in 成功大學_by Turkey_2016.04.28
HITCON GIRLS_惡意程式分析介紹_in 成功大學_by Turkey_2016.04.28
Shang Wei Li
Android Hook - Xposed Framework (Elven Liu)
Android Hook - Xposed Framework (Elven Liu)
HITCON GIRLS
被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in Taiwan
Shaolin Hsu
HITCON GIRLS: Android 滲透測試介紹 (Elven Liu)
HITCON GIRLS: Android 滲透測試介紹 (Elven Liu)
HITCON GIRLS
HITCON GIRLS: CTF 介紹 (小魚&念奇)
HITCON GIRLS: CTF 介紹 (小魚&念奇)
HITCON GIRLS
HITCON GIRLS Malware Analysis
HITCON GIRLS Malware Analysis
Hacks in Taiwan (HITCON)
HITCON CTF 2016導覽
HITCON CTF 2016導覽
HITCON GIRLS
CTF 經驗分享
CTF 經驗分享
Hacks in Taiwan (HITCON)
HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介
Hacks in Taiwan (HITCON)
HITCON GIRLS 成大講座 密碼學(阿毛)
HITCON GIRLS 成大講座 密碼學(阿毛)
HITCON GIRLS
HITCON GIRLS 成大講座 惡意程式分析(Turkey)
HITCON GIRLS 成大講座 惡意程式分析(Turkey)
HITCON GIRLS
HITCON TALK 產業視野下的 InfoSec
HITCON TALK 產業視野下的 InfoSec
Hacks in Taiwan (HITCON)
HITCON GIRLS 成大講座 基礎知識(蜘子珣)
HITCON GIRLS 成大講座 基礎知識(蜘子珣)
HITCON GIRLS
Destaque
(15)
HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON GIRLS_惡意程式分析介紹_in 成功大學_by Turkey_2016.04.28
HITCON GIRLS_惡意程式分析介紹_in 成功大學_by Turkey_2016.04.28
Android Hook - Xposed Framework (Elven Liu)
Android Hook - Xposed Framework (Elven Liu)
被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in Taiwan
HITCON GIRLS: Android 滲透測試介紹 (Elven Liu)
HITCON GIRLS: Android 滲透測試介紹 (Elven Liu)
HITCON GIRLS: CTF 介紹 (小魚&念奇)
HITCON GIRLS: CTF 介紹 (小魚&念奇)
HITCON GIRLS Malware Analysis
HITCON GIRLS Malware Analysis
HITCON CTF 2016導覽
HITCON CTF 2016導覽
CTF 經驗分享
CTF 經驗分享
HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介
HITCON GIRLS 成大講座 密碼學(阿毛)
HITCON GIRLS 成大講座 密碼學(阿毛)
HITCON GIRLS 成大講座 惡意程式分析(Turkey)
HITCON GIRLS 成大講座 惡意程式分析(Turkey)
HITCON TALK 產業視野下的 InfoSec
HITCON TALK 產業視野下的 InfoSec
HITCON GIRLS 成大講座 基礎知識(蜘子珣)
HITCON GIRLS 成大講座 基礎知識(蜘子珣)
Semelhante a Shellshock 威脅案例
Crowd-Powered Parameter Analysis for Visual Design Exploration (UIST 2014)
Crowd-Powered Parameter Analysis for Visual Design Exploration (UIST 2014)
Yuki Koyama
Biw learning in the new normal
Biw learning in the new normal
JohnMoor5
GraphView のすゝめ / Introduction of GraphView
GraphView のすゝめ / Introduction of GraphView
Mori Tetsuya
Coding Guidelines
Coding Guidelines
Richard van Delft
GruntJS 로 개발프로세스 구축하기
GruntJS 로 개발프로세스 구축하기
현진 김
Go for web
Go for web
Weng Wei
AmbientのデータをNoodlで受信して可視化してみた
AmbientのデータをNoodlで受信して可視化してみた
AmbientData
&DPO $SPTT 4FDUJPO.VMUJQMF 3FHSFTTJPO1SPG +BTPO .docx
&DPO $SPTT 4FDUJPO.VMUJQMF 3FHSFTTJPO1SPG +BTPO .docx
mayank272369
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
ikeyat
Koşuyolu Koru Evleri - Eng.pdf
Koşuyolu Koru Evleri - Eng.pdf
Listing Turkey
モダンAngularJS @ GDG中国2014.12.6
モダンAngularJS @ GDG中国2014.12.6
Okuno Kentaro
Better ties better sales
Better ties better sales
JohnMoor5
Ttake Mandrini 01
Ttake Mandrini 01
Angelo Belgeri
表現学習時代の生成語彙論ことはじめ
表現学習時代の生成語彙論ことはじめ
Yuya Unno
ASSEMBLEA GENERALE ANDIL 2014
ASSEMBLEA GENERALE ANDIL 2014
