๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
728x90

์ „์ฒด ๊ธ€720

Dreamhack - ์›Œ๊ฒŒ์ž„, Mango ํ’€์ด https://dreamhack.io/wargame/challenges/90/ Mango Description ์ด ๋ฌธ์ œ๋Š” ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค์— ์ €์žฅ๋œ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜๋Š” ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ๋Š” admin ๊ณ„์ •์˜ ๋น„๋ฐ€๋ฒˆํ˜ธ ์ž…๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ์˜ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค. {'uid': 'admin', 'upw': 'DH{32alphanumeric}'} Reference Serv dreamhack.io NOSQL Injection์— ๊ด€ํ•œ ๋ฌธ์ œ๋‹ค. ํŽ˜์ด์ง€๋กœ ๋“ค์–ด๊ฐ€๋‹ˆ๊น ๋‹ค์งœ๊ณ ์งœ /login์—์„œ ๋กœ๊ทธ์ธ์„ ํ•˜๋ผ๊ณ  ๋œฌ๋‹ค. ์ฃผ์†Œ์— ๋ณต์‚ฌ ๋ถ™์—ฌ๋„ฃ๊ธฐ๋ฅผ ํ•ด๋ณด๋‹ˆ guest๋กœ ๋กœ๊ทธ์ธ์ด ๋๋Š”์ง€ ํ™”๋ฉด์—๋Š” guest๋งŒ ๋œธ ๋งŒ์•ฝ์— uid ๊ฐ’์œผ๋กœ admin์„ ์ฃผ๊ฒŒ ๋˜๋ฉด ํŽ˜์ด์ง€์—๋Š” filter๋ผ๊ณ  ๋œจ๊ฒŒ ๋œ๋‹ค. ๋ฌธ์ œ์—์„œ ์ œ๊ณตํ•˜๋Š” ์„œ๋ฒ„ ํŒŒ์ผ์„ ํ™•์ธํ•ด๋ณด๋ฉด .. 2021. 12. 9.
ํ”„๋กœ๊ทธ๋ž˜๋จธ์Šค - ๊ณ ์–‘์ด์™€ ๊ฐœ๋Š” ๋ช‡ ๋งˆ๋ฆฌ ์žˆ์„๊นŒ, MySQL https://programmers.co.kr/learn/courses/30/lessons/59040 ์ฝ”๋”ฉํ…Œ์ŠคํŠธ ์—ฐ์Šต - ๊ณ ์–‘์ด์™€ ๊ฐœ๋Š” ๋ช‡ ๋งˆ๋ฆฌ ์žˆ์„๊นŒ ANIMAL_INS ํ…Œ์ด๋ธ”์€ ๋™๋ฌผ ๋ณดํ˜ธ์†Œ์— ๋“ค์–ด์˜จ ๋™๋ฌผ์˜ ์ •๋ณด๋ฅผ ๋‹ด์€ ํ…Œ์ด๋ธ”์ž…๋‹ˆ๋‹ค. ANIMAL_INS ํ…Œ์ด๋ธ” ๊ตฌ์กฐ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™์œผ๋ฉฐ, ANIMAL_ID, ANIMAL_TYPE, DATETIME, INTAKE_CONDITION, NAME, SEX_UPON_INTAKE๋Š” ๊ฐ๊ฐ ๋™๋ฌผ์˜ ์•„์ด๋”” programmers.co.kr SELECT ANIMAL_TYPE, count( ANIMAL_TYPE ) AS count FROM ANIMAL_INS WHERE ANIMAL_TYPE = 'Cat' UNION SELECT ANIMAL_TYPE, count( ANIMAL_TY.. 2021. 12. 8.
