ByJJoon's Lab

[작성자:] ByJJoon

  • The Python Challenge – Level 7

    먼저 문제 페이지는 아래와 같다. http://www.pythonchallenge.com/pc/def/hockey.html 해당 페이지에 접속을 하면 “it’s in the air. look at the letters.” 라고 나온다. 공기중에서 볼 수 있는것? badcob님의 힌트를 받아 아래 페이지가 존재 한단것을 알 수 있었다. http://www.pythonchallenge.com/pc/def/oxygen.html (nomja님의 제보로 다시 한번 확인해보니 이전 문제에서 출력되는 hocky에서 이루어지는 글자가 oxygen이군!) 해당 페이지에는 이미지가 삽입되어 있었다. 이미지에서 회색 및 […]

  • 2009년 HUST 대회

    맨날 5등 이야 -_-

  • 웹페이지에 삽입되는 악성코드가 이용하는 취약점 리스트

    MS Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit (MS09-032) CLSID : 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF http://www.microsoft.com/korea/technet/security/bulletin/MS06-014.mspx Internet Explorer Uninitialized Memory Corruption Vulnerability (MS09-002) CLSID : AE24FDAE-03C6-11D1-8B76-0080C744F389 http://www.microsoft.com/korea/technet/security/bulletin/MS09-002.mspx Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014) CLSID : BD96C556-65A3-11D0-983A-00C04FC29E36 http://www.microsoft.com/korea/technet/security/bulletin/MS06-014.mspx Microsoft Office Web Components (Spreadsheet) ActiveX BOF (MS09-043) http://www.microsoft.com/korea/technet/security/bulletin/ms09-043.mspx http://ij**ar.cn/x2/xx.html http://ij**ar.cn/x2/Td14.htm – MS06-014 http://ij**ar.cn/x2/14.js http://d.gd**w.com/xx/x2.css http://ij**ar.cn/x2/15.js http://ij**ar.cn/x2/17.js […]

  • The Python Challenge – Level 6

    문제 페이지 : http://www.pythonchallenge.com/pc/def/channel.html 먼저 주석을 보면 ZIP 이라는 단어가 있기에 다음 페이지에 접속하여 보니 ZIP 파일을 찾으라고 한다. http://www.pythonchallenge.com/pc/def/zip.html http://www.pythonchallenge.com/pc/def/channel.zip 파일이란게 있는 것을 확인했고 readme.txt 파일을 확인하여 보면 시작파일이 어떤 파일인지 확인할 수 있다. 각 파일을 읽어가며 따라가면 최종적으로 “Collect the comments.” 라는 메세지가 나온다. 한참을 고민한 결과 zip 파일 내부에 각 파일에 대해 […]

  • Sapheads Hackjam 결과

    5위라는 순위는 그리 높지 않았지만 그냥 같이 모여서 풀고해서 즐거운 주말을 보낸듯? 하지만 ssh key 풀고나서 ㅈ망 ㅋ 너무 재밌었어요.. 이후에 또 함께해요 ~ 이하 기사 링크 http://www.boannews.com/media/view.asp?idx=17838&kind=1 http://artsnews.media.paran.com/news/40991

  • The Python Challenge – Level 5

    문제 페이지 : http://www.pythonchallenge.com/pc/def/peak.html 처음 문제를 보고 뭔가 한참 고민을 했더랬다 -_- pronounce it ? 도저히 이해가 안되어 포럼을 좀 본 결과 발음과 관련되어 있단걸 알게되었고 pickle이란걸 알게 되었다. #!c:\python26\python.exe import pickle, re pkl_file = open('banner.p', 'rb') data = pickle.load(pkl_file) tmp = '' for x in range(len(data)): for y in range(len(data[x])): if data[x][y][0].find(' ') == […]

  • Vortex – Level 2

    http://www.overthewire.org/wargames/vortex/level2.shtml 먼저 코드를 보자. tar와 관련된 문제인거 같다. #include <stdlib.h> #include <stdio.h> #include <sys/types.h> int main(int argc, char **argv) { char *args[] = { "/bin/tar", "cf", "/tmp/ownership.$$.tar", argv[1], argv[2], argv[3] }; execv(args[0], args); } tar 명령어만 알고 있다면 쉽게 풀 수 있는 문제다. 인자로 패스워드를 주면 된다. 패스워드가 위치한 경로로 이동한 후 작업을 하면 된다. […]