ANDIL_laterizi
4차 산업혁명 시대, 의료기기 표준화 이슈
4차 산업혁명 시대, 의료기기 표준화 이슈
Jonathan Jeon
What's New in Spring Boot 2.5
What's New in Spring Boot 2.5
ikeyat
Dennis John Paul of NZ Struc
Dennis John Paul of NZ Struc
FingerPointer
Thesis
Thesis
Alejandro Aguilar Extremo
US-40
US-40
Johnny Chiu
Semelhante a Shellshock 威脅案例
(20)
Crowd-Powered Parameter Analysis for Visual Design Exploration (UIST 2014)
Crowd-Powered Parameter Analysis for Visual Design Exploration (UIST 2014)
Biw learning in the new normal
Biw learning in the new normal
GraphView のすゝめ / Introduction of GraphView
GraphView のすゝめ / Introduction of GraphView
Coding Guidelines
Coding Guidelines
GruntJS 로 개발프로세스 구축하기
GruntJS 로 개발프로세스 구축하기
Go for web
Go for web
AmbientのデータをNoodlで受信して可視化してみた
AmbientのデータをNoodlで受信して可視化してみた
&DPO $SPTT 4FDUJPO.VMUJQMF 3FHSFTTJPO1SPG +BTPO .docx
&DPO $SPTT 4FDUJPO.VMUJQMF 3FHSFTTJPO1SPG +BTPO .docx
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
[JSUG SpringOne 2021 報告会]見えてきたSpring 6.0の方向性
Koşuyolu Koru Evleri - Eng.pdf
Koşuyolu Koru Evleri - Eng.pdf
モダンAngularJS @ GDG中国2014.12.6
モダンAngularJS @ GDG中国2014.12.6
Better ties better sales
Better ties better sales
Ttake Mandrini 01
Ttake Mandrini 01
表現学習時代の生成語彙論ことはじめ
表現学習時代の生成語彙論ことはじめ
ASSEMBLEA GENERALE ANDIL 2014
ASSEMBLEA GENERALE ANDIL 2014
4차 산업혁명 시대, 의료기기 표준화 이슈
4차 산업혁명 시대, 의료기기 표준화 이슈
What's New in Spring Boot 2.5
What's New in Spring Boot 2.5
Dennis John Paul of NZ Struc
Dennis John Paul of NZ Struc
Thesis
Thesis
US-40
US-40
Último
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
Jan Löffler
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Shreedeep Rayamajhi
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
APNIC
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Roxana Stingu
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
mchristianalwyn
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
naveenithkrishnan
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
lesteraporado16
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
Mavein
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
edrianrheine
Zero-day Vulnerabilities
Zero-day Vulnerabilities
alihassaah1994
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
Shubham Pant
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
ssuser166378
Último
(12)
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
Zero-day Vulnerabilities
Zero-day Vulnerabilities
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
Shellshock 威脅案例
1.
)*5$0/ⶳయფ⫨Ⲣਫ਼ 4IFMMTIPDLઅ⓮ᑂΩ $BTF4UVEZPG4IFMMTIPDL
CZTIBPMJO
2.
2 TIBPMJO Ꮛ TIBPMJO!EFWDPSF
3.
3 4IFMM4IPDLମ▕֞ᴎ⾓Ք⿏⎛⭉⑸
4.
4 #BTI㙪ᮭ4IFMMTIPDLᦡᡂ㦎֞ᴎۃዾ⎛↫Ўᐎࣞ㏱ۗᙜ
5.
HFOEB 4IFMMTIPDLأྤᇓ⯁ ᓪђⲄ፧
ኄчᷗ$(*ỉ⎛㔄Ўᐎࣞ ⑸ྻ%)$1Ўᐎࣞᒜ⿏⎸чᷗ⓱ ␟(JU4VCWFSTJPOЎᐎࣞỉTIFMM㏗ؕ ኄ.BJMЎᐎࣞ ऱၥ ಉ⍓ 5
6.
6 أྤᇓ⯁
7.
ᶁⴳዾٛͧ₵ધͿ() { :;};
ᛦ㘵CBTIⱜᶁⴳዾጫిݥ क़₵ધͿᆵϪᅅϝಁᐆ⬦ৎ⫤ () { :;}; echo vulnerable 7 ⫀␢ 4IFMMTIPDLᔘ ༓༶ႝ̴
8.
8 ਦͺⲎሯᇜ ๏⬜ӷӜ⊉㡯
㘓ా࿅⽽㦑 ტؐय़ጫ֜ᶁⴳዾ ტؐय़ጫރܛCBTI
9.
9 ᓪђⲄ፧
10.
10 ᑂΩ⯟ ߑα⌍⍮⇜ܮኄᔜϨ
㘓ాܟϞ༢㣉؍ᷗ
11.
