실습> 아파치 웹서버 로그 분석
1. 웹서버 설정
웹서버를 가상호스트로 설정한다.
# vi /etc/httpd/conf/httpd.conf
-- /etc/httpd/conf/httpd.conf --
:
:(생략)
# http 설정
<VirtualHost *:80>
ServerAdmin webmaster@server1.kr
DocumentRoot /var/www/html
ServerName server1.kr
ServerAlias www.server1.kr
ErrorLog logs/server1.kr-error_log
CustomLog logs/server1.kr-access_log common
</VirtualHost>
-- /etc/httpd/conf/httpd.conf --
2. 웹서버 재시작
웹서버를 재시작한다.
# systemctl restart httpd
3. 웹서버 로그 분석
# yum -y install rdate
# rdate -s time.bora.net
# tail -f /var/log/httpd/server1.kr-access_log
:
:(생략)
192.168.108.1 - - [26/Jan/2022:19:09:02 +0900] "GET /?id=bbs1%20union%20select%201&m=list HTTP/1.1" 200 3550
192.168.108.1 - - [26/Jan/2022:19:09:02 +0900] "GET /?id=bbs1%20union%20select%201,2&m=list HTTP/1.1" 200 3554
192.168.108.1 - - [26/Jan/2022:19:09:02 +0900] "GET /?id=bbs1%20union%20select%201,2,3&m=list HTTP/1.1" 200 3558
192.168.108.1 - - [26/Jan/2022:19:09:02 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4&m=list HTTP/1.1" 200 3562
192.168.108.1 - - [26/Jan/2022:19:09:02 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5&m=list HTTP/1.1" 200 3566
192.168.108.1 - - [26/Jan/2022:19:09:02 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5,6&m=list HTTP/1.1" 200 3570
192.168.108.1 - - [26/Jan/2022:19:09:02 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5,6,7&m=list HTTP/1.1" 200 3574
192.168.108.1 - - [26/Jan/2022:19:09:02 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5,6,7,8&m=list HTTP/1.1" 200 4483
4. 웹서버 설정
웹서버의 가상호스트에서 로그의 종류는 변경한다.
# vi /etc/httpd/conf/httpd.conf
-- /etc/httpd/conf/httpd.conf --
:
:(생략)
# http 설정
<VirtualHost *:80>
ServerAdmin webmaster@server1.kr
DocumentRoot /var/www/html
ServerName server1.kr
ServerAlias www.server1.kr
ErrorLog logs/server1.kr-error_log
#CustomLog logs/server1.kr-access_log common
CustomLog logs/server1.kr-access_log combined
</VirtualHost>
-- /etc/httpd/conf/httpd.conf --
5. 웹서버 재시작
웹서버를 재시작한다.
# systemctl reload httpd
6. 웹서버 로그 분석
파이썬으로 자동화 툴을 만들어서 웹서버에 접속하면 브라우저 종류(user agent)가 "python-requests/2.27.1" 으로 출력된다.
# tail -f /var/log/httpd/server1.kr-access_log
:
:(생략)
192.168.108.1 - - [26/Jan/2022:19:12:59 +0900] "GET /?id=bbs1%20union%20select%201,2&m=list HTTP/1.1" 200 3554 "-" "python-requests/2.27.1"
192.168.108.1 - - [26/Jan/2022:19:12:59 +0900] "GET /?id=bbs1%20union%20select%201,2,3&m=list HTTP/1.1" 200 3558 "-" "python-requests/2.27.1"
192.168.108.1 - - [26/Jan/2022:19:12:59 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4&m=list HTTP/1.1" 200 3562 "-" "python-requests/2.27.1"
192.168.108.1 - - [26/Jan/2022:19:12:59 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5&m=list HTTP/1.1" 200 3566 "-" "python-requests/2.27.1"
192.168.108.1 - - [26/Jan/2022:19:12:59 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5,6&m=list HTTP/1.1" 200 3570 "-" "python-requests/2.27.1"
192.168.108.1 - - [26/Jan/2022:19:12:59 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5,6,7&m=list HTTP/1.1" 200 3574 "-" "python-requests/2.27.1"
192.168.108.1 - - [26/Jan/2022:19:12:59 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5,6,7,8&m=list HTTP/1.1" 200 4483 "-" "python-requests/2.27.1"
크롬으로 접속하면 UserAgent가 아래처럼 나온다.
192.168.108.1 - - [26/Jan/2022:19:15:10 +0900] "GET /? HTTP/1.1" 200 5080 "http://192.168.108.101/?id=bbs1%20union%20select%201,2,3,4,5,6,7,8&m=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
'Linux > 모의해킹' 카테고리의 다른 글
| 쿠키값 한 개만 추출 (1) | 2022.01.26 |
|---|---|
| UNION 공격코드 작성하기 (Chrome 으로 위장) (0) | 2022.01.26 |
| UNION 공격코드 작성하기 (Python) (0) | 2022.01.26 |
| get.html (0) | 2022.01.26 |
| Python 을 이용한 자동화 툴 만들기 (0) | 2022.01.26 |