๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ

dreamhack19

[Dreamhack] Basic_Crypto1 ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด โค๏ธ Basic_Crypto1 ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด 1. ๋ฌธ์ œ์— ๋Œ€ํ•œ ์„ค๋ช…์„ ์ฝ์€ ํ›„ ๋ฌธ์ œ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ ++ Roman Emperor's Cipher (์‹œ์ € ์•”ํ˜ธ๋ž€?) ์‹œ์ € ์•”ํ˜ธ(Caesar cipher)๋Š” ๊ฐ€์žฅ ๊ฐ„๋‹จํ•œ ๋Œ€์น˜ ์•”ํ˜ธ(substitution cipher) ์ค‘ ํ•˜๋‚˜๋กœ, ๋กœ๋งˆ์˜ ํ™ฉ์ œ ์‹œ์ €๊ฐ€ ์‚ฌ์šฉํ–ˆ๋‹ค๊ณ  ์ „ํ•ด์ง€๋Š” ์•”ํ˜ธํ™” ๋ฐฉ๋ฒ•์ด๋‹ค. ์‹œ์ € ์•”ํ˜ธ(Caesar cipher)๋Š” ๊ฐ ๊ธ€์ž๋ฅผ ์ผ์ •ํ•œ ๊ฑฐ๋ฆฌ๋งŒํผ ๋ฐ€์–ด์„œ ์•”ํ˜ธํ™”ํ•˜๋Š” ๋ฐฉ์‹์œผ๋กœ ์ž‘๋™ํ•˜๋ฉฐ, ์•”ํ˜ธํ™” ๋ฐ ๋ณตํ˜ธํ™” ๊ณต์‹์€ ์•„๋ž˜์™€ ๊ฐ™๋‹ค. ๊ณต์‹์—์„œ n์€ ์•”ํ˜ธํ‚ค๋ฅผ, x ๋Š” ํ‰๋ฌธ ์•ŒํŒŒ๋ฒณ์˜ ์œ„์น˜(0 ~ 25)๋ฅผ ๋‚˜ํƒ€๋‚ธ๋‹ค. ์•”ํ˜ธํ™” ๋ณตํ˜ธํ™” E(x) = (x + n) % 26 D(x) = (x - n + 26) % 26 2. ๋‹ค์šด๋ฐ›์€ encode.txt ํŒŒ์ผ ์˜คํ”ˆ --> .. 2023. 8. 16.
[Dreamhack] Web-Deserialize-Python ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด ๐Ÿฆ Web-Deserialize-Python ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด 1. ๋ฌธ์ œ์— ๋Œ€ํ•œ ์„ค๋ช…์„ ์ฝ์€ ํ›„ ๋ฌธ์ œ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 2. ๋‹ค์šด๋ฐ›์€ app.py ํŒŒ์ผ ์˜คํ”ˆ ํ›„ ์ฝ”๋“œ ๋ถ„์„ 2 - 1. ํ•„์š”ํ•œ ํ”„๋ ˆ์ž„์›Œํฌ์™€ ๋ชจ๋“ˆ ๊ฐ€์ ธ์˜ค๊ธฐ #!/usr/bin/env python3 from flask import Flask, request, render_template, redirect import os, pickle, base64 ์ฝ”๋“œ ์„ค๋ช… Flask ํ”„๋ ˆ์ž„์›Œํฌ ์›น ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜ ๊ฐœ๋ฐœ ๋ฐ ์‹คํ–‰์— ํ•„์š” OS ๋ชจ๋“ˆ ์šด์˜์ฒด์ œ ๊ด€๋ จ ๊ธฐ๋Šฅ ์ˆ˜ํ–‰ Pickle Python ๊ฐ์ฒด ์ง๋ ฌํ™” & ์—ญ์งˆ๋ ฌํ™” Base64 ๋ฐ์ดํ„ฐ์˜ Base64 ํ˜•์‹ ์ธ์ฝ”๋”ฉ & ๋””์ฝ”๋”ฉ 2 - 2. Flask ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜ ๋ฐ ์‹œํฌ๋ฆฟ ํ‚ค ์ƒ์„ฑ app = Flask(__n.. 2023. 8. 15.
[Dreamhack] Command-Injection-ChatGPT ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด ๐ŸŽ Command-Injection-ChatGPT ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด 1. ๋ฌธ์ œ์— ๋Œ€ํ•œ ์„ค๋ช…์„ ์ฝ์€ ํ›„ ์„œ๋ฒ„ ์ƒ์„ฑ 2. ์ƒ์„ฑ๋œ ๋งํฌ๋กœ ์ ‘์† ํ›„ Ping ๋ฉ”๋‰ด๋กœ ์ด๋™ 3. ์ž…๋ ฅ๋ž€์— ์•„๋ฌด ๊ฐ’์ด๋‚˜ ์ž…๋ ฅ --> Error ๋ฌธ์ด ์ถœ๋ ฅ๋˜๋ฉฐ ๋ช…๋ น์–ด ํ˜•์‹ ํ™•์ธ ๊ฐ€๋Šฅ 4. ; ls ๋ฅผ ์ž…๋ ฅ๋ž€์— ๋„ฃ๊ณ  Ping! ํด๋ฆญ --> ์กด์žฌํ•˜๋Š” ํŒŒ์ผ ๋ชฉ๋ก ํ™•์ธ ๊ฐ€๋Šฅ 5. cat ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ flag.py ํŒŒ์ผ ์—ด๊ธฐ --> FLAG ํ™•์ธ ๊ฐ€๋Šฅ 2023. 8. 15.
