{"id":207,"date":"2014-07-27T00:58:43","date_gmt":"2014-07-26T15:58:43","guid":{"rendered":"http:\/\/emeth.jp\/diary\/?p=207"},"modified":"2020-09-13T21:48:15","modified_gmt":"2020-09-13T12:48:15","slug":"seccon-2014-online-writeup","status":"publish","type":"post","link":"https:\/\/emeth.jp\/diary\/2014\/07\/seccon-2014-online-writeup\/","title":{"rendered":"SECCON 2014 \u30aa\u30f3\u30e9\u30a4\u30f3\u4e88\u9078\u306b\u53c2\u52a0\u3057\u305f\uff06writeup"},"content":{"rendered":"

7\/19(\u571f) 9:00-21:00\u306b\u958b\u50ac\u3055\u308c\u305fSECCON CTF\u30aa\u30f3\u30e9\u30a4\u30f3\u4e88\u9078\u306b\u53c2\u52a0\u3057\u307e\u3057\u305f\u3002
\n\u3046\u3061\u306e\u30c1\u30fc\u30e0\u306f\u7df4\u7fd2\u554f\u984c\u542b\u3081\u30668\u554f\u89e3\u3044\u30661000\u70b9\u7372\u5f97\u3002
\n\u4e00\u9031\u9593\u9045\u308c\u3067\u3059\u304c\u3001\u89e3\u3051\u306a\u304b\u3063\u305f\u3082\u306e\u3082\u542b\u3081\u3066Writeup\u66f8\u3044\u305f\u3002<\/p>\n

<\/p>\n

\n

\u7df4\u7fd2\u554f\u984c<\/h2>\n

\u6307\u5b9a\u3055\u308c\u305f\u30c6\u30ad\u30b9\u30c8\u958b\u3051\u3070\u66f8\u3044\u3066\u3042\u308b\u3002<\/p>\n

FLAG{seccon2014}<\/pre>\n
\u4e00\u5ea6\u7b54\u3048\u3092\u5165\u308c\u3066\u9001\u4fe1\u3057\u305f\u3068\u3053\u308d\u30a8\u30e9\u30fc\u306b\u306a\u308a\u3001iPhone\u3067\u3084\u3063\u3066\u305f\u4eba\u306b\u5148\u3092\u8d8a\u3055\u308c\u305forz<\/p>\n
\n
Network 100 \u3053\u306e\u30d1\u30b1\u30c3\u30c8\u3092\u89e3\u6790\u305b\u3088<\/h2>\n
\u6307\u5b9a\u3055\u308c\u305fpcap\u30d5\u30a1\u30a4\u30eb\u3092\u958b\u304f\u3068FTP\u306e\u901a\u4fe1\u304c\u898b\u3048\u305f\u306e\u3067\u3053\u308c\u3092\u62bd\u51fa\u3059\u308b\u3002<\/p>\n
\"net100-1\"<\/a><\/p>\n
\u3059\u308b\u3068\u3001RETR\u30b3\u30de\u30f3\u30c9\u3067flag.txt\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308b\u3002
\nFTP\u3067\u306f\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u901a\u4fe1\u3068\u30c7\u30fc\u30bf\u901a\u4fe1\u304c\u5225\u306e\u63a5\u7d9a\u3067\u884c\u308f\u308c\u308b\u305f\u3081\u3001\u300cRETR flag.txt\u300d\u306e\u5f8c\u306b\u767a\u751f\u3057\u3066\u3044\u308b\u901a\u4fe1\u3092\u898b\u3066\u307f\u308b\u3002<\/p>\n
\"net100-2\"<\/a><\/p>\n
\u3053\u308c\u304cflag.txt\u306e\u4e2d\u8eab\u3060\u304c\u3001\u3069\u3046\u898b\u3066\u3082Base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u30c7\u30b3\u30fc\u30c9\u3057\u3066\u3084\u308b\u3068<\/p>\n
\ntkito@ubuntu:~$ echo RkxBR3tGN1AgMTUgTjA3IDUzQ1VSM30= | base64 -d; echo\nFLAG{F7P 15 N07 53CUR3}\n<\/pre>\n
\u3053\u306e\u3088\u3046\u306bFLAG\u3092\u53d6\u5f97\u3067\u304d\u308b\u3002<\/p>\n
