# Other Web Tricks {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
**μ¦‰μ‹œ μ‚¬μš© κ°€λŠ₯ν•œ 취약점 평가 및 침투 ν…ŒμŠ€νŠΈ μ„€μ •**. 20개 μ΄μƒμ˜ 도ꡬ와 κΈ°λŠ₯을 μ‚¬μš©ν•˜μ—¬ μ–΄λ””μ„œλ‚˜ 전체 침투 ν…ŒμŠ€νŠΈλ₯Ό μ‹€ν–‰ν•˜μ„Έμš”. μš°λ¦¬λŠ” 침투 ν…ŒμŠ€ν„°λ₯Ό λŒ€μ²΄ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€ - μš°λ¦¬λŠ” 그듀이 더 깊이 νŒŒκ³ λ“€κ³ , μ‰˜μ„ ν„°λœ¨λ¦¬κ³ , 재미λ₯Ό λŠλ‚„ 수 μžˆλ„λ‘ λ§žμΆ€ν˜• 도ꡬ, 탐지 및 μ•…μš© λͺ¨λ“ˆμ„ κ°œλ°œν•©λ‹ˆλ‹€. {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} ### Host header λ°±μ—”λ“œκ°€ **Host header**λ₯Ό μ‹ λ’°ν•˜μ—¬ 일뢀 μž‘μ—…μ„ μˆ˜ν–‰ν•˜λŠ” κ²½μš°κ°€ μ—¬λŸ¬ 번 μžˆμŠ΅λ‹ˆλ‹€. 예λ₯Ό λ“€μ–΄, λΉ„λ°€λ²ˆν˜Έ μž¬μ„€μ •μ„ μœ„ν•œ **λ„λ©”μΈμœΌλ‘œ κ·Έ 값을 μ‚¬μš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€**. λ”°λΌμ„œ λΉ„λ°€λ²ˆν˜Έλ₯Ό μž¬μ„€μ •ν•˜λŠ” 링크가 ν¬ν•¨λœ 이메일을 λ°›μœΌλ©΄ μ‚¬μš©λ˜λŠ” 도메인은 Host header에 μž…λ ₯ν•œ κ²ƒμž…λ‹ˆλ‹€. 그러면 λ‹€λ₯Έ μ‚¬μš©μžμ˜ λΉ„λ°€λ²ˆν˜Έ μž¬μ„€μ •μ„ μš”μ²­ν•˜κ³  도메인을 당신이 μ œμ–΄ν•˜λŠ” κ²ƒμœΌλ‘œ λ³€κ²½ν•˜μ—¬ κ·Έλ“€μ˜ λΉ„λ°€λ²ˆν˜Έ μž¬μ„€μ • μ½”λ“œλ₯Ό ν›”μΉ  수 μžˆμŠ΅λ‹ˆλ‹€. [WriteUp](https://medium.com/nassec-cybersecurity-writeups/how-i-was-able-to-take-over-any-users-account-with-host-header-injection-546fff6d0f2). {% hint style="warning" %} μ‚¬μš©μžκ°€ λΉ„λ°€λ²ˆν˜Έ μž¬μ„€μ • 링크λ₯Ό 클릭할 λ•ŒκΉŒμ§€ 기닀릴 ν•„μš”κ°€ 없을 μˆ˜λ„ μžˆλ‹€λŠ” 점에 μœ μ˜ν•˜μ„Έμš”. **슀팸 ν•„ν„°λ‚˜ λ‹€λ₯Έ μ€‘κ°œ μž₯치/봇이 이λ₯Ό ν΄λ¦­ν•˜μ—¬ 뢄석할 수 μžˆμŠ΅λ‹ˆλ‹€**. {% endhint %} ### Session booleans λ•Œλ•Œλ‘œ 일뢀 검증을 μ˜¬λ°”λ₯΄κ²Œ μ™„λ£Œν•˜λ©΄ λ°±μ—”λ“œκ°€ **λ³΄μ•ˆ 속성에 "True" κ°’μ˜ λΆ€μšΈμ„ μΆ”κ°€ν•©λ‹ˆλ‹€**. 그런 λ‹€μŒ λ‹€λ₯Έ μ—”λ“œν¬μΈνŠΈλŠ” ν•΄λ‹Ή 검사λ₯Ό μ„±κ³΅μ μœΌλ‘œ ν†΅κ³Όν–ˆλŠ”μ§€ μ•Œ 수 μžˆμŠ΅λ‹ˆλ‹€.