[Dreamhack] Level 1: Cherry
ยท
CTF, War game
1. ๋ฌธ์ œ https://dreamhack.io/wargame/challenges/959 CherryDescription ์ฃผ์–ด์ง„ ๋ฐ”์ด๋„ˆ๋ฆฌ์™€ ์†Œ์Šค ์ฝ”๋“œ๋ฅผ ๋ถ„์„ํ•˜์—ฌ ์ต์Šคํ”Œ๋กœ์ž‡ํ•˜๊ณ  ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”! ํ”Œ๋ž˜๊ทธ๋Š” flag.txt ํŒŒ์ผ์— ์žˆ์Šต๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ์˜ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค.dreamhack.io 2. ํ•ด๊ฒฐ ๊ณผ์ •(1) ํŒŒ์ผ ๋ถ„์„  ์ผ๋‹จ ํ•ด๋‹น ๋ฐ”์ด๋„ˆ๋ฆฌ ํŒŒ์ผ์€ gcc -fno-stack-protector -no-pie chall.c -o chall ๋กœ ์ปดํŒŒ์ผ ๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์— ์ฃผ์†Œ๊ฐ€ ๊ณ ์ •๋˜์–ด์žˆ๋‹ค. // Compile: gcc -fno-stack-protector -no-pie chall.c -o chall๋ฐ”์ด๋„ˆ๋ฆฌ ํŒŒ์ผ์„ ์‹คํ–‰ํ•ด๋ณด๋ฉด ๋‘ ๋ฒˆ์˜ ์ž…๋ ฅ์„ ๋ฐ›๊ฒŒ ๋œ๋‹ค. initialize(): ๋ฒ„ํผ๋ง์„ ๋น„ํ™œ์„ฑํ™”ํ•˜๊ณ , S..
[Dreamhack] Level 4: PATCH-1
ยท
CTF, War game
1. ๋ฌธ์ œhttps://dreamhack.io/wargame/challenges/70 PATCH-1์ฃผ์–ด์ง„ ์ฝ”๋“œ๋ฅผ ๋ถ„์„ํ•˜๊ณ , ํ•ด๋‹น ์ฝ”๋“œ์— ์กด์žฌํ•˜๋Š” ์ทจ์•ฝ์ ๋“ค์„ ํŒจ์น˜ํ•ด๋ณด์„ธ์š”. ๋ฌธ์ œ์— ๋Œ€ํ•œ ์ž์„ธํ•œ ์„ค๋ช…์€ /usage ํŽ˜์ด์ง€๋ฅผ ํ™•์ธํ•˜์—ฌ ๋ณด์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค. ๋ชจ๋“  ํŒจ์น˜๊ฐ€ ์™„๋ฃŒ๋˜๋ฉด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•  ์ˆ˜ ์žˆdreamhack.io 2. ํ•ด๊ฒฐ ๊ณผ์ • (1) ๋ฌธ์ œ ํŽ˜์ด์ง€ ์ ‘์†Usage ํŽ˜์ด์ง€์— ๋ฌธ์ œ์— ๋Œ€ํ•œ ์ž์„ธํ•œ ์„ค๋ช…์ด ์ ํ˜€์žˆ๋‹ค.์ฃผ์–ด์ง„ ์ฝ”๋“œ (๋ฌธ์ œ ํŒŒ์ผ)๋ฅผ ์ˆ˜์ •ํ•˜์—ฌ ์ทจ์•ฝ์ ์„ ํŒจ์น˜ํ•œ ๋’ค ์ œ์ถœํ•˜๋ฉด ํ”Œ๋ž˜๊ทธ๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ๋‹ค.  ์ด๋•Œ, ์ˆ˜์ • ๊ฐ€๋Šฅํ•œ ์ฝ”๋“œ๋Š” app,py ํŒŒ์ผ ํ•˜๋‚˜์ด๋‹ค.  (2) ์ฝ”๋“œ ๋ถ„์„ ์ „์ฒด ์ฝ”๋“œ ๋”๋ณด๊ธฐ#!/usr/bin/python3from flask import Flask, request, render_template_..
[Dreamhack] Level 3: Padding Oracle
ยท
CTF, War game
๋ณดํ˜ธ๋˜์–ด ์žˆ๋Š” ๊ธ€์ž…๋‹ˆ๋‹ค.
