際際滷

際際滷Share a Scribd company logo

201412 seccon2014 オンライン嚠x哂Z write-up

?
?
{勉 |
{勉 |

1) The document describes challenges from the SECCON2014 CTF competition including forensics, programming, and web challenges. 2) The forensics challenge involved analyzing a zip file to find key files and flag. 3) The programming challenge involved connecting to a server via netcat and determining the minimum number from a list of inputs. 4) The web challenge involved exploring a quiz website to increment a point total and find the flag.

1 of 9
Download to read offline
SECCON2014???????(?) Write-up(12/6~7??) ke1ju?team ju?
ゎ???? ?ゎ????????4??+??1?????? ????????????????ゎ??????????? ?????????????ゎ?????? Title Genre Points Welcome to SECCON Start 100 REA-JUU WATCH Web 200 Get the key.txt Forensics 100 Choose the number Program 100 Get the key Network 100
Get the key (Network-100) ?????ゎ??????? pcap???????? http?????????? http://133.242.224.21:6809/nw100/ Genre Network Points 100 Question text nw100.pcap 謄????????????? base64???????? ID/PW? ??????(seccon2014:YourBattleField) ???ID/PW??????????????????????????? ????key.html????????????? ??????? FLAG??????? SECCON{Basic_NW_Challenge_Done!} ?????SECCON???????????????????? ????????????
Get the key.txt (Forensics-100) zip?ゎ????????????????????????????????????????????? ????????????????????? ?????key.txt,key1.txt,key2.txt?key250???????????? ?????SECCON{xxxxxxxxx}????????? ???????????????????????????????????????????ゎ???? ???????????? # file forensic100 forensic100: Linux rev 1.0 ext2 filesystem data (mounted or unclean) ?????ext2???? ????????????? ??????? Genre Forensics Points 100 Question text forensic100.zip
Choose the number (Programming-100) ????????????々?? ???The minimun number?????????? # nc number.quals.seccon.jp 31337 7, -6 The minimum number? Genre Programming Points 100 Questi on text nc number.quals.seccon.jp 31337 sorry fixed URL ???????????????????????????????? perl????????????????????????????????? 1???????????? ???????????????? ??1????????????????????? ???????????????????????????????????????? FLAG?????? ???????????????????????????????? FLAG???????????? ??
Choose the number (Programming-100) use IO::Socket; use List::Util qw/max min/; $host = 'number.quals.seccon.jp'; $port = '31337'; $addr = inet_aton($host) || die "host($con_host) not found.n"; $sockaddr = pack_sockaddr_in($port, $addr); socket(SOCKET, PF_INET, SOCK_STREAM, 0) || die "socket error.n"; connect(SOCKET, $sockaddr) || die "connect $con_host $con_port error.n"; SOCKET->autoflush; while (true) { $a=0; $str=""; while ($a ne 'T') { $a = getc(SOCKET); $str=$str.$a; } chop($str); chop($str); @list = split(/, /,$str); $max=max(@list); $min=min(@list); while ($a ne '?') { $a = getc(SOCKET); $str=$str.$a; } $check=index($str,"max"); if ($check >= 0) { print STDOUT "$maxn"; print SOCKET "$maxn"; } else { print STDOUT "$minn"; print SOCKET "$minn"; } } close(SOCKET);
REA-JUU WATCH (Web-200) Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/ URL?????????????????? Web????????? ???????? Start???????????????????? ?つ?????????????????????????? ???????????????????????????? 6??? ???????????????? 350???????? URL??http://reajuu.pwn.seccon.jp/quiz/6?co=5&ch=15?????? ??????????????????????????????? ??
REA-JUU WATCH (Web-200) ?????????????ぢ??????????? ??JSON??URL????????????????? ?? ????????????????? ???????? point?????? ??????????????????? Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/ <script> function finishpoint(){ ?$.getJSON("/users/chk/14445", null, function(data){ ??point = data.point; ??$("#finishpoint").text("?????????" + point + "???"); ?}); } </script> http://reajuu.pwn.seccon.jp//users/chk/14445 ??? {"username":"9rg52828","password":"wtfs8z64","point":350}
REA-JUU WATCH (Web-200) ???????????????????????????謄???????????????????? ???????????? 10??????? ??????????? 1??????????????????? http://reajuu.pwn.seccon.jp//users/chk/1 ??? {"username":"rea-juu","password":"way_t0_f1ag","point":99999} ?????????????????????????????????????????????????? ????????????????????????????? 99999??????? FLAG?????? ?? SECCON{REA_JUU_Ji8A_NYAN} ?????????????????????? Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/

