i love cat
Profile

i love cat

as3617

tag guest post manage
search menu

about

ProfileName : 오승주 (as3617)Education :KAIST (Undergraduated) - 2023.02 ~Korea Digital Media High School (Graduated) - 2019.03 ~ 2022.02Team : Defenit / CodeRed / Super GuesserAwards20192019, Hacking Championship Junior Quals 1st2019, Cyberoc Quals 4rd2019, Hacking Championship Junior FInals 4th20202020, Cyberoc Quals 3rd2020, Cyberoc Finals 3rd2020, HackTM Finals 2nd (Team ROK YoungBloods)2021202..
aboutme · 2024. 3. 22. 11:58

DiceCTF 2023 - unfinished

오랜만에 ctf 뛰었는데 재밌게 풀었다. const crypto = require("crypto"); const app = db.getSiblingDB('app'); app.users.insertOne({ user: crypto.randomBytes(8).toString("hex"), pass: crypto.randomBytes(64).toString("hex") }); const secret = db.getSiblingDB('secret'); secret.flag.insertOne({ flag: process.env.FLAG || "dice{test_flag}" }); nodejs로 구현된 웹서버인데 flag는 다른 컨테이너에서 돌아가고 있는 mongodb에 있다. app.post("/api/login..
ctf writeup · 2023. 2. 6. 17:07

Balsn CTF 2022 2linenodejs writeup

#!/usr/local/bin/nodeprocess.stdin.setEncoding('utf-8');process.stdin.on('readable', () => { try{ console.log('HTTP/1.1 200 OK\nContent-Type: text/html\nConnection: Close\n'); const json = process.stdin.read().match(/\?(.*?)\ /)?.[1]; console.log(json) obj = JSON.parse(json); console.log(`JSON: ${json}, Object:`, require('./index')(obj, {})); }catch(error){ require('./usage')..
ctf writeup · 2022. 9. 7. 00:23

2022 Fall GoN Open Qual CTF writeup

보호되어 있는 글입니다.
ctf writeup · 2022. 9. 1. 18:33

url parser confusing

보호되어 있는 글입니다.
web hacking · 2022. 8. 3. 18:27

LINE CTF 2022 web writeup

GOTM func root_handler(w http.ResponseWriter, r *http.Request) { token := r.Header.Get("X-Token") if token != "" { id, _ := jwt_decode(token) acc := get_account(id) tpl, err := template.New("").Parse("Logged in as " + acc.id) if err != nil { } tpl.Execute(w, &acc) } else { return } }template injection is possible using id when print a login user func flag_handler(w http.ResponseWriter, r *http.R..
ctf writeup · 2022. 3. 27. 22:44

Codegate 2022 Preliminary writeup

CAFE XSS 문제다. 하지만 bot 코드에 지워지지 않은 admin의 패스워드로 인해 로그인하고 나면 손쉽게 플래그를 획득할 수 있다. 인텐 풀이는 다음과 같다. function filterHtml($content) { $result = ''; $html = new simple_html_dom(); $html->load($content); $allowTag = ['a', 'img', 'p', 'span', 'br', 'hr', 'b', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'strong', 'em', 'code', 'iframe']; foreach($allowTag as $tag){ foreach($html->find($tag) as $element) { switch ($t..
ctf writeup · 2022. 2. 27. 19:59

hayyim CTF 2022 web writeup

https://gist.github.com/as3617/256b92b451a863732e6c8992cbeda0a9
web hacking · 2022. 2. 13. 21:04
Close

티스토리툴바