๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ

โœ’๏ธ Capture The Flag (CTF)17

[HSpace CTF 2023] HSpace Free Board Write Up ๐Ÿซ HSpace Free Board Write Up 1. ๋ฌธ์ œ ํ™•์ธ ํ›„ ์•ˆ๋‚ด๋œ ๋งํฌ๋กœ ์ ‘์† ++ BlackBox ๋ฌธ์ œ๋ž€? CTF (Capture The Flag) ๋Œ€ํšŒ์—์„œ "BlackBox ๋ฌธ์ œ"๋ž€ ์ฐธ๊ฐ€์ž์—๊ฒŒ ์ฃผ์–ด์ง„ ์‹œ์Šคํ…œ, ์„œ๋น„์Šค ๋˜๋Š” ํ”„๋กœ๊ทธ๋žจ์— ๋Œ€ํ•œ ๋‚ด๋ถ€ ๋™์ž‘ ๋˜๋Š” ์†Œ์Šค ์ฝ”๋“œ์™€ ๊ฐ™์€ ๊ตฌ์ฒด์ ์ธ ์ •๋ณด ์—†์ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•ด์•ผ ํ•˜๋Š” ์œ ํ˜•์˜ ๋ณด์•ˆ ๋ฌธ์ œ๋ฅผ ์˜๋ฏธํ•œ๋‹ค. 2. ์ž„์˜์˜ ๊ณ„์ •์„ ์ƒ์„ฑํ•˜์—ฌ ํšŒ์› ๊ฐ€์ž… --> ํšŒ์› ๊ฐ€์ž… ํ›„ ๋‹ค์‹œ ๋กœ๊ทธ์ธ ์ฐฝ์ด ๋œฌ๋‹ค 3. ๊ฐ€์ž…ํ•œ ๊ณ„์ •์œผ๋กœ ๋กœ๊ทธ์ธ 4. ์ตœํ•˜๋‹จ์˜ Post ๋ฒ„ํŠผ์„ ๋ˆŒ๋Ÿฌ ๊ธ€์“ฐ๊ธฐ --> ์ •์ƒ์ ์œผ๋กœ ํฌ์ŠคํŒ…๋œ ๊ฒƒ์„ ํ™•์ธ 5. URL ์กฐ์ž‘์„ ํ†ตํ•ด ๊ฒฝ๊ณ ์ฐฝ ๋„์šฐ๊ธฐ ์‹œ๋„ --> ์Šคํฌ๋ฆฝํŠธ๊ฐ€ ์„ฑ๊ณต์ ์œผ๋กœ ์ ์šฉ๋จ์„ ํ™•์ธ # ์ž‘์„ฑํ•œ URL http://cat.moe:8004/read.php?i.. 2023. 9. 2.
[Hero CTF v5] Hyper Loop Write Up # Hyper Loop Write Up 1. ๋ฌธ์ œ ํ™•์ธ ํ›„ ์ฒจ๋ถ€ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ --> ์ œ๊ณต๋œ Python ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์›๋ž˜ ํ”Œ๋ž˜๊ทธ๋ฅผ ๋ณต๊ตฌํ•˜๋Š” ๋ฌธ์ œ์ž„์„ ํŒŒ์•…ํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค. 2. hyper_loop.py ํŒŒ์ผ์„ ์—ด์–ด ์ฝ”๋“œ ๋ถ„์„ from os import urandom flag = bytearray(b"Hero{????????????}") assert len(flag) == 18 for _ in range(32): for i, c in enumerate(urandom(6) * 3): flag[i] = flag[i] ^ c print(f"{flag = }") """ $ python3 hyper_loop.py flag = bytearray(b'\x05p\x07MS\xfd4eFPw\xf9}%\x05\x03\.. 2023. 5. 14.
[PwnMe CTF 2023] Tree Viewer WriteUp # Tree Viewer WriteUp 1. ๋จผ์ € ๋ฌธ์ œ๋ฅผ ํ™•์ธํ•œ ํ›„, ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์—ด์–ด ์›นํŽ˜์ด์ง€๋กœ ์ ‘์† 2. ์ ‘์† ํ›„ ์•„๋ž˜์™€ ๊ฐ™์€ ํ™”๋ฉด์„ ํ™•์ธ 3. ์‚ฌ์šฉ์ž ์ž…๋ ฅ๋ž€์— '12', '/hoho/23'์ด๋ผ๋Š” ๊ฐ’์„ ์ž…๋ ฅํ•ด๋ณธ ๊ฒฐ๊ณผ ์•„๋ž˜์™€ ๊ฐ™์€ ์ถœ๋ ฅ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์—ˆ๋‹ค. 4. ๋ฉ”์ธ ํ™”๋ฉด์˜ Source code ๋ถ€๋ถ„์„ ์—ด์–ด ์ฝ”๋“œ๋ฅผ ํ™•์ธํ•˜์˜€๋‹ค. Source code Directory to check 2023. 5. 7.