[wargame.kr] Level 3: dun worry about the vase
ยท
CTF, War game
1. ๋ฌธ์ œ https://dreamhack.io/wargame/challenges/325 [wargame.kr] dun worry about the vaseDescription Do you know about "padding oracle vulnerability" ?dreamhack.io ์ด ๋ฌธ์ œ๋Š” Pading Oracle ์ทจ์•ฝ์ ์— ๋Œ€ํ•œ ๋ฌธ์ œ์ž„์„ ๋ช…์‹œํ•˜๊ณ  ์žˆ๋‹ค.๋”ฐ๋ผ์„œ ๋ฌธ์ œ๋ฅผ ํ’€๊ธฐ์ „ ํŒจ๋”ฉ ์˜ค๋ผํด ์ทจ์•ฝ์ ์— ์ •๋ฆฌํ•˜์˜€๋‹ค. 2025.03.07 - [Study/WebHacking] - Padding Oracle ์ทจ์•ฝ์ 2. ํ•ด๊ฒฐ ๊ณผ์ • (1) ๋ฌธ์ œ ํŽ˜์ด์ง€ ์ ‘์† ๋กœ๊ทธ์ธ form์ด ๋ณด์ด๊ณ  guest/guest๊ฐ€ ๊ธฐ๋ณธ๊ฐ’์œผ๋กœ ์ž…๋ ฅ๋˜์–ด ์žˆ๋‹ค.   ๊ฐ’ ๊ทธ๋Œ€๋กœ ๋กœ๊ทธ์ธ์„ ํ•˜๋ฉด admin ์„ธ์…˜์„ ์–ป์œผ๋ผ๋Š” ๋‚ด์šฉ์ด ์ถœ๋ ฅ๋œ๋‹ค. ์„ธ์…˜ ๊ฐ’์€ ..
Padding Oracle ์ทจ์•ฝ์ 
ยท
Study/WebHacking
1. ํŒจ๋”ฉ ์˜ค๋ผํด ์ทจ์•ฝ์ ์ด๋ž€? (1) Padding์ด๋ž€? ํŒจ๋”ฉ์€ ๋ฐ์ดํ„ฐ๋ฅผ ๋ธ”๋ก ํฌ๊ธฐ์— ๋งž์ถ”๊ธฐ ์œ„ํ•ด ์ถ”๊ฐ€ํ•˜๋Š” ๋ฐ”์ดํŠธ์ด๋‹ค. ๋ธ”๋ก ์•”ํ˜ธํ™”๋Š” ๋ฐ์ดํ„ฐ๋ฅผ ์ผ์ •ํ•œ ํฌ๊ธฐ(์˜ˆ: 16๋ฐ”์ดํŠธ)์˜ ๋ธ”๋ก์œผ๋กœ ๋‚˜๋ˆ„์–ด ์•”ํ˜ธํ™”ํ•˜๋Š” ๋ฐฉ์‹์ด๋‹ค.ํ•˜์ง€๋งŒ ์•”ํ˜ธํ™”ํ•˜๋ ค๋Š” ๋ฐ์ดํ„ฐ(=ํ‰๋ฌธ)๊ฐ€ ๋ธ”๋ก ํฌ๊ธฐ์˜ ๋ฐฐ์ˆ˜๊ฐ€ ์•„๋‹ ์ˆ˜ ์žˆ๋‹ค.์˜ˆ๋ฅผ ๋“ค์–ด, 19๋ฐ”์ดํŠธ ๋ฉ”์‹œ์ง€๋ฅผ 16๋ฐ”์ดํŠธ ๋ธ”๋ก์œผ๋กœ ์•”ํ˜ธํ™”ํ•˜๋ ค๋ฉด ์–ด๋–ป๊ฒŒ ํ•ด์•ผ ํ• ๊นŒ?๋ฐ”๋กœ ์ด๋•Œ ํŒจ๋”ฉ(padding)์„ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ด๋‹ค. (2) oracle์ด๋ž€ ?์˜ค๋ผํด์€ ์–ด๋–ค ์งˆ๋ฌธ์— ๋Œ€ํ•ด ์ฐธ(True) ๋˜๋Š” ๊ฑฐ์ง“(False) ๊ฐ™์€ ํ”ผ๋“œ๋ฐฑ์ด๋‚˜ ์œ ์šฉํ•œ ์ •๋ณด๋ฅผ ์ œ๊ณตํ•˜๋Š” ์‹œ์Šคํ…œ์„ ์˜๋ฏธํ•œ๋‹ค.์ฆ‰, ๊ณต๊ฒฉ์ž๊ฐ€ ์–ด๋–ค ์ž…๋ ฅ์„ ์ฃผ์—ˆ์„ ๋•Œ ์‹œ์Šคํ…œ์ด ๊ทธ๊ฒƒ์ด ์˜ฌ๋ฐ”๋ฅธ์ง€ ์•„๋‹Œ์ง€๋ฅผ ์•Œ๋ ค์ฃผ๋Š” ์—ญํ• ์„ ํ•˜๋Š” ๊ฒƒ์ด๋‹ค. (์˜ค๋ผํด ํšŒ์‚ฌ์™€ ์ „ํ˜€ ์ƒ๊ด€์—†๋Š” ์šฉ์–ด) ๋”ฐ๋ผ์„œ, ..