\u4f59\u8ac7\u3060\u304c\u3001\u5148\u65e5Base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30c6\u30ad\u30b9\u30c8\u3092\u898b\u3066\u300c\u3053\u308c\u306f\u4e00\u76ee\u3067Base64\u3063\u3066\u308f\u304b\u308b\u3088\u306d\u300d\u3068\u8a00\u3063\u305f\u3089\u5909\u614b\u6271\u3044\u3055\u308c\u305f\u3002\u7d0d\u5f97\u3044\u304b\u306a\u3044\u3002<\/p>\n
\n
Network 300 \u30bd\u30fc\u30b7\u30e3\u30eb\u30cf\u30c3\u30af\uff1f<\/h2>\n
\u6307\u5b9a\u3055\u308c\u305f\u30a2\u30c9\u30ec\u30b9\u306b\u884c\u304f\u3068\u4eca\u6d41\u884c\u308a\u306eLINE\u4e57\u3063\u53d6\u308a\u7684\u306a\u30c1\u30e3\u30c3\u30c8\u753b\u9762\u304c\u51fa\u3066\u304f\u308b\u3002
\n\u4e2d\u8eab\u306fJavaScript\u3067\u52d5\u3044\u3066\u3044\u3066\u3001\u30bd\u30fc\u30b9\u3092\u898b\u305f\u3068\u3053\u308d\u3001\u3053\u3061\u3089\u306e\u767a\u8a00\u304c\u30d1\u30bf\u30fc\u30f3\u306b\u30de\u30c3\u30c1\u3059\u308b\u3068\u305d\u308c\u306b\u5fdc\u3058\u305f\u8fd4\u7b54\uff08\u300c\u3044\u304f\u3089\uff1f\u300d\u306b\u5bfe\u3057\u3066\u300c5000\u5186\u300d\u306a\u3069\uff09\u3092\u8fd4\u3057\u3066\u304f\u308b\u3002
\n\u30d1\u30bf\u30fc\u30f3\u306b\u30de\u30c3\u30c1\u3057\u306a\u304b\u3063\u305f\u5834\u5408\u306b\u306f\u30b5\u30fc\u30d0\u306b\u554f\u3044\u5408\u308f\u305b\u3066\u8fd4\u3063\u3066\u304d\u305f\u5185\u5bb9\u3092\u767a\u8a00\u3059\u308b\u3002
\n\u3057\u304b\u3057\u3053\u308c\u4ee5\u4e0a\u9032\u307e\u306a\u304f\u3066\u7d42\u4e86\u3002<\/p>\n
\u6b63\u3057\u3044\u89e3\u6cd5\u306f\u4ed6\u306e\u4eba\u304c\u66f8\u3044\u3066\u308b\u306e\u3067\u5272\u611b\u3002<\/p>\n
\n
Crypto 100 decode me<\/h2>\n
\u6307\u5b9a\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u958b\u304f\u3068\u3001\u5316\u3051\u3066\u3044\u308b\u3002
\n\u5316\u3051\u3066\u306a\u3044\u3068\u3053\u308d\u3092\u898b\u308b\u3068\u3001<\/p>\n
FRPPBA 2014\nebg13\/47<\/pre>\n
\u3068\u3042\u308b\u3002
\n\u3053\u308c\u306frot13\u3067\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u3066\u304a\u308a\u3001\u5143\u306b\u623b\u3059\u3068<\/p>\n
SECCON 2014\nrot13\/47<\/pre>\n
\u3068\u306a\u308b\u3002
\nrot13\u306f\u3068\u3082\u304b\u304f\u300147\u304c\u308f\u304b\u3089\u306a\u304b\u3063\u305f\u306e\u3067\u3001rot47\u3067\u3050\u3050\u3063\u305f\u3068\u3053\u308d\u3001\u65e5\u672c\u8a9e\u3067rot13\u306e\u3088\u3046\u306a\u3053\u3068\u3092\u3059\u308b\u305f\u3081\u306e\u3082\u306e\u3089\u3057\u3044\u3002
\n\u5316\u3051\u3066\u308b\u3068\u3053\u308d\u898b\u308b\u3068\u3067\u304d\u3066\u306a\u3044\u3088\u3046\u3060\u3051\u3069\u3002
\nnkf\u306b\u5b9f\u88c5\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u3063\u305f\u306e\u3067\u3001nkf\u3067\u30c7\u30b3\u30fc\u30c9\u3059\u308b\u3068<\/p>\n
