[Dreamhack] Level 2: TODO List 0.0.1
ยท
CTF, War game
1. ๋ฌธ์ œhttps://dreamhack.io/wargame/challenges/1533 TODO List 0.0.1 dreamhack.io*Dreamhack CTF Season 6 Round #8 (๐ŸŒฑDiv2) ์— ์ถœ์ œ2. ํ•ด๊ฒฐ ๊ณผ์ •(1) ๋ฌธ์ œ ํŽ˜์ด์ง€ ๋ถ„์„ ์ ‘์†ํ•˜๋ฉด ๋กœ๊ทธ์ธ๊ณผ ํšŒ์›๊ฐ€์ž… ํ•˜๋ผ๋Š” ํŽ˜์ด์ง€๊ฐ€ ๋œฌ๋‹ค. ํšŒ์›๊ฐ€์ž…์€ username, ์ด๋ฉ”์ผ, ๋น„๋ฐ€๋ฒˆํ˜ธ๋กœ ์ด๋ฃจ์–ด์ง„๋‹ค. test/ test@gmail.com /test1234๋กœ ํšŒ์›๊ฐ€์ž…ํ•œ ๋’ค ๋กœ๊ทธ์ธ์„ ์ง„ํ–‰ํ•ด๋ณด์•˜๋‹ค.๋‚˜์˜ ํˆฌ๋‘ ๋ฆฌ์ŠคํŠธ๋ฅผ ์ถ”๊ฐ€ํ•˜๋ผ๋Š” ํŽ˜์ด์ง€๊ฐ€ ๋œฌ ๋’ค, ํˆฌ๋‘ ๋ฆฌ์ŠคํŠธ์˜ ์ œ๋ชฉ๊ณผ ๋‚ด์šฉ, ๋‚ ์งœ๋ฅผ ์ž…๋ ฅ๋ฐ›๋Š”๋‹ค.  ์ œ๋ชฉ : ๋‚ด์šฉ์œผ๋กœ ์ถœ๋ ฅ๋˜๋ฉฐ, ์ฒดํฌ๋ฐ•์Šค๋ฅผ ํ†ตํ•ด ์™„๋ฃŒํ•œ ์ผ์ •์— ๋Œ€ํ•ด ํ‘œ์‹œ๋ฅผ ํ•  ์ˆ˜ ์žˆ๋‹ค.๋‚ ์งœ๋ฅผ ์ž…๋ ฅ๋ฐ›์•˜๋Š”๋ฐ ๋‚ ์งœ ๋‚ด์šฉ์ด ์ถœ๋ ฅ๋˜์ง€๋Š” ์•Š๋Š” ๊ฒƒ ๊ฐ™๋‹ค. (2)..
[Dreamhack] Level 2: youth-Case
ยท
CTF, War game
1. ๋ฌธ์ œ https://dreamhack.io/wargame/challenges/1402 youth-CaseDescription Bypass ๐Ÿ‘จ‍๐Ÿ’ปfilterdreamhack.io2. ํ•ด๊ฒฐ ๊ณผ์ • (1) ์ฝ”๋“œ ๋ถ„์„ ์ „์— ํ‘ผ baby-case ๋ฌธ์ œ์˜ ์—…๊ทธ๋ ˆ์ด๋“œ ๋ฒ„์ „์ด๋‹ค.2024.08.19 - [CTF, War game] - [Dreamhack] Level 1: baby-Case ์ฝ”๋“œ๋Š” ์ „์ฒด์ ์ธ ๊ธฐ๋Šฅ์€ ๋™์ผํ•˜๊ณ  , app.set('case sensitive routing', true) ์„ค์ •์„ ํ†ตํ•ด ๋Œ€์†Œ๋ฌธ์ž๋ฅผ ๊ตฌ๋ถ„ํ•˜์—ฌ ์ฒ˜๋ฆฌํ•˜๊ฒŒ ๋œ๋‹ค. (๋Œ€์†Œ๋ฌธ์ž๋ฅผ ์ด์šฉํ•œ ์šฐํšŒ ๋ถˆ๊ฐ€๋Šฅ)๋˜ํ•œ ์š”์ฒญ์—์„œ leg์˜ ๊ฐ’์„ ๋ฐ›์•„์˜ฌ ๋•Œ ์†Œ๋ฌธ์ž๋กœ ๋ฐ˜ํ™˜ํ•˜์—ฌ ๋ฐ›์•„์˜ค๊ณ  ์ด ๊ฐ’์ด flag๋ผ๋ฉด access denied๋ฅผ ๋„์šด๋‹ค.words์—์„œ ๋ฌธ์ž์—ด..
