๐Ÿ”’ CTF (Dreamhack)/Web Hacking (์›นํ•ดํ‚น)

[DreamHack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น : Carve Party

์„ ๋‹ฌ 2023. 7. 27. 19:57
๋ฐ˜์‘ํ˜•

https://dreamhack.io/wargame/challenges/96/

 

Carve Party

Description ํ• ๋กœ์œˆ ํŒŒํ‹ฐ๋ฅผ ๊ธฐ๋…ํ•˜๊ธฐ ์œ„ํ•ด ํ˜ธ๋ฐ•์„ ์ค€๋น„ํ–ˆ์Šต๋‹ˆ๋‹ค! ํ˜ธ๋ฐ•์„ 10000๋ฒˆ ํด๋ฆญํ•˜๊ณ  ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”!

dreamhack.io

 

๋ฌธ์ œํŒŒ์ผ ์—ฌ๋Š”๋ฒ•

๋ฌธ์ œํŒŒ์ผ์„ ๋‹ค์šด๋กœ๋“œํ•˜๊ณ  ์••์ถ•์„ ํ’€๋ฉด .html ํŒŒ์ผ ํ•˜๋‚˜๊ฐ€ ๋‚˜์˜จ๋‹ค.

์ด๋ฅผ ๋ธŒ๋ผ์šฐ์ €(์›จ์ผ, ํฌ๋กฌ, ์‚ฌํŒŒ๋ฆฌ ๋“ฑ)์— ๋Œ์–ด์˜ค๋ฉด ํŒŒ์ผ์ด ์—ด๋ฆฐ๋‹ค

 

ํ’€์ด

 

ํ˜ธ๋ฐ•์„ 10000๋ฒˆ ํด๋ฆญํ•˜๋ฉด ํ”Œ๋ž˜๊ทธ๋ฅผ ๋ฐ›์„ ์ˆ˜ ์žˆ๋‹ค๊ณ  ํ•œ๋‹ค.

 

์ฒ˜์Œ์€ ์‰ฝ๊ฒŒ ๊ฐœ๋ฐœ์ž ๋„๊ตฌ๋ฅผ ์—ด์–ด์„œ ์ฝ”๋“œ๋ฅผ ์‚ดํŽด๋ณด์ž

F12 -> source

var pumpkin = [ 124, 112, 59, 73, 167, 100, 105, 75, 59, 23, 16, 181, 165, 104, 43, 49, 118, 71, 112, 169, 43, 53 ];
var counter = 0;
var pie = 1;

function make() {
  if (0 < counter && counter <= 1000) {
    $('#jack-nose').css('opacity', (counter) + '%');
  }
  else if (1000 < counter && counter <= 3000) {
    $('#jack-left').css('opacity', (counter - 1000) / 2 + '%');
  }
  else if (3000 < counter && counter <= 5000) {
    $('#jack-right').css('opacity', (counter - 3000) / 2 + '%');
  }
  else if (5000 < counter && counter <= 10000) {
    $('#jack-mouth').css('opacity', (counter - 5000) / 5 + '%');
  }

  if (10000 < counter) {
    $('#jack-target').addClass('tada');
    var ctx = document.querySelector("canvas").getContext("2d"),
    dashLen = 220, dashOffset = dashLen, speed = 20,
    txt = pumpkin.map(x=>String.fromCharCode(x)).join(''), x = 30, i = 0;

    ctx.font = "50px Comic Sans MS, cursive, TSCu_Comic, sans-serif"; 
    ctx.lineWidth = 5; ctx.lineJoin = "round"; ctx.globalAlpha = 2/3;
    ctx.strokeStyle = ctx.fillStyle = "#1f2f90";

    (function loop() {
      ctx.clearRect(x, 0, 60, 150);
      ctx.setLineDash([dashLen - dashOffset, dashOffset - speed]); // create a long dash mask
      dashOffset -= speed;                                         // reduce dash length
      ctx.strokeText(txt[i], x, 90);                               // stroke letter

      if (dashOffset > 0) requestAnimationFrame(loop);             // animate
      else {
        ctx.fillText(txt[i], x, 90);                               // fill final letter
        dashOffset = dashLen;                                      // prep next char
        x += ctx.measureText(txt[i++]).width + ctx.lineWidth * Math.random();
        ctx.setTransform(1, 0, 0, 1, 0, 3 * Math.random());        // random y-delta
        ctx.rotate(Math.random() * 0.005);                         // random rotation
        if (i < txt.length) requestAnimationFrame(loop);
      }
    })();
  }
  else {
    $('#clicks').text(10000 - counter);
  }
}

$(function() {
  $('#jack-target').click(function () {
    counter += 1;
    if (counter <= 10000 && counter % 100 == 0) {
      for (var i = 0; i < pumpkin.length; i++) {
        pumpkin[i] ^= pie;
        pie = ((pie ^ 0xff) + (i * 10)) & 0xff;
      }
    }
    make();
  });
});

 

counter ๋ผ๋Š” ๋ณ€์ˆ˜๊ฐ€ 10000์ด ๋˜๋ฉด ๋  ๊ฒƒ ๊ฐ™๋‹ค.

console ํƒญ์„ ์—ด์–ด์„œ ์ด ๋ณ€์ˆ˜๋ฅผ ์ง์ ‘ 9000์œผ๋กœ ๋ฐ”๊ฟ”์ฃผ์—ˆ๋‹ค.

 

์ž˜ ์ž‘๋™ํ•˜๋Š” ๊ฒƒ ๊ฐ™์•„์„œ ๋ฐ”๋กœ 10000์œผ๋กœ ๋ฐ”๊ฟ”๋ดค๋Š”๋ฐ..

 

๋ญ”๊ฐ€ ์ด์ƒํ•˜๋‹ค.

 

์•„๋ฌด๋ž˜๋„ ๋ฐ”๋กœ ์ ‘๊ทผํ•˜๋Š”๊ฑด ๋ถˆ๊ฐ€๋Šฅํ•  ๊ฒƒ ๊ฐ™๋‹ค.

์‹ค์ œ๋กœ ์‚ฌ๋žŒ์ด ๋ˆ„๋ฅด๋Š” ๊ฒƒ ์ฒ˜๋Ÿผ 1์”ฉ ์ฆ๊ฐ€์‹œ์ผœ์•ผ ํ•  ๊ฒƒ ๊ฐ™๋‹ค.

 

function mecro() {
  $('#jack-target').click(function () {
    counter += 1;
    if (counter <= 10000 && counter % 100 == 0) {
      for (var i = 0; i < pumpkin.length; i++) {
        pumpkin[i] ^= pie;
        pie = ((pie ^ 0xff) + (i * 10)) & 0xff;
      }
    }
    make();
  }
  
  for(let i=0; i<10000; i++) {
  	mecro();
  }

์†Œ์Šค์ฝ”๋“œ ์†์— ์žˆ๋Š” ํด๋ฆญ์‹œ ๋ฐœ์ƒํ•˜๋Š” ํ•จ์ˆ˜๋ฅผ ๊ทธ๋Œ€๋กœ ๋ณต๋ถ™ํ•ด์„œ mecro๋ผ๋Š” ์ด๋ฆ„์„ ๋ถ™์—ฌ์„œ ์„ ์–ธํ•ด์ฃผ์—ˆ๋‹ค.

๊ทธ ํ›„ ์ด ํ•จ์ˆ˜๋ฅผ ๋งŒ๋ฒˆ ์‹คํ–‰์‹œ์ผœ์ฃผ๋ฉด

 

์„ฑ๊ณต

๋ฐ˜์‘ํ˜•