11 ᓪђ͡ ኄчᷗ$(*ỉ⎛㔄Ўᐎࣞ
12.
12 Ξᴰ$(*᳚ঋˤͥ፦࠵ ᔜϨ͡㦑ᶁⴳዾ
)551)FBEFS֝ᐆఎ֜ᶁⴳዾ ᔜϨΧ㦑ৎ⫤CBTI ᐊαᆵܔᐥ⻳CBTITIFMMTDSJQU႙֦ఇ ℨรᐊރܛؐCBTI
13.
13 -BOHVBHF 7VMOFSBCMF'VODUJPO
1FSM FYFD EBUFEFWOVMM PQFO 4)--4)0$, ]EBUFEFWOVMM TZTUFN EBUFEFWOVMM QSJOUAEBUFEFWOVMMA 1)1 FYFD EBUF TZTUFN EBUF NC@TFOE@NBJM 1ZUIPO PTTZTUFN EBUF TVCQSPDFTTDBMM EBUF TIFMM5SVF TVCQSPDFTT1PQFO EBUF TIFMM5SVF 3VCZ AEBUFA FYFDEBUF TZTUFNEBUF
14.
14 DVSM ^FDIPCJODBUFUDQBTTXEIUUQUBSHFU ኄḅ㒘Ⴆॎ
15.
16 㔃கਦͺդᴰ ね
Ŏ ܋໔⌍⍮ኆЪᛈ㏗ য㍫ Ŏ ↦܋ࠎᖱⶳጓɗᐆ߉ⶳጓ Ŏ #PUOFU $$TFSWFS #PU Ŏ ᑡ Ŏ ኄ֝⎛ ŏ
16.
17 㔃கਦͺդᴰ Ŏ
%FOJBMPG4FSWJDF Ŏ Ŏ ㍱᳐⇌ FKFDU CFFQ Ŏ Ŏ ᎣᣳὈ᷒ ฆ༄ᏼጥ Ŏ ^CJOTMFFQ]TCJOTMFFQ]VTSCJOTMFFQ ^CJOFKFDU ^FDIPF=B ^ZVNZVQEBUFCBTIBQUHFUZVQEBUFCBTISFCPPU
17.
خ㌆㡯 } ⋴⮇ў㎄഻ዄ⪁ᵛ
⼡഻ࢯኅ⋴⮇ў˒ 18 $(*ළͣⱽ㐩 Ŏ Ἅأ⿶↸ኄỉગష Ŏ 㘓ాώक़ಅტᦡᡂͻ Ŏ 71/ Ŏ 8FCDDFMFSBUPS Ŏ /4 Ŏ .BJMTFSWFS FUDŏ
18.
Ṫ㟏 Ϯᖱ☱භЎᐎࣞɗධЪ↫ɗҠς㑒 ●ᏼጥCBTI㦎۟༚ḂΤ⎛⹜ⰬԆ
⋴⮇ўṦպ̥ዕ㖉خ㌆⏻
19.
20 ∺ђ㦑⎛⹜ⰬԆ܌ؐ 4IFMMTIPDL຺㔂
20.
2/1Ӷٷ٣ቖᇨ ⍮Ⱅⶳጓ ֞ܠ2/1чᷗ⓱ QPSUPOMZ
֤ᐊܠ/4 ܠώक़㕚㐖ͻ ܌ᝒ㦑 21 ഀፄቭϘส ጚ㍛㐷㋳˅
21.
ͅᔉ㑊㌆ ⾾⎛⹜ⰬԆỉᦡᡂ؍ᷗ㦎 㘓ా⸬Ϟᦉ⾾Ϯᖱ֝ざ⎛⹜
㌷ʾֲ㍙㡽ˎ㎄ဌ።⋴⮇ў⿂።QBUDIٶʾ
22.
23 ᓪђΧ ⑸ྻ%)$1Ўᐎࣞᒜ⿏⎸чᷗ⓱
23.
24 %)$1கဆℑ ᔜϨ͡㦑ᶁⴳዾ
%)$1ЎᐎࣞԖ֜܃ዾ EEJUJPOBM0QUJPO ᐆ⬦ؐᶁⴳዾͻ ᔜϨΧ㦑ৎ⫤CBTI ᒙα%)$1ాႮ↸ᐆԖᅅϝ⍤CBTIৎ⫤
25.
26 各作業系統 DHCP
連線受影響之概況ᐄⱒᎇ㍹㦑 04 7FSTJPO 7VMOFSBCMF $FOU04 :4 %FCJBO :4 'FEPSB :4 6CVOUV -54 :4 6CVOUV -54 :4 OESPJE /0 QQMFJ04 /0 'SFF#4% /0 (FOUPP /0 මҎ -JOVY.JOU ʼn2JBOBŊ$JOOBNPO /0 -JOVY.JOU %FCJBO$JOOBNPO /0 .BD049 /0 PQFO464 /0 4ZOPMPHZ VQEBUF /0 මҎ
26.
