Dreamhack

[Dreamhack] 64se64 Wirte-Up

jeff_kim 2024. 3. 14. 19:25

https://dreamhack.io/wargame/challenges/872

 

64se64

Description "Welcome! ๐Ÿ‘‹"์„ ์ถœ๋ ฅํ•˜๋Š” html ํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค. ์†Œ์Šค ์ฝ”๋“œ๋ฅผ ํ™•์ธํ•˜์—ฌ ๋ฌธ์ œ๋ฅผ ํ’€๊ณ  ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค.

dreamhack.io

๋ฌธ์ œ


"Welcome! ๐Ÿ‘‹"์„ ์ถœ๋ ฅํ•˜๋Š” html ํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค.

์†Œ์Šค ์ฝ”๋“œ๋ฅผ ํ™•์ธํ•˜์—ฌ ๋ฌธ์ œ๋ฅผ ํ’€๊ณ  ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”.
ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค.

 

ํ’€์ด
1. ๋ฌธ์ œ์—์„œ ์ฃผ์–ด์ง„ ์›น์‚ฌ์ดํŠธ ์ ‘์†

๋ฌธ์ œ์—์„œ ์ฃผ์–ด์ง„ ์›นํ•ดํ‚น ๋ฌธ์ œ ์‚ฌ์ดํŠธ ์ ‘์† ํ™”๋ฉด









2. Ctrl+U ๋˜๋Š” ๋งˆ์šฐ์Šค ์˜ค๋ฅธ์ชฝ ํด๋ฆญ ํ›„ ํŽ˜์ด์ง€ ์†Œ์Šค๋ณด๊ธฐ ํด๋ฆญ

<!doctype html>
<html>
<head>
  <meta charset="utf-8">
  <title>Welcome</title>
</head>

<body>
  <h1>Welcome! ๐Ÿ‘‹</h1>
  <form method="POST">
    <input type="hidden" name="64se64_encoding" value="IyEvdXNyL2Jpbi9lbnYgcHl0aG9uMwphc2M
    9WzY4LCA3MiwgMTIzLCA5OCwgMTAxLCA0OCwgNTIsIDU0LCA5OCwgNTUsIDUzLCA1MCwgNTAsIDk3LCA5NywgN
    TAsIDEwMSwgNTAsIDU2LCAxMDIsIDUwLCA1NSwgNTQsIDEwMSwgNDgsIDk5LCA1NywgNDksIDQ4LCA1MywgNTA
    sIDQ5LCAxMDIsIDUwLCA1MSwgOTcsIDQ4LCA1MywgNTYsIDU1LCA0OCwgNDgsIDUzLCA5NywgNTYsIDUxLCA1NS
    wgNTUsIDUxLCA1NSwgNDgsIDk3LCA0OSwgNDksIDEwMSwgNTMsIDEwMSwgNTIsIDEwMCwgOTksIDQ5LCA1MywgMT
    AyLCA5OCwgNTAsIDk3LCA5OCwgMTI1XQphcnI9WzAgZm9yIGkgaW4gcmFuZ2UoNjgpXQpmb3IgaSBpbiByYW5nZS
    gwLDY4KToKICAgIGFycltpXT1jaHIoYXNjW2ldKQpmbGFnPScnLmpvaW4oYXJyKQpwcmludChmbGFnKQ==">
  </form>
</body>
</html>

 

 

 

3. value ๋ถ€๋ถ„์— base64 ๋ฐฉ์‹์œผ๋กœ ์ธ์ฝ”๋”ฉ ๋˜์–ด์žˆ๋Š” ์ฝ”๋“œ๋ฅผ ๋””์ฝ”๋”ฉ ์‹œํ‚จ ํ›„ ๊ฒฐ๊ณผ ๊ฐ’ ํ™•์ธ

echo "IyEvdXNyL2Jpbi9lbnYgcHl0aG9uMwphc2M9WzY4LCA3MiwgMTIzLCA5OCwgMTAxLCA0OCwgNTIsIDU0LCA5OCw
gNTUsIDUzLCA1MCwgNTAsIDk3LCA5NywgNTAsIDEwMSwgNTAsIDU2LCAxMDIsIDUwLCA1NSwgNTQsIDEwMSwgNDgsIDk5
LCA1NywgNDksIDQ4LCA1MywgNTAsIDQ5LCAxMDIsIDUwLCA1MSwgOTcsIDQ4LCA1MywgNTYsIDU1LCA0OCwgNDgsIDUzL
CA5NywgNTYsIDUxLCA1NSwgNTUsIDUxLCA1NSwgNDgsIDk3LCA0OSwgNDksIDEwMSwgNTMsIDEwMSwgNTIsIDEwMCwgOT
ksIDQ5LCA1MywgMTAyLCA5OCwgNTAsIDk3LCA5OCwgMTI1XQphcnI9WzAgZm9yIGkgaW4gcmFuZ2UoNjgpXQpmb3IgaSB
pbiByYW5nZSgwLDY4KToKICAgIGFycltpXT1jaHIoYXNjW2ldKQpmbGFnPScnLmpvaW4oYXJyKQpwcmludChmbGFnKQ=="
| base64 --decode > flag


---
cat flag

#!/usr/bin/env python3
asc=[68, 72, 123, 98, 101, 48, 52, 54, 98, 55, 53, 50, 50, 97, 97, 50, 
101, 50, 56, 102, 50, 55, 54, 101, 48, 99, 57, 49, 48, 53, 50, 49, 102, 
50, 51, 97, 48, 53, 56, 55, 48, 48, 53, 97, 56, 51, 55, 55, 51, 55, 48, 
97, 49, 49, 101, 53, 101, 52, 100, 99, 49, 53, 102, 98, 50, 97, 98, 125]
arr=[0 for i in range(68)]
for i in range(0,68):
    arr[i]=chr(asc[i])
flag=''.join(arr)
print(flag)

 

์ถœ๋ ฅ ๊ฒฐ๊ณผ๋ฌผ ํ™•์ธ ์‹œ python ์ฝ”๋“œ๊ฐ€ ์ถœ๋ ฅ๋˜๋Š” ๊ฒƒ์„ ๋ณผ ์ˆ˜ ์žˆ๋‹ค.

 

 

 

 

 

 

 

 

4.  ๋””์ฝ”๋”ฉํ•œ ์ถœ๋ ฅ ๊ฒฐ๊ณผ๋ฌผ python ์œผ๋กœ ์‹คํ–‰

python flag




DH{be046b7522aa2e28f276e0c910521f23a0587005a8377370a11e5e4dc15fb2ab}

 

DH{..} ํ˜•์‹์˜ ํ”Œ๋ž˜๊ทธ ์ถœ๋ ฅ

 

 

 

'Dreamhack' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[Dreamhack] cookie Write-Up  (1) 2024.03.16
[Dreamhack] phpreq Write-Up  (2) 2024.03.15
[Dreamhack] ex-req-ex Write-Up  (2) 2024.03.15
[Dreamhack] blue-whale Write-Up  (3) 2024.03.15
[Dreamhack] baby-linux Write-Up  (1) 2024.03.14

'Dreamhack'์˜ ๋‹ค๋ฅธ๊ธ€

  • ํ˜„์žฌ๊ธ€[Dreamhack] 64se64 Wirte-Up

๊ด€๋ จ๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”