๋ฐ˜์‘ํ˜•

๐Ÿ”’ Cyber Security/Web Hacking (์›นํ•ดํ‚น) 20

[Dreamhack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น: simple_sqli_chatgpt

https://dreamhack.io/wargame/challenges/769 simple_sqli_chatgpt ์–ด๋”˜๊ฐ€ ์ด์ƒํ•œ ๋กœ๊ทธ์ธ ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. SQL INJECTION ์ทจ์•ฝ์ ์„ ํ†ตํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt, FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. chatGPT์™€ ํ•จ๊ป˜ ํ’€์–ด๋ณด์„ธ์š”! Reference Server-side Basic dreamhack.io ๋ฌธ์ œ์„ค๋ช… ์–ด๋”˜๊ฐ€ ์ด์ƒํ•œ ๋กœ๊ทธ์ธ ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. SQL INJECTION ์ทจ์•ฝ์ ์„ ํ†ตํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt, FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. chatGPT์™€ ํ•จ๊ป˜ ํ’€์–ด๋ณด์„ธ์š”! ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import Flask, request, render_template, g import..

[Dreamhack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น: simple-ssti

https://dreamhack.io/wargame/challenges/39 simple-ssti ์กด์žฌํ•˜์ง€ ์•Š๋Š” ํŽ˜์ด์ง€ ๋ฐฉ๋ฌธ์‹œ 404 ์—๋Ÿฌ๋ฅผ ์ถœ๋ ฅํ•˜๋Š” ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. SSTI ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt, FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. Reference Server-side Basic dreamhack.io ๋ฌธ์ œ์„ค๋ช… ์กด์žฌํ•˜์ง€ ์•Š๋Š” ํŽ˜์ด์ง€ ๋ฐฉ๋ฌธ์‹œ 404 ์—๋Ÿฌ๋ฅผ ์ถœ๋ ฅํ•˜๋Š” ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. SSTI ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt, FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. ํ’€์ด SSTI์— ๋Œ€ํ•ด์„œ ์•Œ๊ณ  ์žˆ์–ด์•ผํ•˜๋Š” ๋ฌธ์ œ. ๋˜ Flask์— ๋Œ€ํ•œ ๋ฐฐ๊ฒฝ ์ง€์‹๋„ ํ•„์š”ํ•˜๋‹ค ํ•„์ž๋Š” Flask๋ฅผ ์ด์šฉํ•ด๋ณธ ์ ์ด ์žˆ์–ด์„œ (์ •๋ง ๊ฐ„๋‹จํ•œ ๋ธ”๋กœ๊ทธ ์ž๋™ ๋ชฉ์ฐจ ์ƒ์„ฑ๊ธฐ ํ”„๋กœ์ ํŠธ๋ฅผ ๋งŒ๋“ค๊ธฐ ์œ„ํ•ด ์‚ฌ์šฉํ–ˆ..

[Dreamhack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น : phpreg

https://dreamhack.io/wargame/challenges/873 phpreg Description php๋กœ ์ž‘์„ฑ๋œ ํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค. ์•Œ๋งž์€ Nickname๊ณผ Password๋ฅผ ์ž…๋ ฅํ•˜๋ฉด Step 2๋กœ ๋„˜์–ด๊ฐˆ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. Step 2์—์„œ system() ํ•จ์ˆ˜๋ฅผ ์ด์šฉํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” ../dream/flag.txt์— ์œ„์น˜ํ•ฉ๋‹ˆ dreamhack.io ๋ฌธ์ œ์„ค๋ช… php๋กœ ์ž‘์„ฑ๋œ ํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค. ์•Œ๋งž์€ Nickname๊ณผ Password๋ฅผ ์ž…๋ ฅํ•˜๋ฉด Step 2๋กœ ๋„˜์–ด๊ฐˆ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. Step 2์—์„œ system() ํ•จ์ˆ˜๋ฅผ ์ด์šฉํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” ../dream/flag.txt์— ์œ„์น˜ํ•ฉ๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ์˜ ํ˜•์‹์€ DH{…} ์ž…๋‹ˆ๋‹ค. ํ’€์ด // POST request if ($_SE..

[DreamHack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น : ex-reg-ex

https://dreamhack.io/wargame/challenges/834 ex-reg-ex Description ๋ฌธ์ œ์—์„œ ์š”๊ตฌํ•˜๋Š” ํ˜•์‹์˜ ๋ฌธ์ž์—ด์„ ์ž…๋ ฅํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt ํŒŒ์ผ๊ณผ FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค. dreamhack.io ๋ฌธ์ œ์„ค๋ช… ๋ฌธ์ œ์—์„œ ์š”๊ตฌํ•˜๋Š” ํ˜•์‹์˜ ๋ฌธ์ž์—ด์„ ์ž…๋ ฅํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt ํŒŒ์ผ๊ณผ FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{…} ์ž…๋‹ˆ๋‹ค. ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import Flask, request, render_template import re app = Flask(__name__) try: FLAG = open("./flag.txt", ..

