๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

season53

[Dreamhack] CTF Season 5 Round #4 - BypassIF ๐Ÿ›Ž๏ธ Access Admin์˜ KEY๊ฐ€ ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค! ์•Œ๋งž์€ KEY๊ฐ’์„ ์ž…๋ ฅํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload > ./app.py ๋”๋ณด๊ธฐ #!/usr/bin/env python3 import subprocess from flask import Flask, request, render_template, redirect, url_for import string import os import hashlib app = Flask(__name__) try: FLAG = open("./flag.txt", "r").read() except: FLAG = "[**FLAG**]" KEY = hashlib.md5(FLAG.encode()).h.. 2024. 2. 25.
[Dreamhack] CTF Season5 Round #2 - addition-quiz ๐Ÿ›Ž๏ธ Access ๋žœ๋คํ•œ 2๊ฐœ์˜ ์ˆซ์ž๋ฅผ ๋”ํ•œ ๊ฒฐ๊ณผ๊ฐ€ ์ž…๋ ฅ ๊ฐ’๊ณผ ์ผ์น˜ํ•˜๋Š”์ง€ ํ™•์ธํ•˜๋Š” ๊ณผ์ •์„ 50๋ฒˆ ๋ฐ˜๋ณตํ•˜๋Š” ํ”„๋กœ๊ทธ๋žจ์ž…๋‹ˆ๋‹ค. ๋ชจ๋‘ ์ผ์น˜ํ•˜๋ฉด flag ํŒŒ์ผ์— ์žˆ๋Š” ํ”Œ๋ž˜๊ทธ๋ฅผ ์ถœ๋ ฅํ•ฉ๋‹ˆ๋‹ค. ์•Œ๋งž์€ ๊ฐ’์„ ์ž…๋ ฅํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{…} ์ž…๋‹ˆ๋‹ค. Hint) pwntools ๐Ÿ‘พ Exploit Algorithm & Payload > chall.c ๋”๋ณด๊ธฐ // Name: chall.c // Compile Option: gcc chall.c -o chall -fno-stack-protector #include #include #include #include #include #include #define FLAG_SIZE 0x45 void alarm_handler() { puts("TIME OUT"); .. 2024. 1. 28.
[Dreamhack] CTF Season 5 Round #2 - php7cmp4re ๐Ÿ›Ž๏ธ Access php 7.4๋กœ ์ž‘์„ฑ๋œ ํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค. ์•Œ๋งž์€ Input ๊ฐ’์„ ์ž…๋ ฅํ•˜๊ณ  ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{} ์ž…๋‹ˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload > index.php ๋”๋ณด๊ธฐ php7cmp4re index page Enter the correct Input. > check.php ๋”๋ณด๊ธฐ php7cmp4re Index page > flag.php ๋”๋ณด๊ธฐ #1 : '/' ํŽ˜์ด์ง€์—์„œ ๋‹ค์Œ๊ณผ ๊ฐ™์ด input1๊ณผ input2์— ์ž…๋ ฅ ํ›„ ์ œ์ถœํ•˜๋ฉด ๊ฐ’์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ์œผ๋กœ ์˜ˆ์ƒ๋œ๋‹ค. : ๊ทธ๋Ÿฌ๋‚˜ ์–ด๋–ค ๊ฐ’์„ ์ž…๋ ฅํ•˜์—ฌ๋„ "Try again."์ด๋ผ๋Š” ๊ฒฐ๊ณผ๊ฐ€ ์ถœ๋ ฅ๋˜์–ด์„œ ์ฝ”๋“œ๋ฅผ ๋ถ„์„ํ–ˆ๋‹ค. #2 1) input_1๊ณผ input_2๋Š” ๊ณต๋ฐฑ์ด์—ฌ์„œ๋Š” ์•ˆ๋œ๋‹ค 2) input_1์˜ ๋ฌธ์ž.. 2024. 1. 28.
๋ฐ˜์‘ํ˜•

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”