ä»æ¥ã¯ã
Bash ã§å¥ã®ã¹ã¯ãªãããæžãçµããåŸããã¹ãŠãå®å
šã«ç°ãªãã¯ãã§ããããšã«æ°ä»ããŸãããããã¹ãŠãæ©èœããŸããã åé¡ã解決ããããã«ç§ãã©ããªç¥è€»ãªããšãæŸèæãæžãããããèŠããããã®ã§ããããŸã ç¥èã®ã¯ãŽã³ããããŸããã ããã°ããã°ã©ãã³ã°ã®é¢šåºç»ã
ã¿ã¹ã¯
次ã®ããšãå¿
èŠã«ãªããŸããã
- åè§åœ¢ãé€ãåèªã®é»ãå€ã衚瀺ããŸãã
- XNUMX ã€ã®åèªã®å€ãã®é»ãçµã¿åããã
äœã®ããã«ïŒ ãŸããããã ãã§ã - ãããŠããã ãã§ãã
ç¥ããªã人ã¯ããªããããããŸããããåè§é» (äžè¬çãªçšèªã§ã¯åè§é») ãšã¯ã綎ãã®æåŸã® XNUMX æåãäžèŽãã XNUMX ã€ã®åèªã§ãããããã ãã§é»ãæç«ããŸãã ããšãã°ããã©ã¯éãéããŸãã ã¿ã€ã€ - è»ã çŸä»£è©©ã«ãããæ£æ¹åœ¢ã®äœ¿çšã¯ããã®åå§æ§ã®ãã人ã
ã«ç¹ã«æ¿èªãããŠããŸããã
ãœãªã¥ãŒã·ã§ã³
æãç°¡åãªè§£æ±ºçã¯ãæ¢åã®é»ãžã§ãã¬ãŒã¿ãŒã§ãã HOST ã䜿çšããã¹ã¯ãªããã Bash ã§äœæããããšã ãšç§ã«ã¯æããŸãããHOST ã¯äž»ã«ã¹ãã«ã§ã¯ãªãåé³ã«ãã£ãŠé»ãéžæããŸãã ã©ã®ãããªãã¹ãã§ãã? å®åãåºããšåºåã ãšèšãããŠããŸãããã§ãã 䜿ãç¶ããŠã¿ãŸããã? ãŸããåé³ã«åºã¥ããŠé»ãéžæãããšãã圌ã®å©ç¹ã«ããããããã圌ã¯äŸç¶ãšããŠåè§åœ¢ãçæããããšããããããŸãã 次ã«ãäŸç¶ãšããŠé ã§èããã¿ããåãæ¿ããã®ã«æéãè²»ãããXNUMX ã€ã®åèªã®é»ãèŠã€ããããã«ãªã¹ãå
ã®ç¹°ãè¿ãåèªãæèšããããšã«ãšãã«ã®ãŒãè²»ããå¿
èŠããããŸãã
å匷ãé»ãèžã
ç§ãäœãç¥ã£ãŠããã®ã§ããããïŒ ãŠãŒãã£ãªãã£ã«ã€ããŠã¯ç¥ã£ãŠããŸã wgetã®ãæå®ããã URL ã«ããããŒãžãããŠã³ããŒãããŸãã ããŠããªã¯ãšã¹ããå®è¡ããŸããããé»ãèžãã åèªã§ååãä»ãããããã¡ã€ã«å ã® HTML ããŒãžãååŸããŸãã ããšãã°ããhereããšããåèªãæ€çŽ¢ããŠã¿ãŸãããã
wget https://HOST/rifma/зЎеÑÑ
ããããå¿
èŠãªã®ã¯åèªã®ãªã¹ãã ãã§ããä»ã®ãã¹ãŠãåé€ããã«ã¯ã©ãããã°ããã§ãããã? èŠãŠã¿ããšãåèªã®ãªã¹ãã¯ãããšããããã©ããªã«å¥åŠã§ãã£ãŠãããªã¹ãã®åœ¢åŒã§ãã©ãŒããããããŠãããåèªã¯ã¿ã°å
ã«ããããšãããããŸãã ã ããã§ãããç§ãã¡ã«ã¯çŽ æŽããããŠãŒãã£ãªãã£ããããŸãã sed - ãã®ããã«æžãçããŠã¿ãŸããã:
cat $word | grep '<li>' | sed -e "s%<li>%%" | sed -e "s%</li>%%" | sed -e "s/ //g" | sed -e "/^$/d" 1> $word
