본문 바로가기
반응형

전체 글50

[Dreamhack] Level1: file-download-1 🛎️Access File Download 취약점이 존재하는 웹 서비스이다. flag.py를 다운로드 받으면 플래그를 획득할 수 있다. 👾Exploit Algorithm & Payload 더보기 #!/usr/bin/env python3 import os import shutil from flask import Flask, request, render_template, redirect from flag import FLAG APP = Flask(__name__) UPLOAD_DIR = 'uploads' @APP.route('/') def index(): files = os.listdir(UPLOAD_DIR) return render_template('index.html', files=files) @APP.r.. 2023. 9. 3.
[Dreamhack] Level3: XSS Filtering Bypass Advanced 🛎️ Access Exercise: XSS Filtering Bypass의 패치된 문제이다. 👾Exploit Algorithm & Payload 더보기 #!/usr/bin/python3 from flask import Flask, request, render_template from selenium import webdriver import urllib import os app = Flask(__name__) app.secret_key = os.urandom(32) try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" def read_url(url, cookie={"name": "name", "value": "value"}): co.. 2023. 9. 2.
[Dreamhack] Level1: Return to Shellcode 🛎️ Access Exploit Tech: Return to Shellcode에서 실습하는 문제입니다. 👾 Exploit Algorithm & Payload 더보기 // Name: r2s.c // Compile: gcc -o r2s r2s.c -zexecstack #include #include void init() { setvbuf(stdin, 0, 2, 0); setvbuf(stdout, 0, 2, 0); } int main() { char buf[0x50]; init(); printf("Address of the buf: %p\n", buf); printf("Distance between buf and $rbp: %ld\n", (char*)__builtin_frame_address(0) - buf).. 2023. 8. 30.
[Dreamhack] Level1: XSS Filtering Bypass 🛎️ Access Exercise: XSS Filtering Bypass에서 실습하는 문제이다. 👾Exploit Algorithm & Payload 더보기 #!/usr/bin/python3 from flask import Flask, request, render_template from selenium import webdriver import urllib import os app = Flask(__name__) app.secret_key = os.urandom(32) try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" def read_url(url, cookie={"name": "name", "value": "value"}): .. 2023. 8. 28.
반응형