\ntkito@ubuntu:~$ nkf -r encoded.txt\nSECCON 2014 \u306b\u53c2\u52a0\u306e\u307f\u306a\u3055\u307e\u3053\u3093\u306b\u3061\u306f\u3002\nrot13\/47 \u306b\u6c17\u4ed8\u304f\u3068\u306f\u6d41\u77f3\u3067\u3059\u3002\n\uff4e\uff4b\uff46\u30b3\u30de\u30f3\u30c9\u3067\u7c21\u5358\u306b\u30c7\u30b3\u30fc\u30c9\u3067\u304d\u308b\u3053\u3068\u306b\u3082\u6c17\u4ed8\u304d\u307e\u3057\u305f\u304b\uff1f\n\u3068\u3044\u3046\u308f\u3051\u3067\u3001\u304a\u3081\u3067\u3068\u3046\u3054\u3056\u3044\u307e\u3059\uff01\n\u30d5\u30e9\u30b0\u306f\u534a\u89d2\u82f1\u6570\u6587\u5b57\u306b\u5909\u63db\u3057\u3066\u304b\u3089\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002\n\uff26\uff2c\uff21\uff27\uff5b\uff28\uff41\uff56\uff45\u3000\uff46\uff55\uff4e\u3000\uff33\uff25\uff23\uff23\uff2f\uff2e\uff12\uff10\uff11\uff14\uff5d\n<\/pre>\n
\u3068\u306a\u308a\u3001FLAG\u3092\u53d6\u5f97\u3067\u304d\u308b\u3002<\/p>\n
\n
Crypto 300 Decrypt it!<\/h2>\n
\u4e0e\u3048\u3089\u308c\u305fzip\u30d5\u30a1\u30a4\u30eb\u3092\u5c55\u958b\u3059\u308b\u3068\u3001crypt.zip\u3068flag.zip\u304c\u5f97\u3089\u308c\u308b\u3002
\nflag.zip\u306b\u306f\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u304b\u304b\u3063\u3066\u304a\u308a\u3001crypt.zip\u306b\u306f\u304b\u304b\u3063\u3066\u3044\u306a\u3044\u3002
\ncrypt.zip\u3092\u5c55\u958b\u3059\u308b\u3068\u3001crypt\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u304c\u5f97\u3089\u308c\u308b\u3002
\nflag.zip\u306b\u306f\u6697\u53f7\u5316\u3055\u308c\u3066\u3044\u308b\u304c\u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u306f\u53d6\u5f97\u3067\u304d\u308b\u306e\u3067\u898b\u3066\u307f\u308b\u3068\u3001<\/p>\n
\ntkito@ubuntu:~$ unzip -l flag.zip\nArchive:&nbsp; flag.zip\n&nbsp; Length&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Date&nbsp;&nbsp;&nbsp; Time&nbsp;&nbsp;&nbsp; Name\n---------&nbsp; ---------- -----&nbsp;&nbsp; ----\n&nbsp;&nbsp;&nbsp; 13956&nbsp; 2014-07-15 14:34&nbsp;&nbsp; crypt\n&nbsp; 1088958&nbsp; 2014-07-15 14:35&nbsp;&nbsp; flag.bin\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 89&nbsp; 2014-07-15 14:50&nbsp;&nbsp; readme.txt\n---------&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -------\n&nbsp; 1103003&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3 files\n<\/pre>\n
crypt.zip\u306b\u5165\u3063\u3066\u3044\u305f\u3082\u306e\u3068\u540c\u3058\u540d\u524d\u540c\u3058\u30b5\u30a4\u30ba\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u3042\u308b\u3053\u3068\u304c\u308f\u304b\u308b\u3002