ํ”„๋กœ๊ทธ๋ž˜๋จธ์Šค - ์˜คํ”ˆ์ฑ„ํŒ…๋ฐฉ, ํŒŒ์ด์ฌ https://programmers.co.kr/learn/courses/30/lessons/42888?language=python3 ์ฝ”๋”ฉํ…Œ์ŠคํŠธ ์—ฐ์Šต - ์˜คํ”ˆ์ฑ„ํŒ…๋ฐฉ ์˜คํ”ˆ์ฑ„ํŒ…๋ฐฉ ์นด์นด์˜คํ†ก ์˜คํ”ˆ์ฑ„ํŒ…๋ฐฉ์—์„œ๋Š” ์นœ๊ตฌ๊ฐ€ ์•„๋‹Œ ์‚ฌ๋žŒ๋“ค๊ณผ ๋Œ€ํ™”๋ฅผ ํ•  ์ˆ˜ ์žˆ๋Š”๋ฐ, ๋ณธ๋ž˜ ๋‹‰๋„ค์ž„์ด ์•„๋‹Œ ๊ฐ€์ƒ์˜ ๋‹‰๋„ค์ž„์„ ์‚ฌ์šฉํ•˜์—ฌ ์ฑ„ํŒ…๋ฐฉ์— ๋“ค์–ด๊ฐˆ ์ˆ˜ ์žˆ๋‹ค. ์‹ ์ž…์‚ฌ์›์ธ ๊น€ํฌ๋ฃจ๋Š” ์นด์นด์˜คํ†ก ์˜ค programmers.co.kr users = {} def solution(record): answer = [] for line in record: data = line.split() action, userId = data[0], data[1] if action in ("Enter", "Change"): nick = data[2] users[userId] = ni.. 2021. 12. 8.
ํ”„๋กœ๊ทธ๋ž˜๋จธ์Šค - ๋ฌธ์ž์—ด ๋‚ด p์™€ y์˜ ๊ฐœ์ˆ˜, ํŒŒ์ด์ฌ https://programmers.co.kr/learn/courses/30/lessons/12916 ์ฝ”๋”ฉํ…Œ์ŠคํŠธ ์—ฐ์Šต - ๋ฌธ์ž์—ด ๋‚ด p์™€ y์˜ ๊ฐœ์ˆ˜ ๋Œ€๋ฌธ์ž์™€ ์†Œ๋ฌธ์ž๊ฐ€ ์„ž์—ฌ์žˆ๋Š” ๋ฌธ์ž์—ด s๊ฐ€ ์ฃผ์–ด์ง‘๋‹ˆ๋‹ค. s์— 'p'์˜ ๊ฐœ์ˆ˜์™€ 'y'์˜ ๊ฐœ์ˆ˜๋ฅผ ๋น„๊ตํ•ด ๊ฐ™์œผ๋ฉด True, ๋‹ค๋ฅด๋ฉด False๋ฅผ return ํ•˜๋Š” solution๋ฅผ ์™„์„ฑํ•˜์„ธ์š”. 'p', 'y' ๋ชจ๋‘ ํ•˜๋‚˜๋„ ์—†๋Š” ๊ฒฝ์šฐ๋Š” ํ•ญ์ƒ True๋ฅผ programmers.co.kr import re def solution(s): if re.subn("[pP]", "", s)[1] == re.subn("[yY]", "", s)[1]: return True else: return False ์ •๊ทœ ํ‘œํ˜„์‹ re.subn์œผ๋กœ ๋ฌธ์ž ๊ธธ์ด ์•Œ์•„๋‚ด๊ธฐ 2021. 12. 8.