ãŸããã¯ãŒããã¡ã€ã«ããã¿ã°ãå«ãè¡ãéžæããŸãã â 空ã®ã¿ã°ãšåèªãå«ãè¡ã倧éã«åŸãããŸãã ã¿ã°èªäœãšãã®çµäºã¿ã°ãåé€ããŸããããã§ã¯ãã¿ã°èªäœã«ã¹ã©ãã·ã¥ã®ä»£ããã«ããŒã»ã³ãèšå·ã䜿çšãããŠããŸãã ãã§ã«ã¹ã©ãã·ã¥ãå ¥ã£ãŠããŸããããªãã§ãã? sed ã¡ãã£ãšããªããç解ã§ããŸããã ãããŠãèå³ãããã°ãã¹ãŠå€§äžå€«ã§ãã ãã¡ã€ã«ãããã¹ãŠã®ã¹ããŒã¹ãåé€ãã空è¡ãåé€ããŸãã åºæ¥äžãã - æ¢æã®åèªãªã¹ãã§ãã
æåŸã®æåã§é»ãèžãåèªãåé€ããã«ã¯ãå ã®åèªããæåŸã® XNUMX æåãéžæãããªã¹ããã¯ãªã¢ããŸãã
squad=${word:((${#word}-2)):2}
cat $word | sed -e "/.$squad$/d" 1> $word
ç§ãã¡ã¯èŠãŠãè©ŠããŠã¿ãŸã - ãã¹ãŠãããŸããããŸã...ããã§ã¯ããéã³ããšããåèªã®ãªã¹ãã¯ã©ãã«ããã§ãããã? ãããŠãè¡ã£ãŠããŸãããšããèšèã«ã€ããŠã¯ïŒ ãã¡ã€ã«ã空ã§ã! ããã¯ãã¹ãŠããããã®åèªãåè©ã§ããããã§ãããåè©ã§é»ãèžã人ã«ãããã®åèªãã©ã®ãããªåœ±é¿ãäžããããç§ãã¡ã¯ç¥ã£ãŠããŸãã åè©ã®é»ã¯è§é»ãããæªãã§ãããã·ã¢èªã«ã¯æãå€ãã®åè©ãããããããã¯ãã¹ãŠåãèªå°Ÿãæã¡ãŸãããã®ãããèªå°Ÿããã§ãã¯ããåŸãæçµãã¡ã€ã«ã«ã¯åè©ãå«ãŸããŠããŸããã§ããã
ããããç§ãã¡ã¯æ¥ãã§ããŸããã ããããã®åèªã«ã¯é»ã ãã§ãªãå ±é³Žããããæã«ã¯é»ãããã¯ããã«è¯ãèãããŸããã ããããããããã¯å ±é³Žãªã®ã§ãïŒãã©ã³ã¹èªã®assonanceãã©ãã³èªã®assonoãããç§ã¯èª¿åããŠèãããŸãïŒã
å ±é³ŽãåŸãããŸã
ããããã楜ãããšããã§ããã¹ã¯ãªãããå®è¡ããHTTP ãªã¯ãšã¹ããéä¿¡ããã¬ã¹ãã³ã¹ãåä¿¡ããããšã«ãã£ãŠãã¢ãœãã³ã¹ãå¥ã® URL ã®åãããŒãžã«è¡šç€ºãããŸãã ãªããšèšããŸãã wgetã®ããã¿ã³ãæŒããŸããïŒ ããããããã¯ç¡çã§ãã æ²ããããšã«ã
è¡å ã® URL ãã©ããããããå€æŽãããŠããããšã«æ°ã¥ããã¢ãœãã³ã¹ã«åãæ¿ããåŸã«ããã«ãã£ããã®ãã³ããŒãããã©ãŠã¶ã®æ°ããã¿ãã«è²Œãä»ããŸããã匷åãªé»ãéããŸããã ããªãããšã
åºæ¬çã«ããµãŒããŒã«ãªã¯ãšã¹ããéä¿¡ããã¹ã¯ãªãããå®è¡ããããã©ããããŸãã¯ãŠãŒã¶ãŒãæåã§ãªã¯ãšã¹ããå ¥åãããã©ããã¯ããµãŒããŒã«ãšã£ãŠéèŠã§ã¯ãªãã¯ãã ãšç§ã¯æããŸããã ããã§ïŒ 誰ã«ãåãããªãã調ã¹ãŠã¿ãŸãããã
ã©ãã«éãã®ãïŒ äœãéãããïŒ ãµãŒã㌠IP ãžã® HTTP ãªã¯ãšã¹ããGET ã®ãããªãã®ããããŸã... 次㫠HTTP/1.1 ã®ãã®ããããŸã... ãã©ãŠã¶ãŒãäœãã©ãã«éä¿¡ãããã確èªããå¿ èŠããããŸãã ã€ã³ã¹ããŒã« wiresharkããã©ãã£ãã¯ãèŠãŠãã ããã
0040 37 5d a3 84 27 e7 fb 13 6d 93 ed cd 56 04 9d 82 7]£.'çû.m.ÃÃV...
