๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
728x90

๐ŸดCTF/Root Me4

Root Me - TCP - Encoded string ๋ฌธ์ œ ๋‚ด์šฉ TCP ํ”„๋กœํ† ์ฝœ์„ ์‚ฌ์šฉํ•˜์—ฌ ์ด ํ…Œ์ŠคํŠธ๋ฅผ ์‹œ์ž‘ํ•˜๋ ค๋ฉด ๋„คํŠธ์›Œํฌ ์†Œ์ผ“์— ์žˆ๋Š” ํ”„๋กœ๊ทธ๋žจ์— ์—ฐ๊ฒฐํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ํ”„๋กœ๊ทธ๋žจ์—์„œ ๋ณด๋‚ธ ์ธ์ฝ”๋”ฉ๋œ ๋ฌธ์ž์—ด์„ ํ•ด๋…ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ํ”„๋กœ๊ทธ๋žจ์ด ๋ฌธ์ž์—ด์„ ๋ณด๋‚ธ ์ˆœ๊ฐ„๋ถ€ํ„ฐ 2์ดˆ ์ด๋‚ด์— ์ •๋‹ต์„ ๋ณด๋‚ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๋‹ต์€ ๋ฌธ์ž์—ด๋กœ ๋ณด๋‚ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ •๋‹ต ์ฝ”๋“œ """ To start this test using the TCP protocol, you need to connect to a program on a network socket. You must decode the encoded character string sent by the program. You have 2 seconds to send the correct answer from the moment the program sen.. 2024. 2. 16.
Root Me - TCP - Back to school ๋ฌธ์ œ ๋‚ด์šฉ ์ˆซ์ž 1์˜ ์ œ๊ณฑ๊ทผ์„ ๊ณ„์‚ฐํ•˜๊ณ  ์ˆซ์ž 2๋ฅผ ๊ณฑํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฐ ๋‹ค์Œ ๊ฒฐ๊ณผ๋ฅผ ์†Œ์ˆ˜์  ์ดํ•˜ ๋‘ ์ž๋ฆฌ๋กœ ๋ฐ˜์˜ฌ๋ฆผํ•ฉ๋‹ˆ๋‹ค. ํ”„๋กœ๊ทธ๋žจ์ด ๊ณ„์‚ฐ์„ ๋ณด๋‚ธ ์ˆœ๊ฐ„๋ถ€ํ„ฐ 2์ดˆ ์ด๋‚ด์— ์ •๋‹ต์„ ๋ณด๋‚ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๋‹ต์€ ๋‹ค์Œ๊ณผ ๊ฐ™์€ ํ˜•์‹์œผ๋กœ ๋ณด๋‚ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ •๋‹ต ์ฝ”๋“œ """ To start this test using the TCP protocol, you need to connect to a program on a network socket. Calculate the square root of number 1 and multiply by number 2. Then round the result to two decimal places. You have 2 seconds to send the correct answer from the .. 2024. 2. 16.
Root Me - Encoding - ASCII ๋ฌธ์ œ ๋‚ด์šฉ 4C6520666C6167206465206365206368616C6C656E6765206573743A203261633337363438316165353436636436383964356239313237356433323465 ํžŒํŠธ ์ •๋‹ต ๋ฌธ์ž์—ด์„ ๋‘ ๊ฐœ์”ฉ ๋ถ„๋ฆฌํ•ด์„œ 16์ง„์ˆ˜ ๋ฌธ์ž๋ฅผ ASCII๋กœ ๋ณ€ํ™˜ s = "4C6520666C6167206465206365206368616C6C656E6765206573743A203261633337363438316165353436636436383964356239313237356433323465" a, b = 0, 2 for i in range( len(s)//2 ): c = ( s[ a + (i*2) : b + (i*2) ] ) print( chr( int(c, 16) ).. 2024. 2. 16.
Root Me - CSP Bypass - Inline code Home ํŽ˜์ด์ง€ ํ™ˆ ํŽ˜์ด์ง€์—๋Š” ์ž…๋ ฅ์ฐฝ์ด ๋ณด์ด๊ณ  ์•„๋ž˜์™€ ๊ฐ™์ด ๋ฌธ์ž๋ฅผ ์ž…๋ ฅํ•˜๋ฉด ํŽ˜์ด์ง€์— ๋ฐ˜์˜๋œ๋‹ค. ํŽ˜์ด์ง€ ๋‚ด์šฉ์„ ๋ณด๋ฉด ํ”Œ๋ž˜๊ทธ ๊ฐ’์ด ๋ด‡๋งŒ ํ™•์ธ์ด ๊ฐ€๋Šฅํ•˜๋„๋ก ์„ค์ •์ด ๋˜์–ด์žˆ๋‹ค๊ณ  ํ•œ๋‹ค. ๋˜ํ•œ CSP๊ฐ€ ์„ค์ •์ด ๋˜์–ด XSS๋Š” ๋ถˆ๊ฐ€ํ•˜๋‹ค๊ณ  ์ ํ˜€์žˆ๋‹ค. ๋งŒ์•ฝ ๋ฐฉ๊ธˆ ์ „ ์ž…๋ ฅ์ฐฝ์—๋‹ค ํƒœ๊ทธ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ์—๋Ÿฌ ํŽ˜์ด์ง€๊ฐ€ ์ถœ๋ ฅ์ด ๋œ๋‹ค. ์—๋Ÿฌ ์›์ธ์€ "Content-Security-Policy"๊ฐ€ ์„ค์ •์ด ๋˜์–ด ์žˆ๊ธฐ ๋•Œ๋ฌธ์ด๋‹ค. connect-src 'none'; font-src 'none'; frame-src 'none'; img-src 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'unsafe-inline'; style-src 'self.. 2024. 2. 15.
728x90

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”