Lord of SQLinjection - succubus https://los.rubiya.kr/chall/succubus_37568a99f12e6bd2f097e8038f74d768.php https://los.rubiya.kr/chall/succubus_37568a99f12e6bd2f097e8038f74d768.php los.rubiya.kr ์•„์ด๋””์™€ ํŒจ์Šค์›Œ๋“œ๋ฅผ ์ž…๋ ฅ์„ ๋ฐ›๊ณ  ์žˆ์œผ๋ฉฐ, (')๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ์•ˆ ๋œ๋‹ค. ์ •๋‹ต) ?id=\&pw=OR 1=1;%00 id์— ์ฃผ์„์ฒ˜๋ฆฌ๋ฅผ ํ•ด์„œ pw์˜ ์ฒซ๋ฒˆ์งธ ' ๊นŒ์ง€ ๋ฌธ์ž์—ด ํ˜•ํƒœ๋กœ ๋งŒ๋“ ๋‹ค. id='\' and pw='OR 1=1;%00 ๊ทธ๋ฆฌ๊ณ  ์ฐธ์ด ๋˜๋Š” ์กฐ๊ฑด๊ณผ ๋’ค์˜ '๋ฅผ ๋ฌด์‹œํ•˜๊ธฐ ์œ„ํ•ด ์ฃผ์„์ฒ˜๋ฆฌ๋ฅผ ํ•ด์ฃผ๋ฉด ํ•ด๊ฒฐ 2021. 12. 8.
Lord of SQLinjection - assassin https://los.rubiya.kr/chall/assassin_14a1fd552c61c60f034879e5d4171373.php https://los.rubiya.kr/chall/assassin_14a1fd552c61c60f034879e5d4171373.php los.rubiya.kr ํŒจ์Šค์›Œ๋“œ๋ฅผ ์ž…๋ ฅ์„ ๋ฐ›๋Š”๋ฐ '๋ฅผ ๊ธˆ์ง€ํ•˜๊ณ  ์žˆ์–ด์„œ ๋‹ค๋ฅธ ์ฟผ๋ฆฌ๋ฌธ์„ ๋„ฃ๋Š” ๊ฒŒ ํž˜๋“ค๋‹ค. ๋ฌธ์ œ์—์„œ ์‹คํ–‰๋˜๋Š” ์ฟผ๋ฆฌ๋ฌธ์„ ์ž˜ ์‚ดํŽด๋ณด๋ฉด pw๊ฐ€ =๊ฐ€ ์•„๋‹Œ like๋กœ ์ผ์น˜ํ•˜๋Š” ์กฐ๊ฑด์„ ๊ตฌํ•˜๊ณ  ์žˆ๋‹ค. LIKE๋Š” =์™€ ๋‹ค๋ฅด๊ฒŒ ํŠน์ • ๋ฌธ์ž๊ฐ€ ํฌํ•จ์ด ๋˜์–ด์žˆ์–ด๋„ ์กฐ๊ฑด์„ ์ฐธ์œผ๋กœ ๋งŒ๋“ค ์ˆ˜๊ฐ€ ์žˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด A๋กœ ์‹œ์ž‘ํ•˜๋Š” ๋ฌธ์ž๋ฅผ ์ฐพ๊ณ  ์‹ถ๋‹ค๋ฉด A% A๋กœ ๋๋‚˜๋Š” ๋ฌธ์ž๋ฅผ ์ฐพ๊ณ  ์‹ถ๋‹ค๋ฉด %A A๊ฐ€ ํฌํ•จํ•˜๋Š” ๋ฌธ์ž๋ฅผ ์ฐพ๊ณ  ์‹ถ๋‹ค๋ฉด %A% ์ด๋Ÿฐ ์‹์œผ๋กœ ๋ง์ด๋‹ค. ๋˜ํ•œ _๋ฅผ.. 2021. 12. 8.
