๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
728x90

๐ŸดCTF84

OWASP Juice Shop - ๋ฌธ์˜ํ•˜๊ธฐ Captcha Bypass (Broken Anti Automation) ๋ฌธ์˜ํ•˜๊ธฐ ํŽ˜์ด์ง€(/contact) ๊ตฌ์„ฑ๋„ ์‚ฌ์šฉ์ž๋กœ๋ถ€ํ„ฐ ํ‰์ ๊ณผ ๋Œ“๊ธ€์„ ์ž…๋ ฅ๋ฐ›๋Š”๋ฐ ํ•˜๋‹จ์— CAPTCHA ์ธ์ฆ์ด ํ•„์š”ํ•˜๋‹ค. ์บก์ฑ  ์š”์ฒญ REST API ๊ตฌ์กฐ (/rest/captcha/) ์„œ๋ฒ„์—์„œ ๋ฏธ๋ฆฌ ์บก์ฑ ๋ฅผ ์ƒ์„ฑํ•˜๋Š” SSR ๋ฐฉ์‹์ด ์•„๋‹Œ ํด๋ผ์ด์–ธํŠธ๊ฐ€ ํŽ˜์ด์ง€์— ๋“ค์–ด์˜ค๋ฉด ์บก์ฑ ๋ฅผ ์š”์ฒญํ•˜๋Š” CSR ๋ฐฉ์‹์ž„์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค. ๋”ฐ๋ผ์„œ ํด๋ผ์ด์–ธํŠธ๊ฐ€ "http://localhost:3000/rest/captcha/"๋กœ GET์„ ์š”์ฒญํ•˜๋ฉด ๋‹ค์Œ๊ณผ ๊ฐ™์€ ์‘๋‹ต์ด ์˜จ๋‹ค. {"captchaId":38,"captcha":"8*8-5","answer":"59"} ๋ณด๋‹ค์‹œํ”ผ ์บก์ฑ  ์•„์ด๋””, ๋ฌธ์ œ, ์ •๋‹ต์ด ๊ทธ๋Œ€๋กœ ์ „๋‹ฌ์ด ๋œ๋‹ค. ์บก์ฑ  ๊ฒ€์ฆ REST API ๊ตฌ์กฐ (/api/Feedbacks/) ์‚ฌ์šฉ์ž๊ฐ€ ์บก์ฑ ๋ฅผ ํ’€๊ณ  ์„œ๋ฒ„๋กœ๋ถ€ํ„ฐ ์š”์ฒญ์„ ํ•  ๋•Œ๋Š” "http:.. 2023. 9. 27.
CTF - PHP ๋ฒ„์ „๋ณ„ ํ…Œ์ŠคํŠธ ์‚ฌ์ดํŠธ(onlinephp.io) https://onlinephp.io/ PHP Sandbox - Execute PHP code online through your browser onlinephp.io ํƒ€์ž… ์ €๊ธ€๋ง์— ์ทจ์•ฝํ•œ 7 ์ดํ•˜ ๋ฒ„์ „๋ถ€ํ„ฐ ์ตœ์‹  ๋ฒ„์ „ 8๊นŒ์ง€ ์˜จ๋ผ์ธ์œผ๋กœ ๋ฐ”๋กœ๋ฐ”๋กœ ํ…Œ์ŠคํŠธ๊ฐ€ ๊ฐ€๋Šฅํ•˜๋‹ค. 2023. 9. 24.
CTF - ์œˆ๋„์šฐ ์Šคํƒ ๋ฒ„ํผ ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ ์˜ˆ์ œ(bof.c) bof.c #include #include #include void shell_code(){ printf("WELCOME SHELLCODE!"); system("cmd"); } int main(int argc, char **argv){ char buffer[12]; memset(buffer, 0x00, sizeof(buffer)); if(argc != 2){ printf("Usage : ./bof.exe data\n"); exit(-1); } strcpy(buffer, argv[1]); printf("sizeof %d \n", sizeof(argv[1])); printf("strlen %d \n", strlen(argv[1])); return 0; } compile gcc -m32 bof.c -o bof.. 2023. 9. 18.
DreamHack - [wargame.kr] strcmp ํ’€์ด fetch("http://host3.dreamhack.games:20758/", { "headers": { "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8", "accept-language": "ko-KR,ko;q=0.8", "cache-control": "max-age=0", "content-type": "application/x-www-form-urlencoded", "sec-gpc": "1", "upgrade-insecure-requests": "1" }, "referrer": "http://host3.dreamhack.games:20758/", "refe.. 2023. 9. 11.
XSS game - [6/6] Level 6: Follow the ๐Ÿ‡ 2023. 9. 10.
XSS game - [5/6] Level 5: Breaking protocol 2023. 9. 10.
XSS game - [4/6] Level 4: Context matters 3'); alert('1 2023. 9. 10.
XSS game - [3/6] Level 3: That sinking feeling... 2023. 9. 10.
XSS game - [2/6] Level 2: Persistence is key https://xss-game.appspot.com/level2 https://xss-game.appspot.com/level2 Oops! Based on your browser cookies it seems like you haven't passed the previous level of the game. Please go back to the previous level and complete the challenge. xss-game.appspot.com 2023. 9. 10.
XSS game - [1/6] Level 1: Hello, world of XSS https://xss-game.appspot.com/level1 XSS game: Level 1 xss-game.appspot.com 2023. 9. 10.
DreamHack - CSP Bypass Advanced ํ’€์ด ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ ์‹คํ–‰์ด ์•ˆ๋œ ์ด์œ  @app.after_request def add_header(response): global nonce response.headers['Content-Security-Policy'] = f"default-src 'self'; img-src https://dreamhack.io; style-src 'self' 'unsafe-inline'; script-src 'self' 'nonce-{nonce}'; object-src 'none'" nonce = os.urandom(16).hex() return response request ํ•  ๋•Œ๋งˆ๋‹ค ํ—ค๋”์— CSP(Content-Security-Policy)๊ฐ€ ๋ถ™๊ธฐ ๋•Œ๋ฌธ์ด๋‹ค. ๋” ์‚ดํŽด๋ณด์ž๋ฉด script-src๊ฐ€ self์ด๊ธฐ ๋•Œ๋ฌธ์— orig.. 2023. 9. 10.
DreamHack - chocoshop ํ’€์ด ์ทจ์•ฝ์  r.expire(used_coupon, timedelta(seconds=coupon['expiration'] - int(time()))) ์šฐ์„  ์ด๋ ‡๊ฒŒ ์‚ฌ์šฉํ•œ ์ฟ ํฐ์„ (์ฟ ํฐ๋งŒ๋ฃŒ์‹œ๊ฐ„ + ํ˜„์žฌ์‹œ๊ฐ„) ๋’ค์— ์ œ๊ฑฐํ•˜๋Š” ๊ฒƒ์ด ์ข€ ์ˆ˜์ƒํ–ˆ๊ณ  if coupon['expiration'] { var coupon = res.coupon; fetch(url+"/coupon/submit", { "headers": { "accept": "*/*", "accept-language": "ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7", "authorization": aut.. 2023. 9. 9.
728x90

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”