๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

์ „์ฒด ๊ธ€50

[Dreamhack] CTF Season 5 Round #2 - php7cmp4re ๐Ÿ›Ž๏ธ Access php 7.4๋กœ ์ž‘์„ฑ๋œ ํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค. ์•Œ๋งž์€ Input ๊ฐ’์„ ์ž…๋ ฅํ•˜๊ณ  ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{} ์ž…๋‹ˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload > index.php ๋”๋ณด๊ธฐ php7cmp4re index page Enter the correct Input. > check.php ๋”๋ณด๊ธฐ php7cmp4re Index page > flag.php ๋”๋ณด๊ธฐ #1 : '/' ํŽ˜์ด์ง€์—์„œ ๋‹ค์Œ๊ณผ ๊ฐ™์ด input1๊ณผ input2์— ์ž…๋ ฅ ํ›„ ์ œ์ถœํ•˜๋ฉด ๊ฐ’์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ์œผ๋กœ ์˜ˆ์ƒ๋œ๋‹ค. : ๊ทธ๋Ÿฌ๋‚˜ ์–ด๋–ค ๊ฐ’์„ ์ž…๋ ฅํ•˜์—ฌ๋„ "Try again."์ด๋ผ๋Š” ๊ฒฐ๊ณผ๊ฐ€ ์ถœ๋ ฅ๋˜์–ด์„œ ์ฝ”๋“œ๋ฅผ ๋ถ„์„ํ–ˆ๋‹ค. #2 1) input_1๊ณผ input_2๋Š” ๊ณต๋ฐฑ์ด์—ฌ์„œ๋Š” ์•ˆ๋œ๋‹ค 2) input_1์˜ ๋ฌธ์ž.. 2024. 1. 28.
[Dreamhack] Level1: error based sql injection ๐Ÿ›Ž๏ธ Access Simple Error Based SQL Injection ! ๐Ÿ‘พ Exploit Algorithm & Payload > app.py ๋”๋ณด๊ธฐ import os from flask import Flask, request from flask_mysqldb import MySQL app = Flask(__name__) app.config['MYSQL_HOST'] = os.environ.get('MYSQL_HOST', 'localhost') app.config['MYSQL_USER'] = os.environ.get('MYSQL_USER', 'user') app.config['MYSQL_PASSWORD'] = os.environ.get('MYSQL_PASSWORD', 'pass') app.conf.. 2024. 1. 26.
๋…ธํŠธ๋ถ ๋ฐฐํ„ฐ๋ฆฌ ์ˆ˜๋ช… ํ™•์ธ ์š”์•ฝ 1) windows + r (์‹คํ–‰ ๋ช…๋ น์–ด) 2) cmd (๋ช…๋ น ํ”„๋กฌํ”„ํŠธ) 3) powercfg /batteryreport /output "c:/battery-report.html" (ํ•ด๋‹น ๋ช…๋ น์–ด ์ž…๋ ฅ, output ๋’ค๋Š” ์ €์žฅ ์œ„์น˜ ๊ฒฝ๋กœ ๋ฐ ํŒŒ์ผ ์ด๋ฆ„์ด๋ผ ํŽธํ•œ ์œ„์น˜๋กœ ์ง€์ •) 4) ํ•ด๋‹น ๊ฒฝ๋กœ์—์„œ ์‚ฌ์šฉ ์ค‘์ธ ์›น๋ธŒ๋ผ์šฐ์ €์—์„œ ํ™•์ธ ๊ฐ€๋Šฅ ๋™์ž‘ ๋ถ„์„ ๋‚ด์šฉ Battery report (๊ธฐ๋ณธ์ ์ธ ๋…ธํŠธ๋ถ ์ •๋ณด๋“ค) - COMPUTER NAME: ํ•ด๋‹น ๊ฒ€์‚ฌ๋œ ๋…ธํŠธ๋ถ๋ช… - SYSTEM PRODUCT NAME: ํ•ด๋‹น ๊ฒ€์‚ฌ๋œ ์‹œ์Šคํ…œ ์ œํ’ˆ๋ช… - BIOS(Basic Input/Output System): ์šด์˜ ์ฒด์ œ ์ค‘ ๊ฐ€์žฅ ๊ธฐ๋ณธ์ ์ธ ์†Œํ”„ํŠธ์›จ์–ด์ด์ž ์ปดํ“จํ„ฐ์˜ ์ž…์ถœ๋ ฅ์„ ์ฒ˜๋ฆฌํ•˜๋Š” ํŽŒ์›จ์–ด - OS BUILD: ๊ฐ™์€ ๋ฒ„์ „์˜ OS์—์„œ ์ƒ์„ธ๋ถ€.. 2024. 1. 17.
[Dreamhack] Level3: CSP Bypass Advanced ๐Ÿ›Ž๏ธAccess Exercise: CSP Bypass์˜ ํŒจ์น˜๋œ ๋ฌธ์ œ์ด๋‹ค. ๐Ÿ‘พExploit Algorithm & Payload ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import Flask, request, render_template from selenium import webdriver import urllib import os app = Flask(__name__) app.secret_key = os.urandom(32) nonce = os.urandom(16).hex() try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" def read_url(url, cookie={"name": "name", "val.. 2024. 1. 17.
๋ฐ˜์‘ํ˜•