More Related Content

201412 seccon2014 オンライン嚠x哂Z write-up

  • 2. ゎ???? ?ゎ????????4??+??1?????? ????????????????ゎ??????????? ?????????????ゎ?????? Title Genre Points Welcome to SECCON Start 100 REA-JUU WATCH Web 200 Get the key.txt Forensics 100 Choose the number Program 100 Get the key Network 100
  • 3. Get the key (Network-100) ?????ゎ??????? pcap???????? http?????????? http://133.242.224.21:6809/nw100/ Genre Network Points 100 Question text nw100.pcap 謄????????????? base64???????? ID/PW? ??????(seccon2014:YourBattleField) ???ID/PW??????????????????????????? ????key.html????????????? ??????? FLAG??????? SECCON{Basic_NW_Challenge_Done!} ?????SECCON???????????????????? ????????????
  • 4. Get the key.txt (Forensics-100) zip?ゎ????????????????????????????????????????????? ????????????????????? ?????key.txt,key1.txt,key2.txt?key250???????????? ?????SECCON{xxxxxxxxx}????????? ???????????????????????????????????????????ゎ???? ???????????? # file forensic100 forensic100: Linux rev 1.0 ext2 filesystem data (mounted or unclean) ?????ext2???? ????????????? ??????? Genre Forensics Points 100 Question text forensic100.zip
  • 5. Choose the number (Programming-100) ????????????々?? ???The minimun number?????????? # nc number.quals.seccon.jp 31337 7, -6 The minimum number? Genre Programming Points 100 Questi on text nc number.quals.seccon.jp 31337 sorry fixed URL ???????????????????????????????? perl????????????????????????????????? 1???????????? ???????????????? ??1????????????????????? ???????????????????????????????????????? FLAG?????? ???????????????????????????????? FLAG???????????? ??
  • 6. Choose the number (Programming-100) use IO::Socket; use List::Util qw/max min/; $host = 'number.quals.seccon.jp'; $port = '31337'; $addr = inet_aton($host) || die "host($con_host) not found.n"; $sockaddr = pack_sockaddr_in($port, $addr); socket(SOCKET, PF_INET, SOCK_STREAM, 0) || die "socket error.n"; connect(SOCKET, $sockaddr) || die "connect $con_host $con_port error.n"; SOCKET->autoflush; while (true) { $a=0; $str=""; while ($a ne 'T') { $a = getc(SOCKET); $str=$str.$a; } chop($str); chop($str); @list = split(/, /,$str); $max=max(@list); $min=min(@list); while ($a ne '?') { $a = getc(SOCKET); $str=$str.$a; } $check=index($str,"max"); if ($check >= 0) { print STDOUT "$maxn"; print SOCKET "$maxn"; } else { print STDOUT "$minn"; print SOCKET "$minn"; } } close(SOCKET);
  • 7. REA-JUU WATCH (Web-200) Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/ URL?????????????????? Web????????? ???????? Start???????????????????? ?つ?????????????????????????? ???????????????????????????? 6??? ???????????????? 350???????? URL??http://reajuu.pwn.seccon.jp/quiz/6?co=5&ch=15?????? ??????????????????????????????? ??
  • 8. REA-JUU WATCH (Web-200) ?????????????ぢ??????????? ??JSON??URL????????????????? ?? ????????????????? ???????? point?????? ??????????????????? Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/ <script> function finishpoint(){ ?$.getJSON("/users/chk/14445", null, function(data){ ??point = data.point; ??$("#finishpoint").text("?????????" + point + "???"); ?}); } </script> http://reajuu.pwn.seccon.jp//users/chk/14445 ??? {"username":"9rg52828","password":"wtfs8z64","point":350}
  • 9. REA-JUU WATCH (Web-200) ???????????????????????????謄???????????????????? ???????????? 10??????? ??????????? 1??????????????????? http://reajuu.pwn.seccon.jp//users/chk/1 ??? {"username":"rea-juu","password":"way_t0_f1ag","point":99999} ?????????????????????????????????????????????????? ????????????????????????????? 99999??????? FLAG?????? ?? SECCON{REA_JUU_Ji8A_NYAN} ?????????????????????? Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/