The ultimate web hacking master! File upload vulnerability attack technique! This is a training that will further improve the students' web hacking skills through a completely different approach from the existing known methods!
How the file upload function works
File upload vulnerability principle
Understanding web shells and how they work
File upload vulnerability attack methodology
File Upload Vulnerability Secure Coding Techniques
Practical attack techniques
File upload vulnerabilities are an attack technique that utilizes a malicious script called a WebShell to take control of a server. The attack doesn't stop at a single server, but can extend into the internal network . This is truly a devastating attack!
File upload functionality is essential in today's web environment. Most of the websites we frequently use have file upload functionality! What if a web shell, a malicious script for attack, were uploaded through this feature?
Numerous malicious hackers (black hackers) use this attack technique to penetrate internally via compromised web servers, deploying malware to employees, distributing ransomware, stealing confidential internal information, and stealing personal customer information. This is a truly terrifying attack!
Because of this influence, many companies cannot help but be sensitive to " file upload vulnerabilities ," and it is an attack technique that has even earned the title of " the ultimate boss " among practitioners!
If you are doing web hacking yourself or defending yourself, you now know what you need to know, right? ã ¡.,ã ¡;;
Those of you reading this right now likely fall into the following categories:
I would like to say it in one sentence.
This is the most persistent attack that digs into the field during diagnosis, and it is my personal favorite.
I would like to share with you the know-how I have gained over the years.
The training will be conducted from the basics, including the operating principles of the file upload function and the principles of file upload vulnerabilities.
We will go through each step in detail so that even beginners can easily understand.
We'll cover the basic concepts, operating principles, and hands-on practice of creating a "web shell," a key element in file upload vulnerability attacks. Understanding web shells is essential!
Expand your practical perspective with 12 case studies, and make the skills your own by practicing in the provided virtual environment!
A total of 18 virtual practice environments are provided for JSP and PHP!
We often see diagnosticians being strong on offense but weak on defense. This stems from language barriers and a lack of understanding of secure coding. Practice can help you overcome these barriers!
â» How to use Burp Suite is not covered in this training. You can refer to the basic usage method in the training "Stories about Web Hacking and Simulated Hacking in the Field."
â» This training PPT uses Nanum font provided by Naver.
Who is this course right for?
For everyone from beginners to advanced web hackers.
hands-on worker
For those who want to know more about file upload vulnerability attack techniques
Need to know before starting?
Web Basics
Web Hacking Basics
25,880
Learners
1,361
Reviews
497
Answers
4.9
Rating
18
Courses
:: êµëŽ ì 볎볎ì ì룚ì
ê°ë° êž°ì
ì¬ì§ ::
- ì± ìë³ì¡° ë°©ì§ ì룚ì
: 믞ë€ìšìŽ ëŽë¹ / íŽí¹ ëí ìŽìì§ / êµëŽ ì ëª
íŽí¹/ë°©ìŽ íë šì¥ ì ì
:: êµëŽ ì 볎볎ì ì 묞 ì
첎 ì¬ì§ ::
- ëžëë°ì€ 몚ìíŽí¹ / ìëëŠ¬ì€ êž°ë° ëªšìíŽí¹ / ì¹ ì·šìœì ì§ëš / 몚ë°ìŒ ì·šìœì ì§ëš / ìì€ìœë ì·šìœì ì§ëš / APT 몚ì íë š / DDoS 몚ìíë š / ìžíëŒ ì§ëš / ì€ë§íž ê°ì ì§ëš
- êµëŽ ëêž°ì
, ì€ìêž°ì
ë€ì ì§ëš
:: ìžë¶ êµì¡ ë° íë ::
- ë©í°ìº íŒì€, êµê° 볎ì êž°ì ì°êµ¬ì(ETRI)
- êµëŽ ì 볎볎ì ì
첎 : ì¬ì§ì ëì "ì¹ ëªšìíŽí¹ ì¬í êµì¡" ì§íì€
- íŽì»€í©í 늬 묞ì ì ì
:: ì·šìœì ë°ê²¬ ::
1) Web Application Server ì·šìœì
- TMAX JEUS : ì격 ëª
ë ¹ìŽ ì€í ì·šìœì (Remote Command Execution Vulnerability)
- IBM WebSphere(CVE-2020-4163) : ì격 ëª
ë ¹ìŽ ì€í ì·šìœì (Remote Command Execution Vulnerability)
2) CMS(Contents Management System) ì·šìœì
- ë€ìŽë² ì€ë§ížìëí° : íìŒ ì
ë¡ë ì·šìœì
- ê·žë볎ë : SQL Injection , íìŒ ì
ë¡ë ì·šìœì (ê·žë볎ë4, ê·žë볎ë5), XSS ...
- íŽì€í : íëŠ¬ë¯ží° ë³ì¡° ì·šìœì , íìŒ ì
ë¡ë ì·šìœì
* ìŽë©ìŒ : crehacktive3@naver.com
* ëžë¡ê·ž : http://www.crehacktive.co.kr
All
111 lectures â (15hr 39min)
Course Materials:
All
65 reviews
4.9
65 reviews
Reviews 1
â
Average Rating 5.0
5
æš¡æ¬ãããã³ã°åéã§æé«ã®è¬çŸ©ã®ããã§ãã ã¢ããããŒããã³ã¢æ»æãªã®ã§ããŒã2ãæ¬åœã«åŸ ãããã®ã«ãã€äŒããŸãã??.....
å ã«è¬çŸ©å¶äœãããã®ãããããããããããåŸãæ¥çšãæŒãããããã«ãªããŸããã äžåæã«ã¯å¿ ãå®æã§ããããã«ããŸãã
Reviews 4
â
Average Rating 5.0
5
æ¬åœã«ãããã圹ç«ã€ææ¥ã§ãããããããšãããããŸãã
ããããã®ã圹ã«ç«ãŠãã®ã¯æ¬åœã«å¬ããã§ãïŒè¯ãåè¬è©ã«æè¬ããŸãã^^
Reviews 2
â
Average Rating 5.0
5
ããã§ããã
5ç¹åè¬è©ïŒããããšãããããŸããïŒæ¥œããäžæ¥ããéãããã ããïœïŒ
Reviews 2
â
Average Rating 5.0
5
ãšãŠãè¯ãã§ãã
è¯ãåè¬è©ã¯ãšãŠãæè¬ããŠããŸãïŒæ¥œããäžæ¥ããéãããã ããïœïŒ
Reviews 8
â
Average Rating 4.9
$68.20
Check out other courses by the instructor!
Explore other courses in the same field!
![ãã¡ã€ã« ã¢ããããŒãã®èåŒ±æ§ é«åºŠãªæ»æææ³ PART2 [çµ±åç]Course Thumbnail](https://cdn.inflearn.com/public/courses/333012/cover/12bd40e1-1e17-493a-81b9-64ac5fed558e/333012.png?f=avif&w=420)
