๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

wargame4

[Dreamhack] Level2: login-1 ๐Ÿ›Ž๏ธ Access python์œผ๋กœ ์ž‘์„ฑ๋œ ๋กœ๊ทธ์ธ ๊ธฐ๋Šฅ์„ ๊ฐ€์ง„ ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. "admin" ๊ถŒํ•œ์„ ๊ฐ€์ง„ ์‚ฌ์šฉ์ž๋กœ ๋กœ๊ทธ์ธํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ๐Ÿ‘พ Exploit Algorithm & Payload > app.py ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import Flask, request, render_template, make_response, redirect, url_for, session, g import sqlite3 import hashlib import os import time, random app = Flask(__name__) app.secret_key = os.urandom(32) DATABASE = "database.db" userLevel = { 0 : 'gu.. 2024. 2. 25.
[Dreamhack] Level4: KeyCat ๐Ÿ›Ž๏ธ Accesscat loves cats  ๐Ÿ‘พ Exploit Algorithm & Payload> deploy > docker-compose.yml... (*๋งŽ์€ ํด๋”์˜ ์ •๋ณด ์œ ์‹ฌํžˆ ๋ณผ ํ•„์š” ์žˆ์Œ)  #1: docker-compose.yml ํŒŒ์ผ์„ ๋ถ„์„ํ–ˆ๋‹ค.: Dockeer-compose๋Š” ์—ฌ๋Ÿฌ๊ฐœ์˜ ์ปจํ…Œ์ด๋„ˆ๋กœ๋ถ€ํ„ฐ ์ด๋ฃจ์–ด์ง„ ์„œ๋น„์Šค๋ฅผ ๊ตฌ์ถ•, ์‹คํ–‰ํ•˜๋Š” ์ˆœ์„œ๋ฅผ ์ž๋™์œผ๋กœ ํ•˜์—ฌ ๊ด€๋ฆฌ๋ฅผ ๊ฐ„๋‹จํ•˜๊ฒŒ ํ•˜๋Š” ๊ฒƒ์œผ๋กœ, ์—ฌ๋Ÿฌ๊ฐœ์˜ ์ปจํ…Œ์ด๋„ˆ ์„ค์ • ๋‚ด์šฉ์„ ํ•˜๋‚˜์˜ yml ํŒŒ์ผ์— ๋ชจ์•„์„œ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค. ์ฆ‰, compose ํŒŒ์ผ์„ ์ค€๋น„ํ•ด์„œ ์ปค๋งจ๋“œ 1๋ฒˆ์„ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ๋งŒ์œผ๋กœ ๊ทธ ํŒŒ์ผ๋กœ๋ถ€ํ„ฐ ์„ค์ •์„ ์ฝ์–ด๋“ค์—ฌ ๋ชจ๋“  ์ปจํ…Œ์ด๋„ˆ ์„œ๋น„์Šค๋ฅผ ์‹คํ–‰์‹œํ‚ฌ ์ˆ˜ ์žˆ๋„๋ก ํ•˜์˜€๋‹ค.: ๊ผญ ๋ฌธ์ œ์—์„œ ์‚ฌ์šฉํ•˜์ง€ ์•Š์•„๋„ ๋œ๋‹ค. ๋‹จ, ๋ฌธ์ œ์˜ ์ ‘์† ํฌํŠธ๊ฐ€ ์ผ์ • ์‹œ๊ฐ„์ด ์ง€๋‚˜.. 2024. 2. 23.
[Dreamhack] Level1: Type c-j ๐Ÿ›Ž๏ธ Access php๋กœ ์ž‘์„ฑ๋œ ํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค. ์•Œ๋งž์€ Id๊ณผ Password๋ฅผ ์ž…๋ ฅํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ์˜ ํ˜•์‹์€ DH{…} ์ž…๋‹ˆ๋‹ค. ๐Ÿ‘พ Exploit Algorithm & Payload > index.php ๋”๋ณด๊ธฐ Type c-j index page Enter the correct ID & Password. > check.php ๋”๋ณด๊ธฐ Type c-j Index page #1 : '/' ํŽ˜์ด์ง€์—์„œ id์™€ password๋ฅผ ์ž…๋ ฅ ํ›„ ์ œ์ถœํ•˜๋ฉด ๊ฐ’์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ์œผ๋กœ ์˜ˆ์ƒ๋œ๋‹ค. : ๊ทธ๋Ÿฌ๋‚˜ ์–ด๋–ค ๊ฐ’์„ ์ž…๋ ฅํ•˜์—ฌ๋„ "Try again."์ด๋ผ๋Š” ๊ฒฐ๊ณผ๊ฐ€ ์ถœ๋ ฅ๋˜์–ด์„œ ์ฝ”๋“œ๋ฅผ ๋ถ„์„ํ–ˆ๋‹ค. #2 ... $id = getRandStr(); $pw = sha1("1"); ... : id๋Š” getRandStr().. 2024. 2. 2.
[Dreamhack] Level1: baby-union ๐Ÿ›Ž๏ธ Access ๋กœ๊ทธ์ธ ์‹œ ๊ณ„์ •์˜ ์ •๋ณด๊ฐ€ ์ถœ๋ ฅ๋˜๋Š” ์›น ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. SQL INJECTION ์ทจ์•ฝ์ ์„ ํ†ตํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ๋ฌธ์ œ์—์„œ ์ฃผ์–ด์ง„ init.sql ํŒŒ์ผ์˜ ํ…Œ์ด๋ธ”๋ช…๊ณผ ์ปฌ๋Ÿผ๋ช…์€ ์‹ค์ œ ์ด๋ฆ„๊ณผ ๋‹ค๋ฆ…๋‹ˆ๋‹ค. _ ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค ๐Ÿ‘พ Exploit Algorithm & Payload > app.py ๋”๋ณด๊ธฐ import os from flask import Flask, request, render_template from flask_mysqldb import MySQL app = Flask(__name__) app.config['MYSQL_HOST'] = os.environ.get('MYSQL_HOST', 'localhost') app.config['MYSQL_USER'] = os.e.. 2024. 2. 2.
๋ฐ˜์‘ํ˜•