Lord of SQLinjection - giant https://los.rubiya.kr/chall/giant_18a08c3be1d1753de0cb157703f75a5e.php https://los.rubiya.kr/chall/giant_18a08c3be1d1753de0cb157703f75a5e.php los.rubiya.kr shit์ด๋ผ๋Š” ์ธ์ž๋ฅผ ์ž…๋ ฅ๋ฐ›์•„์„œ ์ฟผ๋ฆฌ๋ฌธ์„ ์‹คํ–‰์‹œํ‚ค๋Š” ๊ฒƒ์ด ๋ชฉ์  ์ฟผ๋ฆฌ๋ฌธ์€ select 1234 from{$_GET[shit]}prob_giant where 1 ์ด๋ ‡๊ฒŒ ๊ตฌ์„ฑ๋˜์–ด์žˆ์œผ๋ฉฐ, ์ฟผ๋ฆฌ๋ฅผ ์ •์ƒ ๋™์ž‘์„ ์‹œํ‚ค๊ธฐ ์œ„ํ•ด์„œ๋Š” from ๋’ค์— ๊ณต๋ฐฑ์„ ๋„ฃ์–ด์•ผ ํ•œ๋‹ค. ๊ณต๋ฐฑ์„ ๋„˜๊ฒจ์ฃผ๋Š”๊ฒŒ ์‰ฝ์ง€๋งŒ์€ ์•Š๋‹ค. URL ์ฃผ์†Œ์— ์ŠคํŽ˜์ด์Šค๋ฅผ ๋„ฃ์–ด๋„ ์ „๋‹ฌ์ด ๋˜์ง€ ์•Š๋Š”๋‹ค. ๊ทธ๋ž˜์„œ ๊ณต๋ฐฑ์„ ๋Œ€์‹ ํ•  ๋‹ค๋ฅธ ๊ฒƒ์„ ๋„ฃ์–ด์คฌ๋‹ค. ๋ฐ”๋กœ "%0b" ์š”๊ฒƒ์„ ์ฐธ๊ณ : https://jan.. 2021. 12. 8.
์›น ํ•ดํ‚น - ํฌ๋กฌ ์ŠคํŒŒ์ด์›จ์–ด ํ™•์žฅ ํ”„๋กœ๊ทธ๋žจ , Bad Extension ํฌ๋กฌ ํ™•์žฅ์ž๋ฅผ ์ด์šฉํ•ด ๋ธŒ๋ผ์šฐ์ € ์ „์šฉ ์ŠคํŒŒ์ด์›จ์–ด๋ฅผ ๋งŒ๋“ค์–ด๋ณด์•˜์Šต๋‹ˆ๋‹ค. ์šฐ์„  ๋Œ€์ƒ์˜ ์ปดํ“จํ„ฐ์— ์„ค์น˜๋ฅผ ํ•˜๋Š” ๊ฑด ์ƒ์ƒ์— ๋งก๊ธฐ๊ณ , ํ™•์žฅ ํ”„๋กœ๊ทธ๋žจ์„ ์„ค์น˜ํ•˜๊ฒŒ ๋˜๋ฉด ๋ณ„ ๋‹ค๋ฅธ ์ด์ƒ ์ฆ์ƒ์€ ์—†์Šต๋‹ˆ๋‹ค. ํ™•์žฅ ํ”„๋กœ๊ทธ๋žจ ์•„์ด์ฝ˜์„ ํด๋ฆญํ•ด๋„ ๋ณ„ ๋‹ค๋ฅธ ๊ธฐ๋Šฅ์€ ์—†์Šต๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ๋งŒ์•ฝ ์œ ์ €๊ฐ€ ๋‹ค๋ฅธ ํŽ˜์ด์ง€๋กœ ์ด๋™์„ ํ•  ๊ฒฝ์šฐ๊ฐ€ ์ƒ๊ธฐ๋ฉด ๊ณต๊ฒฉ์ž์˜ PC์—๋Š” ์œ ์ €๊ฐ€ ๋Œ์•„๋‹ค๋‹Œ ํŽ˜์ด์ง€์˜ html ํŒŒ์ผ๊ณผ ์Šคํฌ๋ฆฐ์ƒท ํŒŒ์ผ์„ ๋‹ค์šด๋กœ๋“œ ๋ฐ›๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. ์›๋ฆฌ: ๊ณต๊ฒฉ์ž๊ฐ€ ํŒŒ์ด์ฌ Flask๋กœ CDN(์ฝ˜ํ…์ธ  ์ „์†ก ๋„คํŠธ์›Œํฌ) ์„œ๋ฒ„๋ฅผ ์—ด๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. ์ด ์•…์„ฑ ํ™•์žฅ ํ”„๋กœ๊ทธ๋žจ์€ ํŽ˜์ด์ง€๋ฅผ ์ด๋™ํ•  ๋•Œ๋งˆ๋‹ค ๊ณต๊ฒฉ์ž์—๊ฒŒ ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ ์ฝ˜ํ…์ธ  ํŒŒ์ผ์„ ์š”๊ตฌ๋ฅผ ํ•˜๊ฒŒ ๋˜๊ณ , ๊ณต๊ฒฉ์ž ์„œ๋ฒ„๋Š” ์ฝ˜ํ…์ธ ๋ฅผ ์ œ๊ณต์„ ํ•˜๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. ๊ทธ ์ œ๊ณต๋ฐ›๋Š” ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ ํŒŒ์ผ์—๋Š” ๋ฐ์ดํ„ฐ๋ฅผ ์ „์†กํ•˜๋Š” ajax ์Šคํฌ๋ฆฝํŠธ์™€ ๋ฌธ์„œ.. 2021. 12. 8.
