๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ

โœ’๏ธ Capture The Flag (CTF)17

[Dreamhack CTF Season 3] ROT128 Write Up ๐Ÿชฎ ROT128 Write Up 1. ๋ฌธ์ œ ์„ค๋ช… ํ™•์ธ ํ›„ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 2. ๋‹ค์šด๋ฐ›์€ rot128.py ํŒŒ์ผ ์˜คํ”ˆ ํ›„ ์ฝ”๋“œ ๋ถ„์„ โ‘  hex_list ์ดˆ๊ธฐํ™” hex_list = [(hex(i)[2:].zfill(2).upper()) for i in range(256)] ์ฝ”๋“œ ์„ค๋ช… range(256) 0๋ถ€ํ„ฐ 255๊นŒ์ง€์˜ ์ˆซ์ž ์ƒ์„ฑ hex(i) ์ •์ˆ˜ i๋ฅผ 16์ง„์ˆ˜ ๋ฌธ์ž์—ด๋กœ ๋ณ€ํ™˜ [2:] '0x' ์ œ๊ฑฐ ๋‚˜๋จธ์ง€ ๋ถ€๋ถ„์„ ๊ฐ€์ ธ์˜ด zfill(2) ๋ฌธ์ž์—ด์˜ ๊ธธ์ด๋ฅผ 2๋กœ ์„ค์ • upper() ํ•ด๋‹น ๋‚ด์šฉ ๋Œ€๋ฌธ์ž๋กœ ๋ณ€ํ™˜ โ‘ก ์›๋ณธ flag.png ํŒŒ์ผ ์ฝ๊ธฐ with open('flag.png', 'rb') as f: ใ…คใ…คplain_s = f.read() ++ flag.png ํŒŒ์ผ์„ ์ด์ง„ ๋ชจ๋“œ('rb': read binary)๋กœ .. 2023. 11. 26.
[UWSP Pointer Overflow CTF 2023] Unquestioned and Unrestrained Write Up ๐Ÿ‘จ‍๐Ÿ’ผ Unquestioned and Unrestrained Write Up 1. ๋ฌธ์ œ ์ˆ™์ง€ ํ›„ ์•”ํ˜ธ๋ฌธ ํ™•์ธ + ์•”ํ˜ธํ™” ๋ฐฉ์‹๊ณผ ํ‰๋ฌธ์„ ์•Œ๋ ค์ฃผ์ง€ ์•Š์€ ์ƒํƒœ์—์„œ ์•”ํ˜ธ๋ฌธ๋งŒ์„ ๋ณด๊ณ  ํ‰๋ฌธ์„ ์œ ์ถ”ํ•˜๋Š” ๋ฌธ์ œ ++ ์œ ์ผํ•œ ํžŒํŠธ๋Š” ๋ณดํŽธ์ ์ธ ์•”ํ˜ธํ™” ๋ฐฉ์‹์ด๋ผ๋Š” ๊ฒƒ! 2. ๊ฐ ์•”ํ˜ธํ™” ๋ฐฉ์‹์— ๋”ฐ๋ผ ๋ณตํ˜ธํ™”ํ•˜๊ธฐ ์œ„ํ•œ Python ์Šคํฌ๋ฆฝํŠธ ์ž‘์„ฑ # Base64 import base64 def base64_decode(encoded_text): ใ…คใ…คdecoded_bytes = base64.b64decode(encoded_text) ใ…คใ…คdecoded_text = decoded_bytes.decode('utf-8') ใ…คใ…คreturn decoded_text # ์ฃผ์–ด์ง„ ์•”ํ˜ธ๋ฌธ์— ๋Œ€ํ•ด Base64 ๋””์ฝ”๋”ฉ ์‹œ๋„ ciphertext = "cG9j.. 2023. 11. 12.
[Cake CTF 2023] Country DB - 92 Write Up ๐Ÿ›น Country DB - 92 Write Up 1. ๋ฌธ์ œ ํ™•์ธ ํ›„ ์ฝ”๋“œ ๊ฒ€์ƒ‰ ๋งํฌ๋กœ ์ ‘์† ++ 'CA' ์™€ 'KE' ์— ํ•ด๋‹นํ•˜๋Š” ๋‚˜๋ผ ์ด๋ฆ„์„ ์ฐพ์œผ๋ผ๋Š” ๋“ฏ 2. ์ฝ”๋“œ ๊ฒ€์ƒ‰ ๋งํฌ์—์„œ ๊ฐ ์ฝ”๋“œ์— ๋Œ€ํ•œ ๊ตญ๊ฐ€ ํ™•์ธ 3. FLAG ์–‘์‹์— ๋งž๊ฒŒ ์ž‘์„ฑ ํ›„ ์ œ์ถœ --> ๋ฌธ์ œ๊ฐ€ ํ•ด๊ฒฐ๋˜์ง€ ์•Š์Œ 4. ํ˜น์‹œ ์ฒจ๋ถ€ ํŒŒ์ผ์— ํžŒํŠธ๊ฐ€ ์žˆ์„๊นŒ ์‹ถ์–ด ์ฒจ๋ถ€ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 5. ํŒŒ์ผ ํƒ์ƒ‰ --> ์ฝ”๋“œ ๊ฒ€์ƒ‰ ์‚ฌ์ดํŠธ ์ƒ์„ฑ์„ ์œ„ํ•œ ํŒŒ์ผ๋กœ ์ถ”์ • 6. ํŒŒ์ผ์„ ๋ชจ๋‘ ์‚ดํŽด๋ณด์•˜์œผ๋‚˜ ์ถ”๊ฐ€์ ์ธ ํžŒํŠธ๋ฅผ ์–ป์ง€ ๋ชปํ•จ --> ๋ฌธ์ œ ํ•ด๊ฒฐ ์‹คํŒจ 2023. 11. 11.