[Dreamhack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น : Flying Chars

https://dreamhack.io/wargame/challenges/850 Flying Chars Description ๋‚ ์•„๋‹ค๋‹ˆ๋Š” ๊ธ€์ž๋“ค์„ ๋ฉˆ์ถฐ์„œ ์ „์ฒด ๋ฌธ์ž์—ด์„ ์•Œ์•„๋‚ด์„ธ์š”! ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{์ „์ฒด ๋ฌธ์ž์—ด} ์ž…๋‹ˆ๋‹ค. โ—์ฒจ๋ถ€ํŒŒ์ผ์„ ์ œ๊ณตํ•˜์ง€ ์•Š๋Š” ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. โ—ํ”Œ๋ž˜๊ทธ์— ํฌํ•จ๋œ ์•ŒํŒŒ๋ฒณ ์ค‘ x, s, o๋Š” ๋ชจ๋‘ dreamhack.io ๋ฌธ์ œ์„ค๋ช… ๋‚ ์•„๋‹ค๋‹ˆ๋Š” ๊ธ€์ž๋“ค์„ ๋ฉˆ์ถฐ์„œ ์ „์ฒด ๋ฌธ์ž์—ด์„ ์•Œ์•„๋‚ด์„ธ์š”! ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{์ „์ฒด ๋ฌธ์ž์—ด} ์ž…๋‹ˆ๋‹ค. โ—์ฒจ๋ถ€ํŒŒ์ผ์„ ์ œ๊ณตํ•˜์ง€ ์•Š๋Š” ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. โ—ํ”Œ๋ž˜๊ทธ์— ํฌํ•จ๋œ ์•ŒํŒŒ๋ฒณ ์ค‘ x, s, o๋Š” ๋ชจ๋‘ ์†Œ๋ฌธ์ž์ž…๋‹ˆ๋‹ค. โ—ํ”Œ๋ž˜๊ทธ์— ํฌํ•จ๋œ ์•ŒํŒŒ๋ฒณ ์ค‘ C๋Š” ๋ชจ๋‘ ๋Œ€๋ฌธ์ž์ž…๋‹ˆ๋‹ค. ํ’€์ด ์บก์ฒ˜๋ฅผ ํ•ด์„œ ๋ฉˆ์ถ˜ ํ™”๋ฉด์ธ๋ฐ, ํ™”๋ฉด์†์—์„œ ์—„์ฒญ ๋น ๋ฅด๊ฒŒ ๊ธ€์ž๋“ค์ด ์ง€๋‚˜๊ฐ€๊ณ  ์žˆ๋‹ค ์‚ฌ์‹ค์ƒ ์ด๊ฑธ ์ง์ ‘ ๋ณด๊ณ  ๋งž์ถ”๋Š”๊ฑด ๋ถˆ๊ฐ€..

[DreamHack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น php-1

https://dreamhack.io/wargame/challenges/46 php-1 php๋กœ ์ž‘์„ฑ๋œ Back Office ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. LFI ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” /var/www/uploads/flag.php์— ์žˆ์Šต๋‹ˆ๋‹ค. Reference Server-side Basic dreamhack.io ๋ฌธ์ œ์„ค๋ช… php๋กœ ์ž‘์„ฑ๋œ Back Office ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. LFI ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” /var/www/uploads/flag.php์— ์žˆ์Šต๋‹ˆ๋‹ค. View ํŒŒ์ผ์ด ์—ฌ๋Ÿฌ๊ฐœ ์žˆ๊ธด ํ•˜์ง€๋งŒ..! ํžŒํŠธ๊ฐ€ ๋˜๋Š” ์ฝ”๋“œ๋Š” view.php ์ด๋‹ค ํ’€์ด php๋กœ ๋งŒ๋“ค์–ด์ง„ ์‚ฌ์ดํŠธ๋Š” LFI ๋กœ ์ ‘๊ทผ ๊ฐ€๋Šฅํ•˜๋‹ค https://opentutorials.org/module/4291/268..

[Dreamhack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น : proxy-1

https://dreamhack.io/wargame/challenges/13 proxy-1 Raw Socket Sender๊ฐ€ ๊ตฌํ˜„๋œ ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. ์š”๊ตฌํ•˜๋Š” ์กฐ๊ฑด์„ ๋งž์ถฐ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt, FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. Reference Introduction of Webhacking dreamhack.io ๋ฌธ์ œ ์„ค๋ช… Raw Socket Sender๊ฐ€ ๊ตฌํ˜„๋œ ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. ์š”๊ตฌํ•˜๋Š” ์กฐ๊ฑด์„ ๋งž์ถฐ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt, FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import Flask, request, render_template, make_response, redirect, url_for import socket ..