0050 32 7c fb 67 46 71 dd 36 4d 42 3d f3 62 1b e0 ad 2|ûgFqÃ6MB=ób.à .
0060 ef 87 be 05 6a f9 e1 01 41 fc 25 5b c0 77 d3 94 ï.Ÿ.jùá.AÃŒ%[ÃwÃ.
ããŒã£ãš...äœïŒ ãããããHTTPS ããããŸãã äœããããïŒ èªåèªèº«ã«å¯Ÿã㊠MITM æ»æãéå§ããŸãã? çæ³çã«ã¯ã被害è
èªèº«ãç§ãã¡ãå©ããŠãããã§ãããã
äžè¬ã«ããã©ãŠã¶ããµãŒãã£ã³ããããšã«æ±ºããã®ã§ãæçµçã«ãªã¯ãšã¹ãèªäœãšå®å ãèŠã€ããŸããã è¡ãïŒ
端æ«ãšã®å¯Ÿè©±
telnet IP PORT
Trying IP...
Connected to IP.
Escape character is '^]'.
GET /rifma/%D0%BC%D0%B0%D1%82%D1%8C?mode=block&type=asn HTTP/1.1
Host: HOST
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
Connection: close
HTTP/1.1 400 Bad Request
Server: nginx/1.8.0
Date: Sun, 03 Nov 2019 20:06:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 270
Connection: close
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
Connection closed by foreign host.
ããã ãµãµãµã å®éãããã¯ãHTTPS ããŒãã«è£žã® HTTP ãªã¯ãšã¹ããéä¿¡ãããšãã«äºæ³ããããšã§ãã ä»ããæå·åããå¿ èŠããããŸãã? ãã®ãã¹ãŠã®æé㯠RSA ããŒã§ã次㫠SHA256 ã§è¡ãããŸãã ãªããããã®ã§ãã OpenSSLã® ãããã£ããã®ã®ããã«ã ããŠãäœããã¹ããã¯ãã§ã«ããã£ãŠããŸããæåã« Referer ãã£ãŒã«ããš Cookie ãã£ãŒã«ããåé€ããã ãã§ãããããã¯åé¡ã«ã¯ããŸã圱é¿ããªããšæããŸãã
端æ«ãšã®å¯Ÿè©±
openssl s_client -connect IP:PORT
{ÐÑÑкОе клÑÑО, ÑеÑÑОÑОкаÑÑ}
GET /rifma/%D0%B7%D0%B4%D0%B5%D1%81%D1%8C?mode=block&type=asn HTTP/1.1
Host: HOST
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: text/javascript,text/html,application/xml,text/xml,*/*
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Status: 200 OK
Date: Sun, 03 Nov 2019 20:34:33 GMT
Set-Cookie: COOKIE
X-Powered-By: Phusion Passenger 5.0.16
Server: nginx/1.8.0 + Phusion Passenger 5.0.16
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: block-all-mixed-content
Content-Encoding: gzip
ããã¯äœã§ããããµãŒããŒäžã§ã®æªå£ã§ããïŒ ããã§ãããå°ãªããšã圌ã㯠200 OK ãšçããŸãããã€ãŸããCookie ãšãªãã¡ã©ãŒã¯äœã圱é¿ããŸããã å§çž®ã¯gzipã§ãããã³ããŒããå Žåã¯ASCIIæåãã³ããŒãããŸãã æ£ç¢ºã«ãè¡ãåé€ã§ããŸã Accept ãšã³ã³ãŒãã£ã³ã°ã ãã¹ãŠåé¡ãããŸãããã¢ãœãã³ã¹ãå«ã HTML ããã¥ã¡ã³ããååŸããŸãã ãããããã㧠XNUMX ã€ã®è³ªåããããŸããOpenSSL ãå®è¡ããã¹ã¯ãªããã䜿çšã㊠OpenSSL ã«ããŒã¿ã転éããã«ã¯ã©ãããã°ããã§ãããã? ãããŠãå¿çãåä¿¡ããåŸãããã° OpenSSL ã®ãã·ã§ã«ãå
ã«æ®ã£ãå Žåãåºåãã©ã®ããã«èªã¿åãã®ã§ãããã? XNUMXçªç®ã§ã¯ãªããXNUMXçªç®ã§äœãæãã€ãããšãã§ããã°...