27 㔃கਦͺդᴰ Ŏ
ᦉ⾾֝⎛ क़⬦㏱ỉᙜࣞͧ⑸ྻ%)$1 Ўᐎࣞ ể⾵ᛦ㘵Ⱆ⥣ⴸ֝⎛Ⴔᐊᙜࣞጩ⎸ ֝⎛ᙜࣞㄒጥⲚឡ*1㗣ͧͻᄪ ᦉ⾾ગㄔ֝⎛ᙜࣞ ⿆ᐄ㚙ᛈ㏗
27.
28 ᓪђͦ ␟(JU4VCWFSTJPOЎᐎࣞỉTIFMM㏗ؕ
28.
29 (JU4VCWFSTJPO4FSWFSPWFS44) Ŏ
܌ؐ㏗ؕ㦎ᬔӛગざᅅϝ ᷗ'PSDF$PNNBOE㏗ؕчᷗ⓱
29.
30 44)ͥ፦࠵ ᔜϨ͡㦑ᶁⴳዾ
TTINZTTITFSWFSDPNNBOE ! 44)⿏⎸ᎇDPNNBOE܃ዾᐆ⬦ఎ႔ᶁⴳ ዾ44)@03*(*/-@$0../% ᔜϨΧ㦑ৎ⫤CBTI ⌍⍮㔑ⰬTIFMMCBTIᎇ㦎⿏⎸☱ٳࠝٳ CBTI
30.
31 ኄḅ㒘Ⴆॎ
31.
32 㔃கਦͺդᴰ Ŏ
␟44)Ўᐎࣞ㏗ؕ Ŏ ܋໔⌍⍮ኆЪᛈ㏗ য㍫ Ŏ ↦܋ɗ#PUOFU ܲأ
32.
33 ᓪђभ ኄ.BJMЎᐎࣞ RNBJM
33.
34 RNBJMͥ፦࠵ ᔜϨ͡㦑ᶁⴳዾ
Ҋᎇઑ㔈ዾӇఎ႔ᶁⴳዾ㦎ђϨ⓱ ᔜϨΧ㦑ৎ⫤CBTI ᑷЎᐎࣞⰬक़ϨᎇчᷗॣҊᩕ⼌ 㚕ɗぢϨ⫵∫ᴑ⼌㚕⇳ᷗؐCBTIỉℨ㦎 ಙܟϞ؍ᷗ
34.
影⽚片網址 http://youtu.be/fxJBmruP0wQ
35.
36 㔃கਦͺդᴰ Ŏ
܋໔⌍⍮ኆЪᛈ㏗ য㍫ Ŏ ↦܋ႴᐊぢϨⶳጓ Ŏ #PUOFUɗኄ֝⎛ŏ ܲأ
36.
ቒᱪ ኄчᷗ$(*ỉ⎛㔄Ўᐎࣞ ⑸ྻ%)$1Ўᐎࣞᒜ⿏⎸чᷗ⓱
␟(JU4VCWFSTJPOЎᐎࣞỉTIFMM㏗ؕ ኄ.BJMЎᐎࣞ RNBJM 37
37.
38 ऱၥ
38.
39 ᏼጥ⌍⍮CBTI☶ᐄጥᯕ㦎ͷ㎬݇ ᐊ⑂ᏼጥ㦊4IFMMTIPDLႪ᪪ώक़⑂㦋
ᩕю㦊*15BCMFT *%4 8'㦋㦎㏄ ∺⿶↸ኄ ⌍⍮ຘڠ㦎㏈ኅྻᅅϝৎ⫤㦎ђч ᷗ4-JOVY
39.
40 4-JOVY㏈ኅчᷗྻᅅϝ
40.
41 ಉ⍓
41.
42 㘓ా؍ᷗ4IFMMTIPDLᦡᡂ܋໔⌍⍮ኆЪᛈ㏗ɘ ⾾$(*ɗ%)$1ɗ44)⇳⿁໑ᒜɘ
Ἅأ㘓ాώक़ಅტ֦ϒ؍ᷗ㣟㦎4IFMMTIPDL ମ▕ᓪђ〔ᐆᏼઑɘ ͡α⎛⹜ⰬԆ/4⬦чᷗ⓱༚Ḃ㦎㚙 ۗ㐖⒢㦎ⲚϮᖱٛຘᚇᒩɘ ⴢႴᐊVOYᶁᷔ↧ۙᏼጥCBTIɘ 㔑Ⱅᐆᐊᏼઑ㘓ాჶ֜CBTI۱ଁ⁃ᚇ⯏ɘ
42.
5IBOLT
43.
2㦈ͨہ✝
Baixar agora