[DreamHack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น : session

https://dreamhack.io/wargame/challenges/266 session ์ฟ ํ‚ค์™€ ์„ธ์…˜์œผ๋กœ ์ธ์ฆ ์ƒํƒœ๋ฅผ ๊ด€๋ฆฌํ•˜๋Š” ๊ฐ„๋‹จํ•œ ๋กœ๊ทธ์ธ ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. admin ๊ณ„์ •์œผ๋กœ ๋กœ๊ทธ์ธ์— ์„ฑ๊ณตํ•˜๋ฉด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. Reference Background: Cookie & Session dreamhack.io ๋ฒ„ํ”„์Šค์œ„ํŠธ ์—†์ด ํ• ๊ฑฐ๋‹ค python๋งŒ ์žˆ์œผ๋ฉด ๋. ํ•„์ž๋Š” ํŒŒ์ด์ฌ์„ ์„ค์น˜ํ•˜์ง€ ์•Š์•˜๊ธฐ ๋•Œ๋ฌธ์— Google Colab์„ ์ด์šฉํ•œ๋‹ค VS Code, Replit ๋“ฑ ํŒŒ์ด์ฌ ๋Œ์•„๊ฐ€๋Š” ํ”„๋กœ๊ทธ๋žจ ์•„๋ฌด๊ฑฐ๋‚˜ ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•˜๋‹ค ๋ฌธ์ œ ์ฟ ํ‚ค์™€ ์„ธ์…˜์œผ๋กœ ์ธ์ฆ ์ƒํƒœ๋ฅผ ๊ด€๋ฆฌํ•˜๋Š” ๊ฐ„๋‹จํ•œ ๋กœ๊ทธ์ธ ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. admin ๊ณ„์ •์œผ๋กœ ๋กœ๊ทธ์ธ์— ์„ฑ๊ณตํ•˜๋ฉด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋”๋ณด๊ธฐ #!/usr/bin/python3 fro..

[DreamHack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น : pathtraversal

https://dreamhack.io/wargame/challenges/12 pathtraversal ์‚ฌ์šฉ์ž์˜ ์ •๋ณด๋ฅผ ์กฐํšŒํ•˜๋Š” API ์„œ๋ฒ„์ž…๋‹ˆ๋‹ค. Path Traversal ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด /api/flag์— ์žˆ๋Š” ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”! Reference Server-side Basic dreamhack.io ๋ฌธ์ œ ์‚ฌ์šฉ์ž์˜ ์ •๋ณด๋ฅผ ์กฐํšŒํ•˜๋Š” API ์„œ๋ฒ„์ž…๋‹ˆ๋‹ค. Path Traversal ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด /api/flag์— ์žˆ๋Š” ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”! ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import Flask, request, render_template, abort from functools import wraps import requests import os, json users =..

[DreamHack] ๋“œ๋ฆผํ•ต ์›นํ•ดํ‚น : ๐ŸŒฑ simple-web-request

https://dreamhack.io/wargame/challenges/830 ๐ŸŒฑ simple-web-request Description STEP 1~2๋ฅผ ๊ฑฐ์ณ FLAG ํŽ˜์ด์ง€์— ๋„๋‹ฌํ•˜๋ฉด ํ”Œ๋ž˜๊ทธ๊ฐ€ ์ถœ๋ ฅ๋ฉ๋‹ˆ๋‹ค. ๋ชจ๋“  ๋‹จ๊ณ„๋ฅผ ํ†ต๊ณผํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt ํŒŒ์ผ๊ณผ FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค. ๐Ÿ“œ dreamhack.io ๋ฌธ์ œ STEP 1~2๋ฅผ ๊ฑฐ์ณ FLAG ํŽ˜์ด์ง€์— ๋„๋‹ฌํ•˜๋ฉด ํ”Œ๋ž˜๊ทธ๊ฐ€ ์ถœ๋ ฅ๋ฉ๋‹ˆ๋‹ค. ๋ชจ๋“  ๋‹จ๊ณ„๋ฅผ ํ†ต๊ณผํ•˜์—ฌ ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt ํŒŒ์ผ๊ณผ FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{…} ์ž…๋‹ˆ๋‹ค. ํ’€์ด ๋ฌธ์ œ ํŒŒ์ผ์„ ์ฝ์„ ์ˆ˜๋งŒ ์žˆ์œผ๋ฉด ๋ฐ”๋กœ ํ•ด๊ฒฐ๋˜๋Š” ๋ฌธ์ œ @app.route("/step1", methods=["GET", "..

๋ฐ˜์‘ํ˜•