第14å ã¾ã£ã¡ã445åå¼·ä¼
ä»åãã¡ã¢ã¬ãã«ã§ããããã£ã¨æ¸ãè¨ãã¦ã¿ããã¨æãã¾ãã
[Session1ï¼ããã¹ã¯ã¼ãã®è©±ãæ¥å±±ãã](PDFçã®è³æã¯
ã³ã³ãããã¦ã³ãã¼ãã§ãã¾ã)
(ã¯ããã«)
ãã¹ã¯ã¼ãæ
å ±ãä¸ãä¸æ¼ãã¦ãã¾ã£ãæãç ´ããã«ããããæ¹æ³
å¿è«ããã¹ã¯ã¼ããæ¼ããªãããã«ããäºããã¦ã¼ã¶ãå¼·ããã¹ã¯ã¼ããä»ããäºããåææ¡ä»¶ã ã
Saltãä»ãã¦Hashåâ常è(?)
å
ããã¯ãUNIXã®ãã¹ã¯ã¼ãä¿åæ¹æ³ã
(UNIXçãã¹ã¯ã¼ãä¿å)
GNU/Linuxã®å ´åã/etc/shadowã«ãã¹ã¯ã¼ãæ
å ±ãä¿å
(Hashã¨ã¯)
ä¸æ¹åæ§ãè¡çªèæ§ãæã£ã¦ããäº
(Saltã¨ã¯)
Hashåã®æã«ãã¹ã¯ã¼ãã¨å
±ã«ä¸ããããæåå
ã¦ã¼ã¶æ¯ã«ç°ãªãå¤ãå¿
è¦â対ã¬ã¤ã³ãã¼ãã¼ãã«(Ophcrackã¨ãã¯æå)
(ããã§
Free Rainbow Tableã®ãã¢)
(ãªãã¦ã¼ã¶æ¯ã«Saltãå¿
�)
å
±éã®Saltâåããã¹ã¯ã¼ããå©ç¨ããâåãæ
å ±ãçæããã
ã¦ã¼ã¶æ¯ã«ç°ãªãã°è¯ããã©ã³ãã ã§ãªãã¦ãè¯ã
(Saltã®å¤§ãã)
æ12bitãä»96bit
(å®éã®å¦ç)
cryptography engineering p304ã®æ¹æ³
ã©ããHashãç¹°ãè¿ãå©ç¨ãã¦ãã(ã¹ãã¬ããã³ã°:Stretching)
(ã¹ãã¬ããã³ã°ã¨ã¯?)
ããã·ã¥ãç¹°ãè¿ãå©ç¨âããã·ã¥å¤ãæ±ããã®ã«å¿
è¦ãªæéãå¢å¤§
âæ»æã«æéãããããå®è³ªçãªãã¹ã¯ã¼ãæåæ°ãå¢ãã
MD5â1000å
SHA-256,512â5000å
(å¹æ)
1æ¥3456åå(æ¨å¹´ã®PCã¬ãã«ã1ã³ã¢ã ã使ç¨)è¨ç®å¯è½ã¨ãã
ç¡ãâ6æåã§0.2æ¥ã7æåã§13æ¥
1000åã¹ãã¬ããâ5æåã§3æ¥ã6æåã§199æ¥
強度âåæ°Ãè¨ç®ã«ãããæéã§è¨å®
(æ¹å¼ã®ä¿å)
ä»ã¯åé¡ãªãã¦ããå°æ¥ã¯åé¡ãåºããã
ã»Hashé¢æ°èªä½
ã»Hashåã®æ¹æ³
ã»ã¹ãã¬ããã®åæ°
ãããããä¿åãã¦ããäº
(ãªãUnixã¯ãã®æ¹å¼?)
å¯éãªæå·åã§ã¯ãªãâéµã管çããã®ãé£ãã
ããã¯ã¢ãããã¼ã¿ãèå¼±æ§ãªã©ãããæ¼ãããããããªã
(Unixçãªãã¹ã¯ã¼ãã®ã¾ã¨ã)
ã»ãã¹ã¯ã¼ãã¯Hashåããã®æsaltã¨ã¹ãã¬ããã³ã°ãå©ç¨ããäº
ã»ã¹ãã¬ããã§å¼·åº¦ãé«ããäºã¯ã§ãããã解èªã¾ã§ã®æéå¼ã延ã°ãã§ãããªãç¹ã§ããäºã注æ
(Webã·ã¹ãã ã¯?)
ã»ãã¹ã¯ã¼ãæ
å ±ã¨éµæ
å ±ãåé¢ãã¦ç®¡çã§ãã
ã»éµãé©åã«ç®¡çããæ»æè
ãéµãå
¥æã§ããªãå ´åãéµã®å¼·åº¦ï¼ãã¹ã¯ã¼ãæ
å ±ã®å¼·åº¦ãã¨ãªã
ã»ãã ãéµç®¡çã®ããã®ã³ã¹ãã¯ç¡è¦ã§ããªã(æ¼æ´©ãæ¹ãããç´å¤±...)
(Webã·ã¹ãã ã«ããããã¹ã¯ã¼ãæ¼æ´©ã®ãªã¹ã¯)
ã»æ»æã«ããæ¼æ´©
ã»ããã¯ã¢ãããã¼ã¿ãå»æ£ãã¼ã¿ããã®æ¼æ´©
ã»éçºè
ããã®æ¼æ´© ...etc
(éµãç¨ããå ´åã®æ¹æ³)
ã»å
±ééµæå·(ãã¹ã¯ã¼ãæ
å ±ãæå·åããå ´åã«ä½¿ã) ... éµãæ¼ããªããã°å¼±ããã¹ã¯ã¼ãããã¹ã¯ã¼ãæ
å ±ã ãã§ç ´ãããªããã復å
ãã§ããªãããéµã®ç®¡çãå¿
è¦
ã»éµä»ãHash ... ã¡ããã¨ããã¢ã«ã´ãªãºã ãªãè¯ãããå½ç¶éµç®¡çéè¦
[Session2:ãSQL Injection å°ãã¿éãä½åæ¨ãã]
(ãªãä»æ´SQL Injection?)
