๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

์ „์ฒด ๊ธ€50

[Dreamhack] Level1: basic_exploitation_001 ๐Ÿ›Ž๏ธ Access ์ด ๋ฌธ์ œ๋Š” ์„œ๋ฒ„์—์„œ ์ž‘๋™ํ•˜๊ณ  ์žˆ๋Š” ์„œ๋น„์Šค(basic_exploitation_001)์˜ ๋ฐ”์ด๋„ˆ๋ฆฌ์™€ ์†Œ์Šค ์ฝ”๋“œ๊ฐ€ ์ฃผ์–ด์ง‘๋‹ˆ๋‹ค. ํ”„๋กœ๊ทธ๋žจ์˜ ์ทจ์•ฝ์ ์„ ์ฐพ๊ณ  ์ต์Šคํ”Œ๋กœ์ž‡ํ•ด “flag” ํŒŒ์ผ์„ ์ฝ์œผ์„ธ์š”. “flag” ํŒŒ์ผ์˜ ๋‚ด์šฉ์„ ์›Œ๊ฒŒ์ž„ ์‚ฌ์ดํŠธ์— ์ธ์ฆํ•˜๋ฉด ์ ์ˆ˜๋ฅผ ํš๋“ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ์˜ ํ˜•์‹์€ DH{…} ์ž…๋‹ˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload ๋”๋ณด๊ธฐ #basic_exploitation_001.c #include #include #include #include void alarm_handler() { puts("TIME OUT"); exit(-1); } void initialize() { setvbuf(stdin, NULL, _IONBF, 0); setvbuf(stdout,.. 2023. 8. 28.
[Dreamhack] Level1: image-storage ๐Ÿ›Ž๏ธ Access php๋กœ ์ž‘์„ฑ๋œ ํŒŒ์ผ ์ €์žฅ ์„œ๋น„์Šค์ด๋‹ค. ํŒŒ์ผ ์—…๋กœ๋“œ ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“. ํ”Œ๋ž˜๊ทธ๋Š” /flag.txt์— ์žˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload > index.php ๋”๋ณด๊ธฐ Image Storage Home List Upload Upload and Share Image ! > list.php ๋”๋ณด๊ธฐ Image Storage Home List Upload 2023. 8. 26.
[Dreamhack] Level2: basic_exploitation_000 ๐Ÿ›Ž๏ธ Access ์ด ๋ฌธ์ œ๋Š” ์„œ๋ฒ„์—์„œ ์ž‘๋™ํ•˜๊ณ  ์žˆ๋Š” ์„œ๋น„์Šค(basic_exploitation_000)์˜ ๋ฐ”์ด๋„ˆ๋ฆฌ์™€ ์†Œ์Šค ์ฝ”๋“œ๊ฐ€ ์ฃผ์–ด์ง‘๋‹ˆ๋‹ค. ํ”„๋กœ๊ทธ๋žจ์˜ ์ทจ์•ฝ์ ์„ ์ฐพ๊ณ  ์ต์Šคํ”Œ๋กœ์ž‡ํ•ด ์…ธ์„ ํš๋“ํ•œ ํ›„, “flag” ํŒŒ์ผ์„ ์ฝ์œผ์„ธ์š”. “flag” ํŒŒ์ผ์˜ ๋‚ด์šฉ์„ ์›Œ๊ฒŒ์ž„ ์‚ฌ์ดํŠธ์— ์ธ์ฆํ•˜๋ฉด ์ ์ˆ˜๋ฅผ ํš๋“ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ์˜ ํ˜•์‹์€ DH{…} ์ž…๋‹ˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload ๋”๋ณด๊ธฐ #basic_exploitaion_000.c #include #include #include #include void alarm_handler() { puts("TIME OUT"); exit(-1); } void initialize() { setvbuf(stdin, NULL, _IONBF, 0); setvbu.. 2023. 8. 25.
[Dreamhack] Level1: command-injection-1 ๐Ÿ›Ž๏ธAccess ํŠน์ • Host์— ping ํŒจํ‚ท์„ ๋ณด๋‚ด๋Š” ์„œ๋น„์Šค์ด๋‹ค. Command Injection์„ ํ†ตํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“. ํ”Œ๋ž˜๊ทธ๋Š” flag.py์— ์žˆ๋‹ค. ๐Ÿ‘พExploit Algorithm & Payload ๋”๋ณด๊ธฐ #!/usr/bin/env python3 import subprocess from flask import Flask, request, render_template, redirect from flag import FLAG APP = Flask(__name__) @APP.route('/') def index(): return render_template('index.html') @APP.route('/ping', methods=['GET', 'POST']) def ping(): if request.. 2023. 8. 24.
๋ฐ˜์‘ํ˜•