\n\u5e73\u6587\u30d5\u30a1\u30a4\u30eb\u304c\u624b\u306b\u5165\u3063\u3066\u3044\u308b\u306e\u3067\u3001pkcrack\u3092\u4f7f\u3048\u3070\u6697\u53f7\u5316\u3092\u89e3\u304f\u3053\u3068\u304c\u3067\u304d\u308b\u3002
\n\u2026\u306f\u305a\u306a\u306e\u3060\u304c\u3001\u30ad\u30fc\u304c\u898b\u3064\u304b\u3089\u306a\u3044\u3068\u8a00\u308f\u308c\u3066\u3057\u307e\u3044\u632b\u6298\u3002<\/p>\n
\n
Forensic 100 879,394bytes
\nForensic 300<\/h2>\n
\u3069\u3061\u3089\u3082\u30c1\u30fc\u30e0\u306e\u30d5\u30a9\u30ec\u30f3\u30b8\u30c3\u30af\u30de\u30f3\u306b\u304a\u4efb\u305b\u3057\u305f\u3002
\n\u898b\u4e8b\u6b63\u89e3\u3057\u3066\u304f\u308c\u307e\u3057\u305f\u3002<\/p>\n
\n
Binary 100 x86\u30a2\u30bb\u30f3\u30d6\u30e9\u3092\u8aad\u3082\u3046<\/h2>\n
\u305d\u306e\u307e\u307e\u8aad\u3093\u3067\u3082\u4f55\u3068\u304b\u306a\u308b\u304b\u3082\u77e5\u308c\u306a\u3044\u304c\u3001\u982d\u306eCPU\u30a8\u30df\u30e5\u30ec\u30fc\u30bf\u304c\u6b63\u5e38\u306b\u52d5\u4f5c\u3059\u308b\u4fdd\u8a3c\u306f\u306a\u304b\u3063\u305f\u305f\u3081\u3001nop\u305f\u304f\u3055\u3093\u4ed5\u8fbc\u3093\u3067\u3042\u308bexe\u30d5\u30a1\u30a4\u30eb\u306b\u57cb\u3081\u8fbc\u3093\u3067IDA\u3067\u30c7\u30d0\u30c3\u30b0\u5b9f\u884c\u3057\u300101361040\u306b\u76f8\u5f53\u3059\u308b\u3068\u3053\u308d\u306bSet IP\u3057\u3066\u30c7\u30d0\u30c3\u30b0\u3057\u305f\u3002
\n\u8868\u793a\u3055\u308c\u308b\u306e\u306f0136105B\u3067push\u3057\u3066\u3044\u308beax\u306e\u5024\u306a\u306e\u3067\u305d\u3053\u307e\u3067\u9032\u3081\u3066eax\u306e\u5024\u3092\u898b\u308b\u30680xFFFFFFFE\u3002
\nsigned\u3068\u3057\u3066\u89e3\u91c8\u3059\u308b\u3068-2\u3067unsigned\u3068\u3057\u3066\u89e3\u91c8\u3059\u308b\u30684294967294\u306b\u306a\u308b\u304c\u3001\u3069\u3061\u3089\u3092\u5165\u308c\u3066\u3082\u30c0\u30e1\u3002<\/p>\n
\u3088\u304f\u308f\u304b\u3089\u306a\u3044\u306e\u30671\u547d\u4ee4\u305a\u3064\u8ffd\u3063\u3066\u3044\u305f\u3068\u3053\u308d\u30010136104B\u30670xFF\u304cpush\u3055\u308c\u305f\u969b\u3001\u30b9\u30bf\u30c3\u30af\u4e0a\u306e\u5024\u304c0xFFFFFFFF\u306b\u306a\u3063\u3066\u3044\u308b\u3053\u3068\u306b\u6c17\u3065\u3044\u305f\u3002
\nFF\u30924\u30d0\u30a4\u30c8\u306b\u62e1\u5f35\u3057\u305f\u3089\u307e\u3042\u305d\u3046\u306a\u308b\u306a\u3068\u3044\u3046\u3068\u3053\u308d\u306a\u306e\u3060\u304c\u3001\u30b9\u30bf\u30c3\u30af\u306e\u5024\u3092\u3044\u3058\u3063\u30660x000000FF\u3068\u3057\u3066\u5b9f\u884c\u3057\u3066\u307f\u305f\u3068\u3053\u308d\u3001xxxxxx\uff08\u6b63\u78ba\u306a\u5024\u5fd8\u308c\u305f\uff09\u3068\u3044\u3046\u5024\u304c\u5f97\u3089\u308c\u3001\u3053\u308c\u304c\u6b63\u89e3\u3067\u3042\u3063\u305f\u3002
\n0136104B\u306e\u547d\u4ee4\u3001push FF\u3058\u3083\u306a\u304f\u3066push 00FF\u3067\u3042\u308b\u3079\u304d\u3060\u3063\u305f\u306e\u3067\u306f\u2026<\/p>\n
