[DawgCTF 2021] :pwn: MDL Considered Harmful Write-Up ํฌ์ŠคํŒ… ์ธ๋„ค์ผ ์ด๋ฏธ์ง€

CTF

[DawgCTF 2021] :pwn: MDL Considered Harmful Write-Up

MDL Considered Harmful - 225pts Description Tag pwn, Discord bot, real-world, LFI, CVE-2016-3714 Problem Analysis ์ด ๋ฌธ์ œ๋Š” Discord Bot์„ ํ†ตํ•ด์„œ exploit์„ ํ•˜๋Š” ๋ฌธ์ œ์˜€์Šต๋‹ˆ๋‹ค. ์ด ๋ด‡์€ ์ด๋Ÿฐ์‹์œผ๋กœ ์ฝ”๋“œ๋ฅผ ์ž‘์„ฑํ•˜๋ฉด, meme์„ ๋งŒ๋“ค์–ด์ฃผ๋Š” ๋ด‡์ž…๋‹ˆ๋‹ค. ์ด ๋ด‡์—๋Œ€ํ•œ ์ •๋ณด๋ฅผ ์กฐ๊ธˆ ์•Œ์•„๋ณด๋ฉด, ImageMagick์ด๋ผ๋Š” caption command๋ฅผ ํ†ตํ•ด์„œ ์ œ์ž‘์„ ํ•œ๋‹ค๊ณ  ํ•˜๋„ค์š”. ์ด๊ฑฐ ์ด์™ธ์—๋Š” ์ฝ”๋“œ์— ๋Œ€ํ•œ ํžŒํŠธ๊ฐ€ ์ „ํ˜€ ์—†๊ธฐ ๋•Œ๋ฌธ์—, ์ด์— ๋Œ€ํ•œ ์กฐ์‚ฌ๋ฅผ ์กฐ๊ธˆ ํ•ด๋ณด์•˜์Šต๋‹ˆ๋‹ค. https://imagetragick.com/ ImageTragick What's with the stupid (logo|website|twitte..

2021.05.15 ๊ฒŒ์‹œ๋จ

[DawgCTF 2021] :pwn: No Step On Snek Write-Up ํฌ์ŠคํŒ… ์ธ๋„ค์ผ ์ด๋ฏธ์ง€

CTF

[DawgCTF 2021] :pwn: No Step On Snek Write-Up

No Step On Snek - 75pts Description Tag pwnable, python, RCE Problem Analysis ์ ‘์†์„ ํ•˜๋ฉด ์ด๋Ÿฐ ์ฐฝ์ด ๋‚˜ํƒ€๋‚˜๋Š”๋ฐ, ์„ค๋ช…์— ์“ฐ์—ฌ์ ธ์žˆ๋Š” ํ‚ค๋ฅผ ๋ˆŒ๋Ÿฌ๋„ ์•„๋ฌด๊ฒƒ๋„ ์‹คํ–‰์ด ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ์ด์ƒํ•œ ๊ฐ’์„ ์ง‘์–ด๋„ฃ๋Š” ๊ฒฝ์šฐ์—๋Š” ์ด๋Ÿฐ๊ฒŒ ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค. ๋ณด์•„ํ•˜๋‹ˆ, make_move(maze)๋ผ๋Š” ๋ช…๋ น์–ด๊ฐ€ ์‹คํ–‰์ด ๋˜๊ณ , ์ด๋•Œ maze๋ผ๋Š” ๊ฒƒ์€ ์ €ํฌ์˜ ์ž…๋ ฅ์ธ ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๋„ค์š”. ์ด ์ ์„ ์ด์šฉํ•ด์„œ code injection์„ ์‹คํ–‰์‹œ์ผœ์ฃผ๋ฉด ์ข‹์ง€ ์•Š์„๊นŒ ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. Exploit ๊ทธ๋ž˜์„œ ํ™•์ธ์„ ์šฐ์„  ํ•ด ๋ด…์‹œ๋‹ค! __builtins__.__dict__['__import__']("os").system("ls") ์ž˜ ์‹คํ–‰์ด ๋˜๋„ค์š”. ๊ทธ๋ž˜์„œ ๋ฐ”๋กœ flag.txt๋ฅผ ์—ด์–ด๋ณด๋ฉด __..

2021.05.14 ๊ฒŒ์‹œ๋จ