\ κ·ΈλŸ¬λ‚˜ **검사λ₯Ό ν†΅κ³Όν•˜κ³ ** μ„Έμ…˜μ΄ λ³΄μ•ˆ 속성에 "True" 값을 λΆ€μ—¬λ°›μœΌλ©΄, **μ ‘κ·Ό κΆŒν•œμ΄ μ—†μ–΄μ•Ό ν•˜λŠ”** λ™μΌν•œ 속성에 μ˜μ‘΄ν•˜λŠ” **λ‹€λ₯Έ λ¦¬μ†ŒμŠ€μ— 접근을 μ‹œλ„ν•  수 μžˆμŠ΅λ‹ˆλ‹€**. [WriteUp](https://medium.com/@ozguralp/a-less-known-attack-vector-second-order-idor-attacks-14468009781a). ### Register functionality 이미 μ‘΄μž¬ν•˜λŠ” μ‚¬μš©μžλ‘œ 등둝해 λ³΄μ„Έμš”. λ™λ“±ν•œ 문자(점, λ§Žμ€ 곡백 및 μœ λ‹ˆμ½”λ“œ)λ₯Ό μ‚¬μš©ν•΄ λ³΄μ„Έμš”. ### Takeover emails 이메일을 λ“±λ‘ν•œ ν›„, ν™•μΈν•˜κΈ° 전에 이메일을 λ³€κ²½ν•˜μ„Έμš”. 그런 λ‹€μŒ, μƒˆλ‘œμš΄ 확인 이메일이 첫 번째 λ“±λ‘λœ μ΄λ©”μΌλ‘œ μ „μ†‘λ˜λ©΄, μ–΄λ–€ 이메일도 μΈμˆ˜ν•  수 μžˆμŠ΅λ‹ˆλ‹€. λ˜λŠ” 두 번째 이메일이 첫 번째 이메일을 ν™•μΈν•˜λ„λ‘ ν™œμ„±ν™”ν•  수 μžˆλ‹€λ©΄, μ–΄λ–€ 계정도 μΈμˆ˜ν•  수 μžˆμŠ΅λ‹ˆλ‹€. ### Access Internal servicedesk of companies using atlassian {% embed url="https://yourcompanyname.atlassian.net/servicedesk/customer/user/login" %} ### TRACE method κ°œλ°œμžλŠ” ν”„λ‘œλ•μ…˜ ν™˜κ²½μ—μ„œ λ‹€μ–‘ν•œ 디버깅 μ˜΅μ…˜μ„ λΉ„ν™œμ„±ν™”ν•˜λŠ” 것을 μžŠμ„ 수 μžˆμŠ΅λ‹ˆλ‹€. 예λ₯Ό λ“€μ–΄, HTTP `TRACE` λ©”μ„œλ“œλŠ” 진단 λͺ©μ μœΌλ‘œ μ„€κ³„λ˜μ—ˆμŠ΅λ‹ˆλ‹€. ν™œμ„±ν™”λ˜λ©΄ μ›Ή μ„œλ²„λŠ” `TRACE` λ©”μ„œλ“œλ₯Ό μ‚¬μš©ν•˜λŠ” μš”μ²­μ— λŒ€ν•΄ μˆ˜μ‹ λœ μ •ν™•ν•œ μš”μ²­μ„ 응닡에 μ—μ½”ν•˜μ—¬ μ‘λ‹΅ν•©λ‹ˆλ‹€. 이 λ™μž‘μ€ μ’…μ’… λ¬΄ν•΄ν•˜μ§€λ§Œ, λ•Œλ•Œλ‘œ λ‚΄λΆ€ 인증 ν—€λ”μ˜ 이름과 같은 정보 유좜둜 μ΄μ–΄μ§ˆ 수 μžˆμŠ΅λ‹ˆλ‹€.![Image for post](https://miro.medium.com/max/60/1\*wDFRADTOd9Tj63xucenvAA.png?q=20) ![Image for post](https://miro.medium.com/max/1330/1\*wDFRADTOd9Tj63xucenvAA.png)
**μ¦‰μ‹œ μ‚¬μš© κ°€λŠ₯ν•œ 취약점 평가 및 침투 ν…ŒμŠ€νŠΈ μ„€μ •**. 20개 μ΄μƒμ˜ 도ꡬ와 κΈ°λŠ₯을 μ‚¬μš©ν•˜μ—¬ μ–΄λ””μ„œλ‚˜ 전체 침투 ν…ŒμŠ€νŠΈλ₯Ό μ‹€ν–‰ν•˜μ„Έμš”. μš°λ¦¬λŠ” 침투 ν…ŒμŠ€ν„°λ₯Ό λŒ€μ²΄ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€ - μš°λ¦¬λŠ” 그듀이 더 깊이 νŒŒκ³ λ“€κ³ , μ‰˜μ„ ν„°λœ¨λ¦¬κ³ , 재미λ₯Ό λŠλ‚„ 수 μžˆλ„λ‘ λ§žμΆ€ν˜• 도ꡬ, 탐지 및 μ•…μš© λͺ¨λ“ˆμ„ κ°œλ°œν•©λ‹ˆλ‹€. {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}