ãããšããã§ãã ããã«ãã®ãŠãŒãã£ãªãã£ã«ã€ããŠèªãã å Žæ æåŸ ããã人éã®å¯Ÿè©±ãæåŸ ããããã°ã©ã ãšå¯Ÿè©±ããããã»ã¹ãèªååããŸãã ããŒã ãæã€ããšã¯ããã«é åçã§ã èªåæåŸ ãçæ æåŸ ãã ããªãã®ã¢ã¯ã·ã§ã³ã«åºã¥ããŠã¹ã¯ãªãããäœæããŸãã ããŠããããèµ·åããããããã¹ãŠå®è¡ããŠãå®æããã¹ã¯ãªãããããã§ãã 圌ã ãããšãŠã倧ããããããŠããã¯ãã¹ãŠã®çç±ã§ã OpenSSL㮠蚌ææžãããŒãããã³ æåŸ ãã ããããã¹ãŠã®åºåãåŸ ã£ãŠããŸãã ããã¯å¿ èŠã§ãã? ãããã æåã®ããã³ããå šäœãåé€ããæåŸã®æ¹è¡ãrãã ããæ®ããŸãã ãŸãããªã¯ãšã¹ããã User-Agent ãã£ãŒã«ããš Accept ãã£ãŒã«ããåé€ããŸãããããã¯äœã圱é¿ããŸããã ããã§ã¯ãèµ·åããŸãããã ã¹ã¯ãªããã¯å®è¡ãããŸããããç§èµã® HTML ããã¥ã¡ã³ãã¯ã©ãã«ããã®ã§ãããã? æåŸ ãã ãããé£ã¹ãŸããã 圌ã«ãããåãåºãããã«ã¯ã次ã®ããã«å ¥åããå¿ èŠããããŸãã
set results $expect_out(buffer)
ã¹ã¯ãªããã®çµäºå - ããã¯å®è¡å¯èœãã¡ã€ã«ã®åºåãã©ã®ããã«æžã蟌ãŸãããã§ãã æåŸ ãã'omã³ãã³ããå®è¡ãããšç»é¢ã«è¡šç€ºãããŸãã èŠçŽãããšã次ã®ãããªæãã§ãã
ã¹ã¯ãªãããæåŸ ããŠãã ãã
#!/usr/bin/expect -f
set timeout -1
spawn openssl s_client -connect IP:PORT
match_max 100000
expect -exact "
---r
"
send -- "GET /rifma/%d0%b7%d0%b4%d0%b5%d1%81%d1%8c?mode=block&type=asn HTTP/1.1rHost: HOSTrAccept-Language: en-US,en;q=0.5rX-Requested-With: XMLHttpRequestrConnection: close"
expect -exact "GET /rifma/%d0%b7%d0%b4%d0%b5%d1%81%d1%8c?mode=block&type=asn HTTP/1.1r
Host: HOSTr
Accept-Language: en-US,en;q=0.5r
X-Requested-With: XMLHttpRequestr
Connection: close"
send -- "r"
set results $expect_out(buffer)
expect -exact "r
"
send -- "r"
expect eof
ãããããã ãã§ã¯ãããŸããïŒ ã芧ã®ãšããããã¹ãŠã®äŸã§ãªã¯ãšã¹ã URL ã¯éçã§ãããã©ã®åèªãé¢é£ä»ãããã決å®ããã®ã¯ URL ã§ãã ãã®ãããASCII ã§ã¯ã%d0%b7%d0%b4%d0%b5%d1%81%d1%8cããšããåèªããŸã㯠UTF-8 ã§ã¯ãhereããšããåèªãåžžã«æ€çŽ¢ããããšã«ãªããŸãã äœããããïŒ ãã¡ãããæ¯åæ°ããã¹ã¯ãªãããçæããã ãã§ãã ãããªã èªåæåŸ ãããããããŠå©ããåããŠã echoã ãªããªãç§ãã¡ã®æ°ãããã®ã§ã¯ãèšè以å€ã¯äœãå€ãããŸããã ãããŠãããªã«æåã®åèªã URL 圢åŒã«ã€ã³ããªãžã§ã³ãã«ç¿»èš³ããã«ã¯ã©ãããã°ããã®ããšããæ°ããªåé¡ãé·ç¶ãããŸãã 端æ«ãç¹ã«äœããããŸããã ãŸãã倧äžå€«ãã§ããŸãããïŒ ã§ããïŒ