\n
Binary 300 \u30c0\u30f3\u30d7\u3092\u8ffd\u3048\uff01<\/h2>\n
\u4f55\u306e\u30c0\u30f3\u30d7\u304b\u3059\u3089\u308f\u304b\u3089\u306a\u3044\u307e\u307e\u7d42\u4e86\u3002<\/p>\n
\n
Programming 100 \u91cd\u306d\u3066\u307f\u3088\u3046<\/h2>\n
\u4e0e\u3048\u3089\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u306f\u30a2\u30cb\u30e1\u30fc\u30b7\u30e7\u30f3GIF\u30d5\u30a1\u30a4\u30eb\u3002
\n\u958b\u3044\u3066\u307f\u308b\u3068\u3001\u591c\u7a7a\u306b\u661f\u304c\u307e\u305f\u305f\u304d\u307e\u3059\u3002\u30ad\u30ec\u30a4\u30c0\u30ca\u30fc\u3002
\n\u91cd\u306d\u3066\u307f\u3088\u3046\u3068\u306e\u3053\u3068\u306a\u306e\u3067\u3001\u5168\u30d5\u30ec\u30fc\u30e0\u3092\u5206\u5272\u3057\u3066\u3001\u5404\u30d4\u30af\u30bb\u30eb\u306b\u3064\u3044\u3066\u5168\u30d5\u30ec\u30fc\u30e0\u306eOR\u3092\u53d6\u3063\u305f\u753b\u50cf\u3092\u51fa\u529b\u3059\u308b\u3068\u3001\u3053\u3093\u306a\u753b\u50cf\u306b\u3002<\/p>\n
\"prg100-1\"<\/a><\/p>\n
\u3069\u3046\u898b\u3066\u3082QR\u30b3\u30fc\u30c9\u306a\u306e\u3067\u30b9\u30de\u30db\u3067\u8aad\u307f\u8fbc\u3082\u3046\u3068\u3059\u308b\u3082\u8aad\u307f\u8fbc\u3081\u306a\u3044\u3002
\n\u3088\u304f\u898b\u308b\u3068\u666e\u901a\u306eQR\u30b3\u30fc\u30c9\u3068\u767d\u9ed2\u304c\u53cd\u8ee2\u3057\u3066\u3044\u308b\u3002
\n\u3068\u3044\u3046\u308f\u3051\u3067\u767d\u9ed2\u53cd\u8ee2\u3055\u305b\u305f\u3002<\/p>\n
\"prg100-2\"<\/a><\/p>\n
\u30b9\u30de\u30db\u3067\u8aad\u3080\u3068\u8aad\u307f\u8fbc\u3081\u3066\u3001\u30d5\u30e9\u30b0\u304c\u51fa\u3066\u304f\u308b\u3002
\n\u6700\u7d42\u7684\u306a\u30d7\u30ed\u30b0\u30e9\u30e0\u306f\u4e0b\u8a18\u3002<\/p>\n
\nimport Image\n\nim = Image.open("afterimage.gif")\nim_merged = im.copy()\n\n# merge\ntry:\nwhile True:\nim.seek(im.tell() + 1)\nfor x in range(0, im.size[0]):\nfor y in range(0, im.size[1]):\nif im.getpixel((x, y)) == 1:\nim_merged.putpixel((x, y), 1)\n\nexcept EOFError:\npass\n\n# invert\nfor x in range(0, im_merged.size[0]):\nfor y in range(0, im_merged.size[1]):\nif im_merged.getpixel((x, y)) == 0:\nim_merged.putpixel((x, y), 1)\nelse:\nim_merged.putpixel((x, y), 0)\n\nim_merged.save("merged.gif")\n<\/pre>\n
\n
Programming 300 \u3042\u307f\u3060\u304f\u3058<\/h2>\n
\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u30c7\u30ad\u30eb\u4eba\u306b\u304a\u307e\u304b\u305b\u3002
\n\u3044\u308d\u3044\u308d\u3042\u3063\u3066\u6642\u9593\u5185\u306b\u306f\u89e3\u3051\u305a\u3002<\/p>\n