ํŒŒ์ด์ฌ - base64๋ฅผ ์ด๋ฏธ์ง€ ํŒŒ์ผ๋กœ ์ €์žฅํ•˜๊ธฐ import base64 imgdata = base64.b64decode(imgstring) filename = 'some_image.jpg' # I assume you have a way of picking unique filenames with open(filename, 'wb') as f: f.write(imgdata) # f gets closed when you exit the with statement # Now save the value of filename to your database ์ถœ์ฒ˜: https://stackoverflow.com/questions/16214190/how-to-convert-base64-string-to-image/16214280 How to convert base6.. 2021. 12. 8.
์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ - canvas base64 ๋ฐ์ดํ„ฐ ์ถ”์ถœ var image = canvas.toDataURL("image/png").replace("image/png", "image/octet-stream"); // here is the most important part because if you dont replace you will get a DOM 18 exception. ์ถœ์ฒ˜: https://stackoverflow.com/questions/10673122/how-to-save-canvas-as-an-image-with-canvas-todataurl How To Save Canvas As An Image With canvas.toDataURL()? I'm currently building a HTML5 web app/Phonegap native app.. 2021. 12. 8.
ํŒŒ์ด์ฌ - ์—ฌ๋Ÿฌ๊ฐœ์˜ ๋ฌธ์ž์—ด ๋ณ€๊ฒฝํ•˜๊ธฐ import re txt = "Hi, my phone number is 089992654231. I am 34 years old. I live in 221B Baker Street. I have 1,000,000 in my bank account." def processString3(txt): txt = re.sub('[0-9]', 'X', txt) print(txt) processString3(txt) ์ถœ์ฒ˜: https://www.delftstack.com/ko/howto/python/python-replace-multiple-characters/ Python์—์„œ ๋ฌธ์ž์—ด์˜ ์—ฌ๋Ÿฌ ๋ฌธ์ž๋ฅผ ๋ฐ”๊พธ๋Š” ๋ฐฉ๋ฒ• ์ด ๊ธฐ์‚ฌ๋Š” Python์—์„œ ๋ฌธ์ž์—ด์˜ ์—ฌ๋Ÿฌ ๋ฌธ์ž๋ฅผ ๋ฐ”๊พธ๋Š” ๋ฐฉ๋ฒ•์„ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค. www.delftstack.com 2021. 12. 8.
์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ - html ์Šคํฌ๋ฆฐ์ƒทํ•˜๊ธฐ html2canvas https://html2canvas.hertzen.com/ html2canvas - Screenshots with JavaScript Try out html2canvas Test out html2canvas by rendering the viewport from the current page. Capture html2canvas.hertzen.com 2021. 12. 8.
728x90

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”