[Dreamhack] Level 1: baby-Case
ยท
CTF, War game
1. ๋ฌธ์ œhttps://dreamhack.io/wargame/challenges/1401 baby-CaseDescription Bypass ๐Ÿ‘ถfilterdreamhack.io 2. ํ•ด๊ฒฐ ๊ณผ์ •(1) ์ฝ”๋“œ ํ™•์ธ app.js์™€ ag.js ๋‘๊ฐ€์ง€ ํŒŒ์ผ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค. ๋จผ์ € search() ํ•จ์ˆ˜์—์„œ๋Š” leg๊ฐ’์„ ๋ฐ›์•„์™€ ๋Œ€๋ฌธ์ž๋กœ ๋ณ€ํ™˜ํ•œ ๋’ค words ๋ฐฐ์—ด์—์„œ ๋ณ€ํ™˜๋œ leg๊ฐ’๊ณผ ์ผ์น˜ํ•˜๋Š” name์„ ๊ฐ€์ง„ ๊ฐ์ฒด๋ฅผ ์ฐพ์•„ ๋ฆฌํ„ดํ•ด์ค€๋‹ค. /shop ๊ฒฝ๋กœ์—๋Š” post ์š”์ฒญ์„ ๋ฐ›์•„ body๊ฐ’์—์„œ leg ๊ฐ’์˜ ๋‚ด์šฉ์„ ๊ฐ€์ ธ์˜ค๊ณ  FLAG ๊ฐ’๊ณผ ๋น„๊ตํ•œ๋‹ค. leg์˜ ๊ฐ’์ด FLAG ์ธ ๊ฒฝ์šฐ, 403 + access deniedFLAG๊ฐ€ ์•„๋‹ˆ๋ผ๋ฉด searchํ•จ์ˆ˜๋ฅผ ํ†ตํ•ด์„œ words ๋ฐฐ์—ด์—์„œ leg์™€ ๊ฐ™์€ ๊ฐ์ฒด๋ฅผ ์ฐพ์•„ ๋ฆฌํ„ดํ•œ๋‹ค. ์ด ๋ชจ๋“  ..
[wargame.kr] type confusion
ยท
CTF, War game
1. ๋ฌธ์ œ https://dreamhack.io/wargame/challenges/329 [wargame.kr] type confusionDescription Simple Compare Challenge. hint? you can see the title of this challenge. :Ddreamhack.io2. ํ•ด๊ฒฐ ๊ณผ์ •(1) ์ฝ”๋“œ ๋ถ„์„post ์š”์ฒญ์„ ํ†ตํ•ด json ๊ฐ์ฒด๋ฅผ ๋ฐ›์•„์™€์„œ decodeํ•ด์ค€๋‹ค. ์ด ๊ฒฐ๊ณผ๊ฐ€ post ์š”์ฒญ์‹œ ์‹คํ–‰๋˜๋Š” gen_key() ํ•จ์ˆ˜์˜ ๊ฒฐ๊ณผ๋กœ ๋‚˜์˜จ key๊ฐ’๊ณผ ์ผ์น˜ํ•  ๊ฒฝ์šฐ์—๋งŒ flag๋ฅผ ๋ฆฌํ„ดํ•ด์ค€๋‹ค. ์ด๋•Œ ๋น„๊ต์—ฐ์‚ฐ์—์„œ ==์œผ๋กœ ๋Š์Šจํ•œ ๋น„๊ต๋ฅผ ํ•˜๊ณ  ์žˆ๋Š” ๊ฒƒ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค. 2024.06.20 - [Study/WebHacking] - [PHP] Type Juggling ์ทจ์•ฝ์ ..