\u3053\u308c\u3001\u4ed6\u306e\u4eba\u306eWrite up\u898b\u3066\u308b\u3068\u554f\u984c\u306f\u30e9\u30f3\u30c0\u30e0\u3067\u306f\u306a\u304f\u56fa\u5b9a\u3089\u3057\u3044\u306e\u3067\u3001Brute-force\u3067\u9811\u5f35\u308c\u3070\u89e3\u3051\u308b\u3093\u3058\u3083\u306a\u304b\u308d\u3046\u304b\u3002
\n\u73fe\u5b9f\u7684\u306a\u6642\u9593\u3067\u7d42\u308f\u308b\u304b\u3069\u3046\u304b\u306f\u308f\u304b\u3089\u306a\u3044\u3002<\/p>\n
\n
Web 100 \u7bb1\u5eadSQLi\u30c1\u30e3\u30ec\u30f3\u30b8<\/h2>\n
SQLi\u306e\u7bb1\u5ead\u304c\u51fa\u3066\u304d\u307e\u3057\u305f\u3002
\n\u666e\u901a\u306eCTF\u3060\u3068\u3001Web\u7cfb\u306e\u554f\u984c\u306f\u4e3b\u50ac\u8005\u904b\u55b6\u306e\u30b5\u30a4\u30c8\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u3066\u305d\u3053\u3067\u3044\u308d\u3044\u308d\u3084\u308b\u3093\u3060\u304c\u3001\u958b\u50ac\u671f\u9593\u304c\u7d42\u4e86\u3059\u308b\u3068\u30b5\u30a4\u30c8\u3082\u9589\u3058\u3089\u308c\u3066\u3057\u307e\u3044\u3001\u5f8c\u304b\u3089\u30c1\u30e3\u30ec\u30f3\u30b8\u3067\u304d\u306a\u3044\u306e\u304c\u554f\u984c\u3067\u3042\u3063\u305f\u3002
\n\u305d\u306e\u70b9\u3053\u306e\u7bb1\u5ead\u3060\u3068\u958b\u50ac\u671f\u9593\u7d42\u4e86\u5f8c\u3082\u89e3\u304f\u3053\u3068\u304c\u3067\u304d\u308b\u306e\u3067\u3059\u3054\u3044\u3042\u308a\u304c\u305f\u3044\u3002
\n\u4eca\u5f8c\u3082\u3053\u306e\u65b9\u91dd\u3067\u7a81\u304d\u9032\u3093\u3067\u3044\u305f\u3060\u304d\u305f\u3044\u3067\u3059\u3002
\n\u3053\u306e\u601d\u3044\u3001\u958b\u767a\u8005\u306b\u5c4a\u3051\u3002
\n\u4f55\u304b\u30e1\u30e2\u30ea\u30c0\u30f3\u30d7\u3057\u305f\u3089\u30d5\u30e9\u30b0\u304c\u898b\u3048\u305f\u307f\u305f\u3044\u306a\u8a71\u304c\u3042\u308a\u307e\u3057\u305f\u304c\u305d\u308c\u306f\u3055\u3066\u304a\u304d\u2026<\/p>\n
\u3055\u3066SQLi\u3067\u3059\u3002
\n\u304a\u7d04\u675f\u306e\u30c7\u30fc\u30bf\u3092\u5165\u308c\u307e\u3059\u3002<\/p>\n
' or 1=1;--<\/pre>\n
\"web100-1\"<\/a><\/p>\n
ID\u304c0-4\u307e\u3067\u51fa\u3066\u3044\u308b\u304c\u3001\u3053\u308c\u304c\u5168\u3066\u306e\u6a21\u69d8\u3002
\n\u7d9a\u3044\u3066select\u6587\u306e\u30ab\u30e9\u30e0\u6570\u306e\u78ba\u8a8d\u3002<\/p>\n
' union select 1,1,1,1,1;--<\/pre>\n
\"web100-2\"<\/a><\/p>\n
\u3053\u308c\u4ee5\u5916\u306f\u30a8\u30e9\u30fc\u3068\u306a\u3063\u305f\u3002\u30ab\u30e9\u30e0\u6570\u306f5\u3068\u308f\u304b\u308b\u3002
\n\u7d9a\u3044\u3066\u30c6\u30fc\u30d6\u30eb\u3001\u30ab\u30e9\u30e0\u306e\u69cb\u9020\u306e\u53d6\u5f97\u3002<\/p>\n
' union select 1,1,1,1,sql from sqlite_master;--<\/pre>\n
\"web100-3\"<\/a><\/p>\n
DB\u306fSQLite\u306e\u3088\u3046\u3067\u3042\u308b\u30022\u3064SQL\u304c\u51fa\u529b\u3055\u308c\u3066\u30011\u3064\u306fID\u7b49\u304c\u5165\u3063\u305f\u30c6\u30fc\u30d6\u30eb\u3001\u3082\u30461\u3064\u306f\u3042\u304b\u3089\u3055\u307e\u306b\u602a\u3057\u3044flag\u3068\u3044\u3046\u30ab\u30e9\u30e0\u3092\u6301\u3064SECCON\u30c6\u30fc\u30d6\u30eb\u3002
