{"id":1597,"date":"2017-05-22T11:03:59","date_gmt":"2017-05-22T02:03:59","guid":{"rendered":"https:\/\/rfsec.ddns.net\/db\/?p=1597"},"modified":"2017-05-22T11:03:59","modified_gmt":"2017-05-22T02:03:59","slug":"lan%e3%81%ae%e3%83%91%e3%82%b1%e3%83%83%e3%83%88%e7%9b%a3%e8%a6%96","status":"publish","type":"post","link":"https:\/\/rfsec.ddns.net\/db\/?p=1597","title":{"rendered":"LAN\u306e\u30d1\u30b1\u30c3\u30c8\u76e3\u8996"},"content":{"rendered":"

WannaCry\u306f\u3001LAN\u306e\u4e2d\u3067\u306fsmb(445\/TCP)\u3067\u611f\u67d3\u3059\u308b\u3068\u3044\u3046\u3053\u3068\u306a\u306e\u3067\u3001\u7c21\u6613\u306a\u76e3\u8996\u306e\u30c4\u30fc\u30eb\u3092\u4f5c\u3063\u3066\u307f\u307e\u3057\u305f\u3002
\n\u30df\u30e9\u30fc\u3057\u305f\u30bb\u30b0\u30e1\u30f3\u30c8\u306e\u30d1\u30b1\u30c3\u30c8\u3092tcpdump\u3067\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u3001PHP\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u89b3\u6e2c\u3057\u305f\u30d1\u30b1\u30c3\u30c8\u306e\u6570\u3092\u53ef\u8996\u5316\u3057\u307e\u3059\u3002
\n\u4f7f\u3044\u65b9\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u611f\u3058\u3001\u3001\u3001
\n#tcpdump -ntttti eth0 port 445 | visualize.php
\nvisualize.php \u306f\u3001\u5b9a\u671f\u7684\u306bhtml\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\u307e\u3059
\n\u5229\u7528\u8005\u306f\u30d6\u30e9\u30a6\u30b6\u3067html\u30d5\u30a1\u30a4\u30eb\u3092\u95b2\u89a7\u3057\u307e\u3059\u3002
\nhtml\u30d5\u30a1\u30a4\u30eb\u306f (\u4f8b\u3048\u307010\u79d2\u6bce\u306b)\u81ea\u8eab\u3092refresh\u3057\u307e\u3059\u3002
\n\u8868\u793a\u3055\u308c\u308b\u3001\u753b\u50cf\u306e\uff11\u30de\u30b9\u306f\u3001\u30ce\u30fc\u30c9\uff08PC\u3084\u30b5\u30fc\u30d0\uff09\u9593\u306e\u30d1\u30b1\u30c3\u30c8\u6570\u3092\u8272\u3067\u8868\u73fe\u3057\u3066\u3044\u307e\u3059\u3002
\n\u901a\u4fe1\u304c\u307e\u3063\u305f\u304f\u89b3\u6e2c\u3055\u308c\u306a\u3044\u5834\u5408\u306f\u6fc3\u3044\u9752\u8272\u3067\u89b3\u6e2c\u3055\u308c\u305f\u30d1\u30b1\u30c3\u30c8\u6570\u304c\u591a\u3044\u3068\u9ec4\u8272\uff5e\u8d64\u306b\u5909\u5316\u3057\u307e\u3059\u3002
\n\u307e\u305f\u3001\u30de\u30b9\u306e\u4e2d\u306e\uff11\u6587\u5b57\u306f\u3001\u89b3\u6e2c\u3057\u305f\u30d1\u30b1\u30c3\u30c8\u306e\u6570\u306b\u5fdc\u3058\u3066\u30010-9,A-Z…..\u3068\u8868\u793a\u3057\u3066\u3044\u307e\u3059\u3002
\n\"\"<\/a>
\n


\n#!\/usr\/bin\/php
\n $MIN_TH) {
\nMkHTML($buf,$date);
\n$prev_min = $min;
\n}
\n}
\nfclose($fp);
\nMkHTML($buf,$date);
\necho “Finished!!!\\n”;
\nfunction MkHTML($buf,$date){
\n$date=”
$date<\/H3>“;
\n$header=”<\/HEAD>“;
\n$msg=”
$date<\/H3>\\n\\n”;
\nfor($i=1;$i<255;$i++){\n$sum=0;\nfor($j=1;$j<255;$j++){\n$sum+=$buf[$j][$i];\n}\n$iSum[$i]=$sum;\n\/\/              echo \"$i,$iSum[$i]\\n\";\n}\nfor($i=1;$i<255;$i++){\n$tmp=\"
$i<\/TD>“;$sum=0;
\nfor($j=1;$j<255;$j++){\n$var=$buf[$i][$j];\n$pt=\".\";\nif($var<63) {\nif($var<10) {\n$pt=$var;\n} else {\n$pt=chr(ord('A')+$var-10);\n}\n}\n$sum+=$var;\n$var=20*log($var+1);\n$color=set_color($var);\nif($iSum[$j]!=0) $tmp.= \"		10.8.0.$j\\”>$pt<\/A><\/TD>“;
\n}
\nif($sum !=0 ) {
\n$msg.=$tmp;
\n$msg.=”<\/TR>\\n”;
\n}
\n}
\n$msg.=”<\/TABLE>\\n
$date<\/H3><\/BODY><\/HTML>\\n”;
\n$fw=fopen(“\/var\/www\/html\/cross.html”,”w”);
\nfputs($fw,$header);
\nfputs($fw,$msg);
\nfclose($fw);
\n}
\nfunction set_color($x){
\nif ($x<64) {\n$r=0; $g= $x*4 ; $b=255;\n} else {\nif ($x<128){\n$r=4*( $x -64 );$g=255;$b=255-$r;\n} else {\nif ($x<192){\n$b=4*( $x - 128 );$r=255;$g=255-$b;\n} else {\n$r=255;$g=0;$b=255-4*( $x -192);\n}\n}\n}\nreturn \"#\".sprintf(\"%02x%02x%02x\",$r,$g,$b);\n}\n?>
\n<\/PRE><\/p>\n","protected":false},"excerpt":{"rendered":"
WannaCry\u306f\u3001LAN\u306e\u4e2d\u3067\u306fsmb(445\/TCP)\u3067\u611f\u67d3\u3059\u308b\u3068\u3044\u3046\u3053\u3068\u306a\u306e\u3067\u3001\u7c21\u6613\u306a\u76e3\u8996\u306e\u30c4\u30fc\u30eb\u3092\u4f5c\u3063\u3066\u307f\u307e\u3057\u305f\u3002 \u30df\u30e9\u30fc\u3057\u305f\u30bb\u30b0\u30e1\u30f3\u30c8\u306e\u30d1\u30b1\u30c3\u30c8\u3092tcpdump\u3067\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u3001PHP\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u89b3\u6e2c\u3057\u305f\u30d1\u30b1\u30c3 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[18],"tags":[],"class_list":["post-1597","post","type-post","status-publish","format-standard","hentry","category-18"],"featured_image_src":null,"author_info":{"display_name":"Keiichi Horiai","author_link":"https:\/\/rfsec.ddns.net\/db\/?author=2"},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/posts\/1597","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1597"}],"version-history":[{"count":0,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/posts\/1597\/revisions"}],"wp:attachment":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1597"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1597"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1597"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}