[SchoolCTF 2016] (web 100) Wonder Web

해킹대회 문제 풀이 연습장소

Moderator: amesianx

Post Reply
User avatar
SinJiRu
Posts: 83
Joined: Wed Oct 14, 2015 2:54 pm

[SchoolCTF 2016] (web 100) Wonder Web

Post by SinJiRu » Wed Nov 09, 2016 1:27 pm

http://wonder.task.school-ctf.org/

주소로 들어가면 왠 대머리 아저씨가 반겨줍니다
main1.png
main1.png (336.85 KiB) Viewed 326 times
Welcome to the Web of the Future
Now we have headers for anything you want.
Just refer to RFC of our new standard here
중2병 스러운 대사를 던지는데

headers 에 모든것이 있다고 하네요 .. 대머리라 head일수도 있겟지만

web에서 header라고 하면 다른것을 의미하겠죠
main.png
main.png (67.74 KiB) Viewed 326 times
버프로 잡아보면 이렇게 됩니다

뭐가 많이 붙어있네요
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 09 Nov 2016 02:31:47 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Content-Meaning: none; flag-part-number=5 part-content=54f3};
X-XSS-Protection: -1; mode=ignoreheader
Content-Security-Policy: real-strict-dynamic
X-FRAME-Restrict: minhsize:100px; minvsize:100px; readable
X-Frame-Options: SAMEORIGIN
X-Content-Config: blink-origin-in-addressbar, disable-addressbar-copy-paste, disable-javascript-history-api
X-Header: meaning=none;
X-Nikita-Please-Add-This-Header: False
X-Order-To-KFC: order=coffee; order=fried-potato; transport=SASHA
Set-cookie: uselessCookie=uselessVal; Secure; StoreEncrypted=1; ExtensionsCanRead=0; DeleteOnBrowserExit=1l
X-If-You-Read-This-Join-Tomsk-State-University: additional-points=5; url=http://www.fpmk.tsu.ru/node/474;
Strict-Transport-Security-I-Broke-Something-Please-Downgrade-If-Error: 1
Browser-Restrict: openInNewTab=false; noRefererFromHere=1
X-Bug-Bounty: openRedirects=false; logoutCSRF=false; selfXSS=false;
Check-CDN-Revocation-List: 1; ignoreIfError;
Allow-Siri-Google-Cortana-Search-Clients: 1
Y-Toilet-Papper-Compatibility: allow
Task: category=joy; ucucuga=sure; encoding=none; justString=true; flagPresent=1; flagPart2=17; flagPart4=b3
X-Do-Not-Link-From-These-Sites: /blacklist.txt
X-Super-Hero-Status: False
Strict-Transport-Security: max-age=31536000000000000
X-Mouse-Disable-Click-After-Page: 3 secodns
X-ShellShock-vector: (){;}; echo "Want flag?"; python -c 'part3="77316c6c"; print part3.decode("hex")'
X-Window-Restrictions: disallow-from-window-open
Anti-HPKP-Suicide: ignoreAfter=6000000
X-Ignore-CSP-Whitelists: 1
Flag-Security-Policy: headers, ecnryption=none,
X-XXX-Movie: url=goo.gl/0kGizJ
X-Papper-Compatibility: disallow
Flag-First-Part-Is-Here: encoding=base64; part1=U2Nob29sQ1RGezUwbTNkNHk=;
Flag-Parts-Connector: character=_; charCode=95; hexCharCode=0x5f;
Content-Length: 3165
중간중간 이상한 것들이 있군요

위에서부터 순서대로 했었지만 여기선 편의성을 위해서 순서대로 가겠습니다

part 1입니다

part1.png
part1.png (32.65 KiB) Viewed 326 times
encoding=base64; part1=U2Nob29sQ1RGezUwbTNkNHk=;
base64를 이용해서 디코딩 해주면
part1-1.png
part1-1.png (12.91 KiB) Viewed 326 times
SchoolCTF{50m3d4y
라는 값이 나오는군요

part 2,4 는 묶여있습니다
part2,4.png
part2,4.png (33.31 KiB) Viewed 326 times
just string 그대로 읽어주면 되는 모양이군요
justString=true; flagPresent=1; flagPart2=17; flagPart4=b3
2 = 17

4 = b3 이겠네요

part 3입니다
part3.png
part3.png (33.07 KiB) Viewed 326 times
echo "Want flag?"; python -c 'part3="77316c6c"; print part3.decode("hex")'
python을 이용해서 hex 디코딩을 해주면 되는군요
part3-1.png
part3-1.png (8.05 KiB) Viewed 326 times
W1ll 이네요

마지막으로 5번은
part5.png
part5.png (33.44 KiB) Viewed 326 times
none; flag-part-number=5 part-content=54f3};
마찬가지로 그냥 문자열인듯

5 = 54f3}

그럼 다 합쳐보면

SchoolCTF{50m3d4y 17 W1ll b3 54f3}

이렇게 되는군요

다 붙혀봤는데 인증이 안됩니다 ...

here 부분이 거슬리네요
here.png
here.png (296.52 KiB) Viewed 326 times
눌러보니 url에
음... 사이사이에 언더바가 들어가는 모양이군요

그런고로 falg는
SchoolCTF{50m3d4y_17_w1ll_b3_54f3}

Post Reply

Who is online

Users browsing this forum: No registered users and 20 guests