[์›นํ•ดํ‚น] Dreamhack beginner: php7cmp4re
ยท
CTF, War game
1. ๋ฌธ์ œ https://dreamhack.io/wargame/challenges/1113 php7cmp4reDescription php 7.4๋กœ ์ž‘์„ฑ๋œ ํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค. ์•Œ๋งž์€ Input ๊ฐ’์„ ์ž…๋ ฅํ•˜๊ณ  ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{} ์ž…๋‹ˆ๋‹ค.dreamhack.io 2. ํ•ด๊ฒฐ ๊ณผ์ •๋ฌธ์ œ ํŽ˜์ด์ง€์— ์ ‘์†ํ•˜๋ฉด ๋‘๊ฐœ์˜ input๊ฐ’์„ ์ž…๋ ฅํ•˜๋Š” ์นธ์ด ๋œฌ๋‹ค. ์ด ๊ฐ’์— ๋”ฐ๋ผ try again ๋“ฑ์ด ๊ฒฐ๊ณผํ™”๋ฉด์œผ๋กœ ๋ณด์—ฌ์ง„๋‹ค. (1) ์ฝ”๋“œ ๋ถ„์„  php7cmp4re Index page "7.9"){ if(strlen..
[Dreamhack] Level2: web-deserialize-python
ยท
CTF, War game
1. ๋ฌธ์ œ https://dreamhack.io/wargame/challenges/40 web-deserialize-pythonSession Login์ด ๊ตฌํ˜„๋œ ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. Python(pickle)์˜ Deserialize ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt ๋˜๋Š” FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค.dreamhack.io ๋ฌธ์ œ์—์„œ Python(pickle)์˜ Deserialize ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด์„œ ๋ฌธ์ œ๋ฅผ ํ’€๋ผ๊ณ  ์ œ์‹œ๋˜์–ด์žˆ๋‹ค. ํ•ด๋‹น ์ทจ์•ฝ์ ์— ๋Œ€ํ•ด์„œ๋Š” ์ฒ˜์Œ ๋“ค์–ด๋ด์„œ ์ •๋ฆฌํ•ด๋ณด์•˜๋‹ค. โ–ผ๋”๋ณด๊ธฐhttps://mnzy.tistory.com/2012. ํ•ด๊ฒฐ ๊ณผ์ • (1) ๋ฌธ์ œ ํŽ˜์ด์ง€ ์ ‘์†  - create Session >  ์ •๋ณด ์ž…๋ ฅ > create - sessionID ๋ณต์‚ฌ ํ›„ check sessi..
[Dreamhack] Level 2: blind-command
ยท
CTF, War game
1. ๋ฌธ์ œhttps://dreamhack.io/wargame/challenges/73 blind-commandRead the flag file XD Reference Web Hackingdreamhack.ioflag file์„ ์ฝ์œผ๋ผ๊ณ  ๋˜์–ด์žˆ๋‹ค. 2. ํ•ด๊ฒฐ ๊ณผ์ •(1) ๋ฌธ์ œ ํŽ˜์ด์ง€ ํ™•์ธ?cmd=hi๋ฅผ ์ฃผ๋ฉด ํ™”๋ฉด์— ๊ทธ๋Œ€๋กœ ๋ฌธ์ž์—ด์ด ์ถœ๋ ฅ๋œ๋‹ค. (2) ์ฝ”๋“œ ํ™•์ธcmd์˜ ์ฟผ๋ฆฌ๊ฐ’์„ ๋ฐ›์•„ ์‹คํ–‰ํ•˜๋Š” ์ „ํ˜•์ ์ธ command injection ์ทจ์•ฝ์ ์ด ์กด์žฌํ•˜๋Š” ํŽ˜์ด์ง€์ด๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ GET ์œผ๋กœ ์š”์ฒญ์„ ๋ฐ›์•„์˜ฌ ๋•Œ๊ฐ€ ์•„๋‹ˆ๋ผ ๋‹ค๋ฅธ ๋ฐฉ๋ฒ•์œผ๋กœ cmd๊ฐ’์„ ์ค„ ๋•Œ๋งŒ ์ด๋ฅผ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ์ด๋‹ค. ๋˜ํ•œ ์‹คํ–‰ ๊ฒฐ๊ณผ๋ฅผ ๋ธŒ๋ผ์šฐ์ €์—์„œ ํ™•์ธํ•  ์ˆ˜ ์—†๋‹ค.#!/usr/bin/env python3from flask import Flask, requestimp..
mnzy๐ŸŒฑ
'web_hacking' ํƒœ๊ทธ์˜ ๊ธ€ ๋ชฉ๋ก
-->