๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

WebHacking28

[Dreamhack] Level4: KeyCat ๐Ÿ›Ž๏ธ Accesscat loves cats  ๐Ÿ‘พ Exploit Algorithm & Payload> deploy > docker-compose.yml... (*๋งŽ์€ ํด๋”์˜ ์ •๋ณด ์œ ์‹ฌํžˆ ๋ณผ ํ•„์š” ์žˆ์Œ)  #1: docker-compose.yml ํŒŒ์ผ์„ ๋ถ„์„ํ–ˆ๋‹ค.: Dockeer-compose๋Š” ์—ฌ๋Ÿฌ๊ฐœ์˜ ์ปจํ…Œ์ด๋„ˆ๋กœ๋ถ€ํ„ฐ ์ด๋ฃจ์–ด์ง„ ์„œ๋น„์Šค๋ฅผ ๊ตฌ์ถ•, ์‹คํ–‰ํ•˜๋Š” ์ˆœ์„œ๋ฅผ ์ž๋™์œผ๋กœ ํ•˜์—ฌ ๊ด€๋ฆฌ๋ฅผ ๊ฐ„๋‹จํ•˜๊ฒŒ ํ•˜๋Š” ๊ฒƒ์œผ๋กœ, ์—ฌ๋Ÿฌ๊ฐœ์˜ ์ปจํ…Œ์ด๋„ˆ ์„ค์ • ๋‚ด์šฉ์„ ํ•˜๋‚˜์˜ yml ํŒŒ์ผ์— ๋ชจ์•„์„œ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค. ์ฆ‰, compose ํŒŒ์ผ์„ ์ค€๋น„ํ•ด์„œ ์ปค๋งจ๋“œ 1๋ฒˆ์„ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ๋งŒ์œผ๋กœ ๊ทธ ํŒŒ์ผ๋กœ๋ถ€ํ„ฐ ์„ค์ •์„ ์ฝ์–ด๋“ค์—ฌ ๋ชจ๋“  ์ปจํ…Œ์ด๋„ˆ ์„œ๋น„์Šค๋ฅผ ์‹คํ–‰์‹œํ‚ฌ ์ˆ˜ ์žˆ๋„๋ก ํ•˜์˜€๋‹ค.: ๊ผญ ๋ฌธ์ œ์—์„œ ์‚ฌ์šฉํ•˜์ง€ ์•Š์•„๋„ ๋œ๋‹ค. ๋‹จ, ๋ฌธ์ œ์˜ ์ ‘์† ํฌํŠธ๊ฐ€ ์ผ์ • ์‹œ๊ฐ„์ด ์ง€๋‚˜.. 2024. 2. 23.
[Dreamhack] Level1:Beginner blue-whale ๐Ÿ›Ž๏ธ Access๋ณด์ฝ”๊ฐ€ ์—ฌ๋Ÿฌ๋ถ„์—๊ฒŒ ๋„์›€์„ ์š”์ฒญํ•ฉ๋‹ˆ๋‹ค. "๋ถ„๋ช… ํ”Œ๋ž˜๊ทธ ํŒŒ์ผ์ด ์žˆ์—ˆ๋Š”๋ฐ์š”... ์—†์–ด์กŒ์–ด์š”."Docker hub์˜ dreamhackofficial/blue-whale ๋ ˆํฌ์ง€ํ† ๋ฆฌ (TAG:1) ์—์„œ ๋„์ปค ์ด๋ฏธ์ง€๋ฅผ ๋‹ค์šด๋ฐ›์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋„์ปค ์ด๋ฏธ์ง€๋ฅผ ๋ถ„์„ํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”.์ฃผ์–ด์ง„ Dockerfile์€ ์ด๋ฏธ์ง€๋ฅผ ๋นŒ๋“œํ•  ๋•Œ ์‚ฌ์šฉํ•œ ํŒŒ์ผ๋กœ, ํ’€์ด์ž๊ฐ€ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค.  ๐Ÿ‘พ Exploit Algorithm & Payload> Dokerfile๋”๋ณด๊ธฐFROM ubuntu:22.04@sha256:27cb6e6ccef575a4698b66f5de06c7ecd61589132d5a91d098f7f3f9285415a9ENV user challENV chall_port .. 2024. 2. 7.
[Dreamhack] Level2: Dream Gallery ๐Ÿ›Ž๏ธ Access ๋“œ๋ฆผ์ด๋Š” ๊ฐค๋Ÿฌ๋ฆฌ ์‚ฌ์ดํŠธ๋ฅผ ๊ตฌ์ถ•ํ–ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ๋ฐ ์™ธ๋ถ€๋กœ ์š”์ฒญํ•˜๋Š” ๊ธฐ๋Šฅ์ด ์•ˆ์ „ํ•œ ๊ฑด์ง€ ๋ชจ๋ฅด๊ฒ ๋‹ค๊ณ  ํ•˜๋„ค์š”... ๊ฐค๋Ÿฌ๋ฆฌ ์‚ฌ์ดํŠธ์—์„œ ์ทจ์•ฝ์ ์„ ์ฐพ๊ณ  flag๋ฅผ ํš๋“ํ•˜์„ธ์š”! flag๋Š” /flag.txt์— ์žˆ์Šต๋‹ˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload > app.py ๋”๋ณด๊ธฐ from flask import Flask, request, render_template, url_for, redirect from urllib.request import urlopen import base64, os app = Flask(__name__) app.secret_key = os.urandom(32) mini_database = [] @app.route('/') def index(): return r.. 2024. 2. 3.
[Dreamhack] Level1: Type c-j ๐Ÿ›Ž๏ธ Access php๋กœ ์ž‘์„ฑ๋œ ํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค. ์•Œ๋งž์€ Id๊ณผ Password๋ฅผ ์ž…๋ ฅํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ์˜ ํ˜•์‹์€ DH{…} ์ž…๋‹ˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload > index.php ๋”๋ณด๊ธฐ Type c-j index page Enter the correct ID & Password. > check.php ๋”๋ณด๊ธฐ Type c-j Index page #1 : '/' ํŽ˜์ด์ง€์—์„œ id์™€ password๋ฅผ ์ž…๋ ฅ ํ›„ ์ œ์ถœํ•˜๋ฉด ๊ฐ’์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ์œผ๋กœ ์˜ˆ์ƒ๋œ๋‹ค. : ๊ทธ๋Ÿฌ๋‚˜ ์–ด๋–ค ๊ฐ’์„ ์ž…๋ ฅํ•˜์—ฌ๋„ "Try again."์ด๋ผ๋Š” ๊ฒฐ๊ณผ๊ฐ€ ์ถœ๋ ฅ๋˜์–ด์„œ ์ฝ”๋“œ๋ฅผ ๋ถ„์„ํ–ˆ๋‹ค. #2 ... $id = getRandStr(); $pw = sha1("1"); ... : id๋Š” getRandStr().. 2024. 2. 2.
๋ฐ˜์‘ํ˜•