ç§ã«äœãã§ãããèŠãŠã¿ãŸãããïŒ
function furl {
furl=$(echo "$word" | sed 's:Ð:%d0%90:g;s:Ð:%d0%91:g;s:Ð:%d0%92:g;s:Ð:%d0%93:g;s:Ð:%d0%94:g;s:Ð:%d0%95:g;s:Ð:%d0%96:g;s:Ð:%d0%97:g;s:Ð:%d0%98:g;s:Ð:%d0%99:g;s:Ð:%d0%9a:g;s:Ð:%d0%9b:g;s:Ð:%d0%9c:g;s:Ð:%d0%9d:g;s:Ð:%d0%9e:g;s:Ð:%d0%9f:g;s:Ð :%d0%a0:g;s:С:%d0%a1:g;s:Т:%d0%a2:g;s:У:%d0%a3:g;s:Ѐ:%d0%a4:g;s:Ð¥:%d0%a5:g;s:Њ:%d0%a6:g;s:Ч:%d0%a7:g;s:К:%d0%a8:g;s:Щ:%d0%a9:g;s:Ъ:%d0%aa:g;s:Ы:%d0%ab:g;s:Ь:%d0%ac:g;s:Ð:%d0%ad:g;s:Ю:%d0%ae:g;s:Я:%d0%af:g;s:а:%d0%b0:g;s:б:%d0%b1:g;s:в:%d0%b2:g;s:г:%d0%b3:g;s:ÐŽ:%d0%b4:g;s:е:%d0%b5:g;s:ж:%d0%b6:g;s:з:%d0%b7:g;s:О:%d0%b8:g;s:й:%d0%b9:g;s:к:%d0%ba:g;s:л:%d0%bb:g;s:ÐŒ:%d0%bc:g;s:Ðœ:%d0%bd:g;s:П:%d0%be:g;s:п:%d0%bf:g;s:Ñ:%d1%80:g;s:Ñ:%d1%81:g;s:Ñ:%d1%82:g;s:Ñ:%d1%83:g;s:Ñ:%d1%84:g;s:Ñ
:%d1%85:g;s:Ñ:%d1%86:g;s:Ñ:%d1%87:g;s:Ñ:%d1%88:g;s:Ñ:%d1%89:g;s:Ñ:%d1%8a:g;s:Ñ:%d1%8b:g;s:Ñ:%d1%8c:g;s:Ñ:%d1%8d:g;s:Ñ:%d1%8e:g;s:Ñ:%d1%8f:g;s:Ñ:%d1%91:g;s:Ð:%d0%81:g')}
åèšãããšãåèªã ASCII ããã¹ãã«å€æããã¹ã¯ãªããããããOpenSSL çµç±ã§ãµãŒããŒããã¢ãœãã³ã¹ãå«ããµã€ã ããŒãžãèŠæ±ããå¥ã®ã¹ã¯ãªãããçæãããŸãã ãããŠãæåŸã®ã¹ã¯ãªããã®åºåããã¡ã€ã«ã«ãªãã€ã¬ã¯ãããæãªããã®æ¹æ³ã§ãããæž¡ããŸãã
ããããã®äº€å·®ç¹ã çµè«
å®éããããããæãåé¡ãåŒãèµ·ãããªãåå ãªã®ã§ãã äžèšã®æé ã XNUMX ã€ã®åèªã«å¯ŸããŠå®è¡ããXNUMX ã€ã®ãªã¹ãããååèªãæ¯èŒããäžèŽãããã®ãèŠã€ãã£ãå Žåã¯åºåããŸãã ããã§ãXNUMX ã€ã®åèªãå ¥åãšããŠåãåãããã®äž¡æ¹ã§é»ãèžãåèªã®ãªã¹ãã衚瀺ããã¹ã¯ãªãããå®æããŸãããåé³ãèæ ®ãããŠãããæå㧠XNUMX ã€ã®ã¿ããåãæ¿ããããåèªããç®ã§ãèŠãããããå¿ èŠã¯ãããŸããããã¹ãŠåéãããèæ ®ãããŠããŸããèªåçã«ç Žæ£ãããŸãã çŽ æŽãããã
ãã®åºçç©ã®ç®çã¯ã人ãäœããå¿
èŠãšãããªãããšã«ãããããè¡ãã ãããšããããšã瀺ãããšã§ããã éåžžã«éå¹ççã§ãæ²ãã£ãŠããŠãäžæ°å³ã§ãããããŸããããŸãã
åºæïŒ habr.com