[PwnMe CTF 2023] Just a XOR WriteUp # Just a XOR WriteUp 1. ๋ฌธ์ œ๋ฅผ ํ™•์ธํ•˜๊ณ , ํ•˜๋‹จ์˜ ํŒŒ์ผ์„ ๋‹ค์šด๋ฐ›์•˜๋‹ค. + ๋ฌธ์ œ๋ฅผ ์ฝ์–ด๋ณด๋‹ˆ ์•”ํ˜ธํ™” ์•Œ๊ณ ๋ฆฌ์ฆ˜๊ณผ ํ›ผ์†๋œ ์›๋ณธ ๋ฉ”์‹œ์ง€, ๊ทธ๋ฆฌ๊ณ  ์•”ํ˜ธ๋ฌธ์„ ํ†ตํ•ด ์™„์ „ํ•œ ํ‰๋ฌธ์„ ๋ณต๊ตฌํ•ด๋‚ด๋Š” ๋ฌธ์ œ๊ฐ™๋‹ค. 2. ๋‹ค์šด๋ฐ›์€ ์••์ถ•ํŒŒ์ผ ์•ˆ์—๋Š” ์ด 3๊ฐ€์ง€์˜ ํŒŒ์ผ์ด ์žˆ์—ˆ๋‹ค. 3. ๋จผ์ € encrypt ํŒŒ์ผ์„ ๋จผ์ € ํ™•์ธํ•ด๋ณด๊ณ , ์ฝ”๋“œ๋ฅผ ๋ถ„์„ํ•ด๋ณด์•˜๋‹ค. + : random๊ณผ itertools ๋ชจ๋“ˆ์„ import + : original-message.txt ํŒŒ์ผ์˜ ๋‚ด์šฉ์„ ์ฝ์–ด์™€ MESSAGE ๋ณ€์ˆ˜์— ์ €์žฅ + : ์ด 16๊ฐœ์˜ ๋‚œ์ˆ˜๋ฅผ ์ƒ์„ฑํ•˜๋ฉฐ SECRET ๋ฆฌ์ŠคํŠธ์— ์ €์žฅ --> ๋‚œ์ˆ˜๋Š” 0๋ถ€ํ„ฐ 0x2600์„ ๋‚˜๋ˆˆ ๋‚˜๋จธ์ง€ ๊ฐ’์œผ๋กœ ์ƒ์„ฑ + : ์•”.. 2023. 5. 6.
[UMass CTF 2023] wrathsweatingbuddha WriteUp (Unsolved) # [UMass CTF 2023] wrathsweatingbuddha WriteUp 1. ๋ฌธ์ œ ํ™•์ธ ํ›„ ์ฒจ๋ถ€ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 2. ๋ฌธ์ œ์— ์ฒจ๋ถ€๋œ ํŒŒ์ด์ฌ ํŒŒ์ผ์„ ์—ด์–ด ์ฝ”๋“œ ๋ถ„์„ + [Line 7 ~ 8] : Crypto ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ --> ์•”ํ˜ธํ™” ํ•จ์ˆ˜ ์ œ๊ณต : secrets ๋ชจ๋“ˆ & randbelow ํ•จ์ˆ˜ --> ๋‚œ์ˆ˜ ์ƒ์„ฑ ๋ฐ ๋žœ๋คํ•œ ์ •์ˆ˜ ๋ฐ˜ํ™˜ + [Line 7 ~ 8] : flag.txt ํŒŒ์ผ์„ ์ฝ์–ด๋“ค์ธ ํ›„ FLAG ๋ณ€์ˆ˜์— ์ €์žฅ --> [::-1] ๊ตฌ๋ฌธ์„ ์ด์šฉํ•˜์—ฌ ์ด์ง„ ๋ฐ์ดํ„ฐ๋ฅผ ์—ญ์ˆœ์œผ๋กœ ์ €์žฅ + [Line 91 ~ 96] : __init__ ํ•จ์ˆ˜ ์ž‘๋™ ๋ฐฉ์‹ โ‘  512๋น„ํŠธ ์†Œ์ˆ˜ P, Q๋ฅผ ์ƒ์„ฑ โ‘ก P์™€ Q๋ฅผ ๊ณฑํ•ด N ๊ณ„์‚ฐ โ‘ข G๋ฅผ ๋ฌด์ž‘์œ„ ๋‚œ์ˆ˜๋กœ ์ƒ์„ฑ ํ›„ ์ง€์ • (๋‹จ, G < N์˜ ์ œ๊ณฑ) โ‘ฃ L๊ณผ N์— ๋Œ€ํ•œ ์—ญ์›(.. 2023. 3. 25.
[Line CTF 2023] Malcheeeeese WriteUp (Unsolved) # [Line CTF 2023] Malcheeeeese WriteUp 1. ๋ฌธ์ œ ํ™”๋ฉด์— ๋“ค์–ด๊ฐ€ ๋ฌธ์ œ ํ™•์ธ ๋ฐ ์ฒจ๋ถ€ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 2. ํŒŒ์ผ ์†์˜ challenge_server.py๋ฅผ ์—ด์–ด ๋ถ„์„ + [Line 1 ~ 3] : 'server' ๋ชจ๋“ˆ์—์„œ 'decrypt', 'generate_new_auth_token' ํ•จ์ˆ˜ import + 'BaseRequestHandler', 'TCPServer', 'ForkingMixIn' ํด๋ž˜์Šค import + [Line 5] : ์‚ฌ์šฉํ•  ์„œ๋ฒ„์˜ ์ฃผ์†Œ ์„ค์ • + [Line 9 ~ 13] : ChallengeHandler ํด๋ž˜์Šค --> 'BaseRequestHandler' ํด๋ž˜์Šค ์ƒ์† + ์‚ฌ์šฉ์ž ์š”์ฒญ ์ฒ˜๋ฆฌ ์—ญํ•  ๋‹ด๋‹น + [Line 15 ~ 36] : handle ๋ฉ”์†Œ๋“œ --> .. 2023. 3. 25.

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”