[Dreamhack] Level 1: Return Address Overwrite
ยท
CTF, War game
1. ๋ฌธ์ œhttps://dreamhack.io/wargame/challenges/351/ Return Address OverwriteDescription Exploit Tech: Return Address Overwrite์—์„œ ์‹ค์Šตํ•˜๋Š” ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค.dreamhack.io๋“œ๋ฆผํ•ต ๊ฐ•์˜ https://learn.dreamhack.io/58  ๋ฅผ ๋ณด๋ฉด์„œ ํ’€์ดํ•˜์˜€์Šต๋‹ˆ๋‹ค.  2. ํ•ด๊ฒฐ ๊ณผ์ •(1) ์ฝ”๋“œ ํ™•์ธ ๋จผ์ € ์ž…๋ ฅ ๊ธธ์ด์— ๋Œ€ํ•œ ๊ฒ€์ฆ์ด ์—†๋Š” scanf๋ฅผ ์“ฐ๊ณ  ์žˆ์œผ๋ฏ€๋กœ, ๋ฒ„ํผ ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์ทจ์•ฝ์ ์ด ์กด์žฌํ•œ๋‹ค๋Š” ๊ฒƒ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.scanfํ•จ์ˆ˜์˜ ํฌ๋งท ์ŠคํŠธ๋ง ์ค‘ ํ•˜๋‚˜์ธ %s๋Š” ๋ฌธ์ž์—ด์„ ์ž…๋ ฅ๋ฐ›์„ ๋•Œ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์œผ๋กœ, ์ž…๋ ฅ์˜ ๊ธธ์ด๋ฅผ ์ œํ•œํ•˜์ง€ ์•Š์œผ๋ฉฐ, ๊ณต๋ฐฑ ๋ฌธ์ž์ธ ๋„์–ด์“ฐ๊ธฐ, ํƒญ, ๊ฐœํ–‰ ๋ฌธ์ž ๋“ฑ์ด ๋“ค์–ด์˜ฌ ๋•Œ๊นŒ์ง€ ๊ณ„์† ์ž…๋ ฅ์„ ๋ฐ›๋Š”..
[wargame.kr] Level 2: crack crack crack it
ยท
CTF, War game
1. ๋ฌธ์ œ https://dreamhack.io/wargame/challenges/330 [wargame.kr] crack crack crack itDescription .htaccess crack! can you local bruteforce attack?dreamhack.io 2. ํ•ด๊ฒฐ ๊ณผ์ • (1) ๋ฌธ์ œ ํŽ˜์ด์ง€ ํ™•์ธ htpasswd ํŒŒ์ผ์„ ๋ถ„์„ํ•ด์„œ Brute Force๋ฅผ ํ†ตํ•ด ํŒจ์Šค์›Œ๋“œ๋ฅผ ์•Œ์•„๋‚ด์•ผ ํ•˜๋Š” ๋ฌธ์ œ์ด๋‹ค. htpasswd ํŒŒ์ผ์€ ์ผ๋ฐ˜์ ์œผ๋กœ HTTP ์ธ์ฆ์„ ์œ„ํ•ด ์‚ฌ์šฉ๋˜๋Š” ํŒŒ์ผ์ด๋‹ค. $์•Œ๊ณ ๋ฆฌ์ฆ˜$์†”ํŠธ$ํ•ด์‹œ๋œ๋น„๋ฐ€๋ฒˆํ˜ธ์œผ๋กœ ๊ตฌ์„ฑ๋œ๋‹ค. ์ด๋•Œ ํŒจ์Šค์›Œ๋“œ๋Š” ํ•ด์‹œํ™”๋˜์–ด ์ €์žฅ๋˜๊ธฐ ๋•Œ๋ฌธ์— G4HeulB๋กœ ์‹œ์ž‘ํ•œ๋‹ค๋Š” ํžŒํŠธ๋ฅผ ํ†ตํ•ด ์ตœ๋Œ€ํ•œ ํšจ์œจ์ ์œผ๋กœ ๋ธŒ๋ฃจํŠธ ํฌ์Šค ๊ณต๊ฒฉ์„ ์‚ฌ์šฉํ•ด์„œ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ์•Œ์•„๋‚ด์•ผ ํ•œ๋‹ค. username..