å¿ã®æ
é·w
1998å¹´ã«WebAppçµç±ã§DBãæ»æããææ³ãç´¹ä»
2001å¹´ã«æ¥çµãªã¼ãã³ã·ã¹ãã ã§è¨äºæ²è¼
2003å¹´ã«ãã©ã¤ã³ãSQL Injectionãç»å ´
...(以éãåç¥ãã¨æãã®ã§çç¥)
(SQL Injectionã®å¯¾ç)
ã»ã¨ã¹ã±ã¼ãã¨ããªãã¼ã·ã§ã³(ã¡ããã¨DBMSã®ä»æ§ãããã¥ã¢ã«ãçèªãããã¨)
âããªãã¢ã¼ãã¹ãã¼ãã¡ã³ããªã©ã®æºåæ¸ã¿SQLæããã©ã¡ã¼ã¿å¤æ°ãªã©ã®ã©ã¤ãã©ãªã®ä½¿ç¨(ãªã¹ã¹ã¡ ... å¿è«ã©ã¤ãã©ãªã«èå¼±æ§ããªãäºãåææ¡ä»¶)
ã»ã¢ã¯ã»ã¹å¶å¾¡(SELECTã¨ãã以å¤ã§åé¢ã管çè
ãã¼ã«ã®å°å°)
(ãã¢)
---SQL Injectionã®è¦ã¤ãæ¹---
ã»æ¤ç´¢ã«ã¦ãæååã¯'ãå
¥ãã¦ã¨ã©ã¼ãªãã»ã¼ç¢ºå®
ãã»''ã§ã¨ã©ã¼ãããªããªãåä¸å
«ä¹ç¢ºå®
âããã¯ãæååã¯'ï½'ã§å²ãã¨ãããããã¼ã¿ä¸ã®'ã¯''ã¨è¡¨ç¾ãããã«èµ·å ãããã¤ã¾ã'ã§ã¨ã©ã¼ã''ã§ã¨ã©ã¼ã§ãªããªãã'ã®æ±ããé©åã«å¦çã§ãã¦ããªãã¨æ¨æ¸¬ããã
ã»'||(MS-SQLãªã'++ãMS-Accessãªã'&)ãå±ãªã
â'ï½'||''(ââ or 空æåå)ã§æ£(True)
ã»MySQLã®å ´åã¯æ¹è¡ã"ãæ±ã注æ
ã»æ°åã®å ´åã¯è¨ç®å¼ã§å¤å¥âè¨ç®ããçµæãæ¤ç´¢ãããå ´åã¯ã»ã¼ç¢ºå®(e.g. 500ã¨300ã¨ããã¬ã³ã¼ããããã500-200ã§300ã®ã¬ã³ã¼ããæ¤ç´¢ãããå ´åã¯ã¢ã¦ã)
ã»unionå¼ãå
¥ãã¦éã£ã¦ãã¾ã£ãå ´åãããºã¤
---ãã©ãããã©ã¼ã ã®ç¹å®---
ã»MySQLã®å ´å /*!(VerNo) 1*/ /*!(VerNo) or id=2*/ãªã©ã®ããã«ãã³ã¡ã³ãã®ä¸ã«ãã¼ã¸ã§ã³çªå·ã«ãã£ã¦ã³ã¡ã³ãã¢ã¦ãåããæ©è½ãå©ç¨ããäºã§ç¹å®å¯è½
ã»ä»ã®ã·ã¹ãã ã§ãããã®æ©è½ãããããªã(æ¥ä»ã«é¢ããé¢æ°ãªã©)ããå©ç¨ããäºã§ããç¨åº¦ç¨®é¡ããã¼ã¸ã§ã³ãç¹å®ããäºãã§ãã
ã»ã¾ãç¹å®ã®æ©è½ã®æ»ãå¤ã®éãã«ãã£ã¦ããOSã®ç¨®é¡ãç¹å®ãããã¨ãã§ãã
ã»ããOR(' or 'a'='a ã¨ã)ãå
¥ãã¦å¼·å¶çã«Trueã«ããæ¹æ³ããããã使ãæ¹ã«ãã£ã¦ã¯ã·ã¹ãã ã(å¤éã®ãã¼ã¿ã«ãã)æ¢ãã¦ãã¾ãå ´åãããã®ã§ã使ãå ´åã¯è¦æ³¨æ!!
ãã»åæ§ã«Updateã«å¯¾ãã¦ã³ã¡ã³ãã¢ã¦ã(--)ã使ã£ãæ¤ç´¢å¼ãå
¥ããã¨ãéè¦ãªæ¡ä»¶ãã¹ãããããã¦ãã¾ããããºãäºã«ãªãå ´åãããã®ã§è¦æ³¨æ!!
---PostgreSQLã®OS command Injection---
ã»Ver7éå®ãSQL Injectionãå¯è½ã§ç®¡çè
ãã¼ã«ã§ã¢ã¯ã»ã¹ãã¦ããå ´åã«æç«
ã»SQLã®ä¸ã«OS Commandãå®è¡ããé¢æ°ãç»é²ãæµã
ã»ã³ãã³ãã¯postgresqlã®ã¦ã¼ã¶æ¨©éã§å®è¡ããã
ã»Ver8ã ã¨ã¨ã©ã¼ã«ãªãâä¸æç«