[CSAW CTF 2023] Baby's First Write Up ๐Ÿ›น Baby's First Write Up 1. ๋ฌธ์ œ ํ™•์ธ ํ›„ ์ฒจ๋ถ€ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 2. ๋‹ค์šด๋ฐ›์€ babyfirst.py ํŒŒ์ผ์„ ์—ด์–ด ์ฝ”๋“œ ํ™•์ธ #!/usr/bin/env python3 # Reversing is hard. But....not always. # # Usually, you won't have access to source. # Usually, these days, programmers are also smart enough not to include sensitive data in what they send to customers.... # # But not always.... if input("What's the password? ") == "csawctf{w3_411_star7_5om3w.. 2023. 9. 16.
[Patriot CTF 2023] Python XOR Write Up ๐Ÿฆ„ Python XOR Write Up 1. ๋ฌธ์ œ ํ™•์ธ ํ›„ ์ฒจ๋ถ€ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 2. ๋‹ค์šด๋ฐ›์€ XOR.py ํŒŒ์ผ์„ ์—ด์–ด ์ฝ”๋“œ ๋ถ„์„ from string import punctuation # ํŠน์ˆ˜ ๋ฌธ์ž(punctuation)๋ฅผ ๊ฐ€์ ธ์™€ ์•ŒํŒŒ๋ฒณ๊ณผ ํŠน์ˆ˜ ๋ฌธ์ž์˜ ๋ฆฌ์ŠคํŠธ ์ƒ์„ฑ alphabet = list(punctuation) # ์•”ํ˜ธ๋ฌธ data = "bHEC_T]PLKJ{MW{AdW]Y" def main(): ใ…คใ…ค# ๋ณตํ˜ธํ™” ํ‚ค ์ •์˜ ใ…คใ…คkey = ('') ใ…คใ…ค# ๋ฐ์ดํ„ฐ๋ฅผ ๋ณตํ˜ธํ™”ํ•˜์—ฌ ํ‰๋ฌธ ์–ป๊ธฐ ใ…คใ…คdecrypted = ''.join([chr(ord(x) ^ ord(key)) for x in data]) ใ…คใ…ค# ๋ณตํ˜ธํ™”๋œ ๋ฉ”์‹œ์ง€ ์ถœ๋ ฅ ใ…คใ…คprint(decrypted) # main ํ•จ์ˆ˜๋ฅผ ์‹คํ–‰ํ•˜์—ฌ ๋ณตํ˜ธํ™” ์ˆ˜ํ–‰ main().. 2023. 9. 9.
[DownUnder CTF 2023] ๐• Write Up ๐ŸŽฌ ๐• Write Up 1. ๋ฌธ์ œ ํ™•์ธ ํ›„ ์•ˆ๋‚ด๋œ ๋งํฌ ํƒ์ƒ‰ ++ ์ด 3๊ฐœ์˜ ๋งํฌ ํ™•์ธ # ์ฒซ ๋ฒˆ์งธ ๋งํฌ(the) https://twitter.com/DownUnderCTF/status/1697304493409337835 # ๋‘ ๋ฒˆ์งธ ๋งํฌ(meme) https://twitter.com/DownUnderCTF/status/1697308270439051484 # ์„ธ ๋ฒˆ์งธ ๋งํฌ(dump) https://twitter.com/DownUnderCTF/status/1697312042821066846 2. ํ™•์ธํ•œ ๋งํฌ ์ค‘ ์ฒซ ๋ฒˆ์งธ ๋งํฌ์— ์ ‘์† 3. ๊ฒŒ์‹œ๋œ ์ด๋ฏธ์ง€๋“ค ์†์—์„œ FLAG ํ˜•์‹์˜ ๋ฌธ์ž์—ด ํ™•์ธ ๊ฐ€๋Šฅ 4. ํ™•์ธํ•œ ๋งํฌ ์ค‘ 2๋ฒˆ์งธ ๋งํฌ์— ์ ‘์† --> ๋งˆ์ฐฌ๊ฐ€์ง€๋กœ FLAG ํ˜•์‹์˜ ๋ฌธ์ž์—ด ๋ฐœ๊ฒฌ 5. ํ™•์ธํ•œ ๋งํฌ ์ค‘ 3๋ฒˆ.. 2023. 9. 4.

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”