\n\u3067\u306f\u30d5\u30e9\u30b0\u53d6\u5f97\u306e\u305f\u3081SECCON\u30c6\u30fc\u30d6\u30eb\u306e\u4e2d\u8eab\u3092\u898b\u308b\u3002<\/p>\n
' union select 1,1,1,1,flag from SECCON;--<\/pre>\n
\"web100-4\"<\/a><\/p>\n
\u3068\u3044\u3046\u308f\u3051\u3067\u30d5\u30e9\u30b0\u3092\u30b2\u30c3\u30c8\u3002<\/p>\n
\n
Web 300 \u7bb1\u5eadXSS\u30ea\u30bf\u30fc\u30f3\u30ba<\/h2>\n
1\u30b9\u30c6\u30fc\u30b8\u9032\u3080\u305f\u3073\u306b\u524d\u306e\u30b9\u30c6\u30fc\u30b8\u3067\u4f7f\u3063\u305f\u5358\u8a9e\uff08\u30a2\u30eb\u30d5\u30a1\u30d9\u30c3\u30c8\u3068\u6570\u5b57\u304b\u3089\u306a\u308b\u6587\u5b57\u5217\uff09\u304cNG\u30ef\u30fc\u30c9\u306b\u52a0\u308f\u308b\u3068\u3044\u3046\u9b3c\u755c\u4ed5\u69d8\u3002
\n3\u30b9\u30c6\u30fc\u30b8\u30af\u30ea\u30a2\u3057\u305f\u3068\u3053\u308d\u3067\u30cd\u30bf\u306e\u30b9\u30c8\u30c3\u30af\u304c\u5207\u308c\u305f\u3002
\n\u307e\u3060\u307e\u3060XSS\u529b\u306f\u8db3\u308a\u306a\u3044\u3002
\n\u306a\u304a\u3001\u771f\u9762\u76ee\u306b\u3084\u3089\u305a\u3068\u3082\u89e3\u3051\u308b\u88cf\u30ef\u30b6\u304c\u3042\u3063\u305f\u3088\u3046\u3067\u2026<\/p>\n
\n
Unknown 100 \u8a70\u5c06\u68cb\uff1f<\/h2>\n
\u89e3\u3051\u306a\u304b\u3063\u305f\u3002
\n\u30c1\u30fc\u30e0\u30e1\u30f3\u30d0\u304c\u7d50\u69cb\u306a\u6642\u9593\u30c8\u30e9\u30a4\u3057\u3066\u3044\u305f\u304c\u7d50\u5c40\u6b63\u89e3\u3067\u304d\u305a\u3002
\n\u5341\u4e09\u624b\u8a70\u3068\u8a00\u308f\u308c\u3066\u3044\u308b\u304c\u5341\u4e00\u624b\u3067\u8a70\u3080\u30d1\u30bf\u30fc\u30f3\u304c\u767a\u898b\u3055\u308c\u305f\u308a\u3001\u4f55\u304c\u6b63\u89e3\u306a\u306e\u304b\u3088\u304f\u308f\u304b\u3089\u306a\u3044\u554f\u984c\u3067\u3042\u3063\u305f\u3002<\/p>\n
\n
Unknown 300 Print it!<\/h2>\n
\u30d0\u30a4\u30ca\u30ea\u304c\u30ce\u30fc\u30d2\u30f3\u30c8\u3067\u4e0e\u3048\u3089\u308c\u308b\u3002
\n\u898b\u3066\u307f\u308b\u3068\u3001\u5148\u982d80\u30d0\u30a4\u30c8\u304c\u6587\u5b57\u5217\u30680\u3067\u3001\u305d\u306e\u6b21\u304b\u3089\u30c7\u30fc\u30bf\u672c\u4f53\u304c\u683c\u7d0d\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u306b\u898b\u3048\u308b\u3002
\n\u30c7\u30fc\u30bf\u672c\u4f53\u90e8\u5206\u3082\u89e3\u6790\u3057\u3066\u307f\u3066\u3001\u982d4\u30d0\u30a4\u30c8\u304c\u30c1\u30e3\u30f3\u30af\u6570\u3001\u4ee5\u964d\u305d\u306e\u6570\u3060\u305150\u30d0\u30a4\u30c8\u306e\u30c1\u30e3\u30f3\u30af\u304c\u7d9a\u304f\u3001\u3068\u3044\u3046\u3068\u3053\u308d\u307e\u3067\u308f\u304b\u3063\u305f\u3002