[Dreamhack] Flying Chars ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด ๐Ÿฆ‹ Flying Chars ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด 1. ๋ฌธ์ œ์— ๋Œ€ํ•œ ์„ค๋ช…์„ ์ฝ์€ ํ›„ ๋ฌธ์ œ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 2. ๋ฌธ์ œ ํ™”๋ฉด์—์„œ ์„œ๋ฒ„๋ฅผ ์ƒ์„ฑํ•˜๊ณ , ์•ˆ๋‚ด๋œ ๋งํฌ๋กœ ์ ‘์† ๊ธ€์ž๋“ค์ด ์•„์ฃผ ํ™œ๊ธฐ์ฐจ๊ฒŒ ์›€์ง์ด๋Š” ๊ฒƒ์„ ๋ณผ ์ˆ˜ ์žˆ๋‹ค...^^ 3. F12 ๋‹จ์ถ•ํ‚ค๋ฅผ ํด๋ฆญํ•˜์—ฌ ๊ฐœ๋ฐœ์ž ๋„๊ตฌ ์—ด๊ธฐ 4. ๊ธ€์ž๋“ค์˜ ์›€์ง์ด๋Š” ์†๋„์™€ ๊ด€๋ จ๋œ ์ฝ”๋“œ๋ฅผ ๋ฐœ๊ฒฌ for(var i=0; i 2023. 8. 13.
[Dreamhack] Session ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด ๐ŸŽž๏ธ Session ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด 1. ๋ฌธ์ œ์— ๋Œ€ํ•œ ์„ค๋ช…์„ ์ฝ์€ ํ›„ ๋ฌธ์ œ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 2. ๋‹ค์šด๋ฐ›์€ app.py ํŒŒ์ผ ์˜คํ”ˆ ํ›„ ์ฝ”๋“œ ๋ถ„์„ #!/usr/bin/python3 from flask import Flask, request, render_template, make_response, redirect, url_for app = Flask(__name__) try: FLAG = open('./flag.txt', 'r').read() except: FLAG = '[**FLAG**]' ์ฝ”๋“œ ์„ค๋ช… from flask import Flask, request, render_template, make_response, redirect, url_for ์›น ์„œ๋ฒ„ ์ƒ์„ฑ, ์š”์ฒญ ์ฒ˜๋ฆฌ, ํ…œํ”Œ๋ฆฟ ๋ Œ๋”๋ง ๋“ฑ์— ํ•„.. 2023. 8. 12.
[Dreamhack] funjs ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด 7 - 0 - 2. funjs ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด # funjs ๋“œ๋ฆผํ•ต ์›Œ๊ฒŒ์ž„ ๋ฌธ์ œ ํ’€์ด 1. ๋ฌธ์ œ ์ •๋ณด ํ™•์ธ ํ›„ ๋ฌธ์ œ ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ 2. index.html ํŽ˜์ด์ง€๋กœ ์ ‘์† ํ›„ ์ž…๋ ฅ๋ž€์— hello ์ž…๋ ฅ + ์œ„ ํ˜•์‹์ด ๋นˆ ํŽ˜์ด์ง€ ๋‚ด์—์„œ ์œ„์น˜๋ฅผ ๋ฐ”๊ฟ”๊ฐ€๋ฉฐ ์ถœ๋ ฅ๋จ์„ ํ™•์ธ + ์ž˜๋ชป๋œ ๊ฐ’์„ ์ž…๋ ฅํ•˜๋ฉด 'NOP!'์ด ์ถœ๋ ฅ๋จ 3. F12 ๋‹จ์ถ•ํ‚ค๋ฅผ ํ†ตํ•ด ๊ฐœ๋ฐœ์ž ๋„๊ตฌ ์˜คํ”ˆ ํ›„ ์ฝ”๋“œ ๋ถ„์„ + > : _0x374fd6(0x17c) (=length)์˜ ๊ฐ’์ด 0x24( = 10์ง„์ˆ˜ ํ‘œ๊ธฐ๋กœ๋Š” 36 )์ด ์•„๋‹ ๊ฒฝ์šฐ --> ํ•จ์ˆ˜ ๋ฆฌํ„ด + > : ์ž‘์„ฑ๋œ for๋ฌธ์€ 0 ~ Flag์˜ ์ „์ฒด ๊ธธ์ด -1 ๊นŒ์ง€ ๋ฐ˜๋ณต + > : 'input ๋ฌธ์ž์—ด์˜ index๊ฐ’ = operator ๊ฐ’'์ธ ๊ฒฝ์šฐ์— 'NOP!'(=_0x374fd6(0x185)) .. 2022. 11. 15.

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”