[Dreamhack] Level 3: Switching Command
ยท
CTF, War game
1. ๋ฌธ์ œhttps://dreamhack.io/wargame/challenges/1081 Switching CommandDescription Not Friendly service... Can you switching the command?dreamhack.io2. ํ•ด๊ฒฐ ๊ณผ์ •(1) ๋ฌธ์ œ ํŽ˜์ด์ง€ ์ ‘์†- username์„ ์ž…๋ ฅํ•˜๋Š” form ํ™”๋ฉด์ด ๋œฌ๋‹ค.  ์•„๋ฌด ์ •๋ณด๋‚˜ ์ž…๋ ฅํ•  ๊ฒฝ์šฐ fail ํ™”๋ฉด์ด ๋ณด์ธ๋‹ค. ์ž…๋ ฅ๊ฐ’์„ ํ†ตํ•ด JSON ๋ฐ์ดํ„ฐ๋ฅผ ํŒŒ์‹ฑํ•ด์˜ค๋Š” ๋ฌธ์ œ๋กœ ๋ณด์ธ๋‹ค.  (2) ๋ฌธ์ œ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ  flag.cํ”Œ๋ž˜๊ทธ๋Š” flag.c ํŒŒ์ผ์„ ์‹คํ–‰์‹œํ‚ค๋ฉด ์ถœ๋ ฅ๋˜์–ด ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค. #include void main(){ puts("DH{**fake_flag**}\n");} ์‹ค์ œ๋กœ ๋„์ปค ํŒŒ์ผ์„ ํ™•์ธํ•ด๋ณด๋ฉด flag.c ํŒŒ..
[Dreamhack] Level 2: safe input
ยท
CTF, War game
1. ๋ฌธ์ œ https://dreamhack.io/wargame/challenges/1671 safe inputDescription It's so safe that it can't be seen.dreamhack.io2. ํ•ด๊ฒฐ ๊ณผ์ •๋ฌธ์ œ ํŽ˜์ด์ง€์— ์ ‘์†ํ•ด๋ณด๋ฉด /test๋กœ ์—ฐ๊ฒฐ๋œ๋‹ค.  ๋ฌธ์ œ ํŒŒ์ผ์„ ๋‹ค์šด๋กœ๋“œ ๋ฐ›์•„๋ณด๋ฉด report์™€ test ํŽ˜์ด์ง€์— ๋Œ€ํ•œ ์ •๋ณด๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ๋‹ค.  ๋จผ์ € app.py ์ฝ”๋“œ๋Š” ์…€๋ ˆ๋‹ˆ์›€์„ ํ†ตํ•ด ํฌ๋กฌ ๋ธŒ๋ผ์šฐ์ €๋ฅผ ์‹คํ–‰ํ•˜๋Š” ์ฝ”๋“œ์ด๋‹ค.driver = webdriver.Chrome(service=service, options=options)driver.implicitly_wait(3)driver.set_page_load_timeout(3)driver.get(f"http://127.0.0.1:800..
[Dreamhack] Level 2: weblog-1
ยท
CTF, War game
1. ๋ฌธ์ œ https://dreamhack.io/wargame/challenges/71 weblog-1์ฃผ์–ด์ง„ ์ฝ”๋“œ์™€ ๋กœ๊ทธ๋ฅผ ๋ถ„์„ํ•ด ์ฃผ์–ด์ง„ ์งˆ๋ฌธ์— ํ•ด๋‹นํ•˜๋Š” ๋‹ต์„ ์ฐพ์•„๋ณด์„ธ์š”. Reference Server-side Basic Server-side Advanced - SQL Injectiondreamhack.io  2. ํ•ด๊ฒฐ ๊ณผ์ • (1) ๋ฌธ์ œ ์ ‘์†- ๋จผ์ € ํƒˆ์ทจ๋œ admin ๊ณ„์ •์˜ PW๋ฅผ ์•Œ์•„๋‚ด๋Š” ๋ฌธ์ œ์˜€๋‹ค.  (2) ๋ฌธ์ œ ํŒŒ์ผ ๋ถ„์„  - ๋ฌธ์ œ ํŒŒ์ผ์„ ํ†ตํ•ด ๋กœ๊ทธ์ธ์˜ username๊ณผ password๊ฐ€ ์–ด๋–ค์‹์œผ๋กœ ์ž…๋ ฅ๋˜๋Š”์ง€ ํ™•์ธํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค.  username ์•”ํ˜ธ Login ..
mnzy๐ŸŒฑ
mnzy๐ŸŒฑ
-->