\n\u30c1\u30e3\u30f3\u30af\u306e\u4e2d\u8eab\u308212\u30d0\u30a4\u30c8\u306e0\u304c\u3042\u3063\u305f\u5f8c\u306b4\u30d0\u30a4\u30c8\u306e\u30c7\u30fc\u30bf\u304c9\u500b\u7d9a\u304d\u3001\u6700\u5f8c\u306b2\u30d0\u30a4\u30c8\u306e0\u304c\u304f\u308b\u3001\u3068\u3044\u3046\u3053\u3068\u304c\u308f\u304b\u3063\u305f\u304c\u3001\u305d\u308c\u4ee5\u4e0a\u306f\u4f55\u3082\u308f\u304b\u3089\u305a\u7d42\u4e86\u3002<\/p>\n
CTF\u671f\u9593\u7d42\u4e86\u5f8c\u306bIRC\u3067\u30d2\u30f3\u30c8\u3092\u51fa\u3057\u3066\u3044\u308b\u4eba\u304c\u3044\u305f\u306e\u3067\u3001\u305d\u308c\u306b\u5f93\u3063\u3066\u3050\u3050\u308b\u3068\u3001STL\u3068\u3044\u30463D\u30c7\u30fc\u30bf\u306e\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3067\u3042\u308b\u3053\u3068\u304c\u308f\u304b\u3063\u305f\u3002
\nPrint it!\u306ePrint\u306f3D Print\u306e\u610f\u5473\u3060\u3063\u305f\u306e\u304b\u3001\u3068\u304b\u3001make the key\u306emake\u306f\u7269\u7406\u7684\u306b\u4f5c\u308b\u3068\u3044\u3046\u610f\u5473\u3060\u3063\u305f\u306e\u304b\u3001\u3068\u304b\u601d\u3063\u305f\u308a\u3057\u305f\u3002
\nSTL\u3092\u8aad\u307f\u8fbc\u3081\u308b\u30c4\u30fc\u30eb\u3067\u8aad\u3080\u3068\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u51fa\u3066\u304f\u308b\u3002<\/p>\n
\"unk300\"<\/a><\/p>\n
\u30d5\u30e9\u30b0\u306f\u898b\u3066\u306e\u901a\u308a\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
7\/19(\u571f) 9:00-21:00\u306b\u958b\u50ac\u3055\u308c\u305fSECCON CTF\u30aa\u30f3\u30e9\u30a4\u30f3\u4e88\u9078\u306b\u53c2\u52a0\u3057\u307e\u3057\u305f\u3002 \u3046\u3061\u306e\u30c1\u30fc\u30e0\u306f\u7df4\u7fd2\u554f\u984c\u542b\u3081\u30668\u554f\u89e3\u3044\u30661000\u70b9\u7372\u5f97\u3002 \u4e00\u9031\u9593\u9045\u308c\u3067\u3059\u304c\u3001\u89e3\u3051\u306a\u304b\u3063\u305f\u3082\u306e\u3082\u542b\u3081\u3066Writeup\u66f8\u3044\u305f\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-207","post","type-post","status-publish","format-standard","hentry","category-1"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/207","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/comments?post=207"}],"version-history":[{"count":15,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/207\/revisions"}],"predecessor-version":[{"id":523,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/207\/revisions\/523"}],"wp:attachment":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/media?parent=207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/categories?post=207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/tags?post=207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}