๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

์ „์ฒด ๊ธ€50

[Dreamhack] Level1: random-test ๐Ÿ›Ž๏ธ Access์ƒˆ ํ•™๊ธฐ๋ฅผ ๋งž์•„ ๋“œ๋ฆผ์ด์—๊ฒŒ ์‚ฌ๋ฌผํ•จ์ด ๋ฐฐ์ •๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ๊ธฐ์–ต๋ ฅ์ด ์•ˆ ์ข‹์€ ๋“œ๋ฆผ์ด๋Š” ์‚ฌ๋ฌผํ•จ ๋ฒˆํ˜ธ์™€ ์ž๋ฌผ์‡  ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋ชจ๋‘ ์žŠ์–ด๋ฒ„๋ฆฌ๊ณ  ๋ง์•˜์–ด์š”... ๋“œ๋ฆผ์ด๋ฅผ ์œ„ํ•ด ์‚ฌ๋ฌผํ•จ ๋ฒˆํ˜ธ์™€ ์ž๋ฌผ์‡  ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ์•Œ์•„๋‚ด ์ฃผ์„ธ์š”!์‚ฌ๋ฌผํ•จ ๋ฒˆํ˜ธ๋Š” ์•ŒํŒŒ๋ฒณ ์†Œ๋ฌธ์ž ํ˜น์€ ์ˆซ์ž๋ฅผ ํฌํ•จํ•˜๋Š” 4์ž๋ฆฌ ๋žœ๋ค ๋ฌธ์ž์—ด์ด๊ณ , ๋น„๋ฐ€๋ฒˆํ˜ธ๋Š” 100 ์ด์ƒ 200 ์ดํ•˜์˜ ๋žœ๋ค ์ •์ˆ˜์ž…๋‹ˆ๋‹ค. ๋‘ ๊ฐ’์„ ๋งž๊ฒŒ ์ž…๋ ฅํ•˜๋ฉด ํ”Œ๋ž˜๊ทธ๊ฐ€ ์ถœ๋ ฅ๋ฉ๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ๋Š” FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค.ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค.  ๐Ÿ‘พ Exploit Algorithm & Payload> app.py๋”๋ณด๊ธฐ#!/usr/bin/python3from flask import Flask, request, render_templateimport stringimport rand.. 2024. 3. 4.
[Dreamhack] Level1: [wargame.kr] strcmp ๐Ÿ›Ž๏ธ Access if you can bypass the strcmp function, you get the flag. ๐Ÿ‘พ Exploit Algorithm & Payload > view-source ๋”๋ณด๊ธฐ password : view-source #1 : '/' ํŽ˜์ด์ง€์—์„œ password๋ฅผ ์ž…๋ ฅํ•  ์ˆ˜ ์žˆ๋Š” ํผ์ด ์žˆ๊ณ  'chk' ๋ฒ„ํŠผ์„ ๋ˆ„๋ฅด๋ฉด ํŒจ์Šค์›Œ๋“œ๊ฐ€ ํ‹€๋ฆฐ์ง€ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค. : '/?view-sourc' ํŽ˜์ด์ง€์—์„œ๋Š” PHP ์›น ํŽ˜์ด์ง€์˜ ์ผ๋ถ€๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค. : strcmp ์ทจ์•ฝ์ ์„ ์ด์šฉํ•˜๋ฉด ํ’€๋ฆด ๊ฒƒ์ด๋ผ๋Š” ๊ฒƒ์„ ์œ ์ถ”ํ•  ์ˆ˜ ์žˆ๋‹ค. #2 strcmp(): ๋‘ ๋ฌธ์ž์—ด์ด ๊ฐ™์œผ๋ฉด 0์„, ๊ฐ™์ง€ ์•Š์œผ๋ฉด 0์ด ์•„๋‹Œ ๊ฐ’์„ ๋ฐ˜ํ™˜ strncmp(): ๋‘ ๋ฌธ์ž์—ด์˜ ์›ํ•˜๋Š” ๊ธธ์ด๋งŒํผ ๊ฐ™์œผ๋ฉด 0์„ ๊ฐ™์ง€ ์•Š์œผ๋ฉด 0์ด ์•„๋‹Œ ๊ฐ’์„ .. 2024. 2. 25.
[Dreamhack] Level2: login-1 ๐Ÿ›Ž๏ธ Access python์œผ๋กœ ์ž‘์„ฑ๋œ ๋กœ๊ทธ์ธ ๊ธฐ๋Šฅ์„ ๊ฐ€์ง„ ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. "admin" ๊ถŒํ•œ์„ ๊ฐ€์ง„ ์‚ฌ์šฉ์ž๋กœ ๋กœ๊ทธ์ธํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ๐Ÿ‘พ Exploit Algorithm & Payload > app.py ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import Flask, request, render_template, make_response, redirect, url_for, session, g import sqlite3 import hashlib import os import time, random app = Flask(__name__) app.secret_key = os.urandom(32) DATABASE = "database.db" userLevel = { 0 : 'gu.. 2024. 2. 25.
[Dreamhack] CTF Season 5 Round #4 - BypassIF ๐Ÿ›Ž๏ธ Access Admin์˜ KEY๊ฐ€ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค! ์•Œ๋งž์€ KEY๊ฐ’์„ ์ž…๋ ฅํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload > ./app.py ๋”๋ณด๊ธฐ #!/usr/bin/env python3 import subprocess from flask import Flask, request, render_template, redirect, url_for import string import os import hashlib app = Flask(__name__) try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" KEY = hashlib.md5(FLAG.encode()).h.. 2024. 2. 25.
๋ฐ˜์‘ํ˜•