  • Vortex – Level 1

    http://www.overthewire.org/wargames/vortex/level1.shtml 먼저 소스를 보면 다음과 같다. #include <stdlib.h> #include <unistd.h> #include <string.h> #include <stdio.h> #define e(); if(((unsigned int)ptr & 0xff000000)==0xca000000) { setresuid(geteuid(), geteuid(), geteuid()); execlp("/bin/sh", "sh", "-i", NULL); } void print(unsigned char *buf, int len) { int i; printf("[ "); for(i=0; i < len; i++) printf("%x ", buf[i]); printf(" ]\n"); } int main() { unsigned […]

  • The Python Challenge – Level 4

    문제 페이지 : http://www.pythonchallenge.com/pc/def/linkedlist.php #!C:\Python26\python.exe import httplib, re def gogo(number): conn = httplib.HTTPConnection('www.pythonchallenge.com') conn.request('GET', '/pc/def/linkedlist.php?nothing=' + str(number)) r1 = conn.getresponse() data = r1.read() print data if data.find('Yes. Divide by two and keep going.') == 0: return int(number) / 2 else: tmp = re.search('and the next nothing is [0-9]+', data).group() return re.search('[0-9]+', tmp).group() x = gogo(12345) […]

  • The Python Challenge – Level 3

    문제 페이지 : http://www.pythonchallenge.com/pc/def/equality.html #!c:\python26\python.exe import re str = '''kAewtloYgcFQaJNhHVGxXDiQmzjfcpYbzxlWrVcqsmUbCunkfxZWDZjUZMiGqhRRiUvGmYmvnJIHEmbT MUKLECKdCthezSYBpIElRnZugFAxDRtQPpyeCBgBfaRVvvguRXLvkAdLOeCKxsDUvBBCwdpMMWmuELeG ENihrpCLhujoBqPRDPvfzcwadMMMbkmkzCCzoTPfbRlzBqMblmxTxNniNoCufprWXxgHZpldkoLCrHJq vYuyJFCZtqXLhWiYzOXeglkzhVJIWmeUySGuFVmLTCyMshQtvZpPwuIbOHNoBauwvuJYCmqznOBgByPw TDQheAbsaMLjTmAOKmNsLziVMenFxQdATQIjItwtyCHyeMwQTNxbbLXWZnGmDqHhXnLHfEyvzxMhSXzd BEBaxeaPgQPttvqRvxHPEOUtIsttPDeeuGFgmDkKQcEYjuSuiGROGfYpzkQgvcCDBKrcYwHFlvPzDMEk MyuPxvGtgSvWgrybKOnbEGhqHUXHhnyjFwSfTfaiWtAOMBZEScsOSumwPssjCPlLbLsPIGffDLpZzMKz jarrjufhgxdrzywWosrblPRasvRUpZLaUbtDHGZQtvZOvHeVSTBHpitDllUljVvWrwvhpnVzeWVYhMPs kMVcdeHzFZxTWocGvaKhhcnozRSbWsIEhpeNfJaRjLwWCvKfTLhuVsJczIYFPCyrOJxOPkXhVuCqCUgE luwLBCmqPwDvUPuBRrJZhfEXHXSBvljqJVVfEGRUWRSHPeKUJCpMpIsrVMuCmDTZPcAezRnyRTJkYyXk oLEmjtaCsKmNOKNHygTixMKNaSifidWNbeZYYHCGMtgJiTSlzRMjzOAMuhmYwincvBydQMDPaZclRsYU SeEnkclzGopkBozDQfXrQqHjRvlAQsijPCsrnUawvyskbTAnjctFftReVrIBFBKiLSFGmrLSrcnZKfOU wnCGYaMNKNhadSGMXwBaefDrMXoNeJsUaSGlWgttAqovosuhyBWwqQLkVKnRseXaaPwrMtdWjGiVXPvd sxbXzJwjxAITPpPWoGOnPWcSbHFZjBizKEBUECMLUKQRvVvWgIudKQkNjJmlUoUCaAHiTKVKcIpMeltJ AYlVsrjBTLsWuyYwCJuJaewQSrzwXJNLAflzrZXBBEOCTtItNptaJkriIEhufpNysjJpeWbWcFqdEsiG feIJbjRkOfNLjKIiIqbLfYRtldJPJEdsDJrZreCQGUhiIkjPwxrQfjPvsASxJnsqHKAKMJIPuOHYzxuI THEobVZUgmAlVBlqvPgHEGpelbIfzYKHmAmJFlwbhQHWeSLuvPQrUWEQcLwdkalMnyLVyZiFzomxyhHX LhFYswiIPrhmHVHQSJFzWSGUIaKytHzUTSlwSoPkBDPYJBUhXZuNrlPKzVtNoWnKrngtEkazGaWWNlfR RdYbWMbtMyqlOtyNVFyovtOfTqFaMVSmkApgbyffXFgSNqKxCtrjegbSaChypYNUqcfKxYEbgSiIzEqM lsHiHfJOdvhwFLIGAlecFxXxLLlgkAkJehUMZLrOROOArPPhNiVfPvFPrUPqmVZslfhprVpHoyvkAiux hIrGesluecMjJGkvQkzYpLefAPTGcPlQngoaKzrvnlhtudzYMpKxMUEJfsxihneGfwPVeKqmaLGqIFRV siZNppfwZZhfbaqznpIqZRMiyhBgBLCRqqDRgqQMUknFCGZqjqWSAubRCLQZnIbKDRhJrAQeboQctKmz SaFlMXjNqkujGmgtsWbcfEkRWluWBzwIKlvjCMDtnpGlHKXzouovFOySfqjnjWWlOtEbpbpVtGkWzqis JxASqiDLkjpozYyXnkovzHFCklyKQqiJHWtxMjpvDnVEzcXggQbdryUppwiiWzxDZEGzckGXATnTLuiT SvcQsrZPSmbcHPQEYeXCfFDlXsJdjRhzilGllXNdlSDSOHzCWwWKePFiQeUoDBhqMtmVPbWCXshWGFWQ KtsoUdjOqPSjERRCtRdEpApFFwTDsZfNxVqsUTUgbjIXRJTIKHoWJZdUyQaZxrkaYHNAPvawmOgZueju OCkDgGhIgQvcbqTnovaINOqMvhGDQmgxgoGBZGERWeNwavCHuEqoCNfJlpgSYDWoTbkzMwDptqkTGGZm ghcVJXkjYIfNjLrJAjOAbXniGjnJZPfBFeICxJbgeZKEQIbmjSSMuyLWfrcqrlvNVuNplvFvpFvtwejU wdqCWhmhpULzdVCsphBXFOqucjQsGOwrcmQEejhZjeoqQfeShslpmMyYSPVzCwIstLoYVKceHBmRDRMT lHRjQtEAzRzbjHhleOalUJfwYubSoQwTQuVlLfgYLSwjzJjORHszNNXlvbASfdncJtaggrnWQayCeeHL hrTBclVDdZZXwnuMsxAdIitDotrUoBDnxNiHEWMFZEIBvGuaJuHlqJjZDJybDCaeeBzctgmxVTHTfyQY UlgTgJljKvOEAYrtmDRDNtSYephsQxCVfPIRlatlSlFMXwzysWQcogZNkOQhMASZvQlGWQEICTgYjScy NlJYqhjYnnOguMsqCAjwVbVCyVlwBpNRseONpIGwgKomMbvqYDYXiUpfOCWCzGCxDolcGEUVitfVkWTV zWFtkDsGXxIttvLoCHhNknOxAFgCmerhdDiRhAUzAdPIQaPIrLvuvJANOFydiZrlmhtySXHhIhXAlxbH qzrxtWBtnqVnbNYvGisPtzCEPQopkRujbkdLdjeyxKsiaZjroIDVELfFhgzaoVlHehIxQxOgxSRVxtXI zReYwUTXmZSvtJrCMvzcfJysWvrtniuukisYGdywIgZlmaLuuqoGSwdmRzgbxYPzPAeRZhzsNakETkdL qbZhzXrKPYTYiWIUvQtmADZIPwoSjsmRxxvAOEJbNjPWenKYWSmHfhHCUGOTucQzXJokqjSmHvodFDtm mIpCQStfDwPqIMjOWTlwpqXuEjmmguCSvZgVGpvquNLWZutrejvArhhuSistkPHPSVTLKvIPGWjLlCvA fBvcsqYEuGMGlyGAeikgQsVaVvFXXLTrQeKQCsqoUughmjitWfDAIltxUXBejtRaOyYcmLLPWwYPfZsj XxCpeINTZABaQukGKxfqeEsPajoNXojSmekpHzWlKZcCDsXilGRPBgLPDQVMXVzDPOfpmhGvboAXxmAU RILBSCAZefqpBhHtfQhfezJOXObJYIQuuAYFlXmaiGcXtocQEgzpinPkhcGcTiCHEmTtBlDDRBGZoCCp FOuGAcaQxuQeDMTCmGEHYorVyShXbaaSzIBPXqpnvwBWGIjzhEYjMDblEeMwGwpIwAvruynPjmqyVFKy ZjLlFysrtkTPIYFlpynOIwGiMIKoUSqCcGEcwaXwUbEtdnMAuzGttGPouVICmFfuCeYMRBbjVitmMkfV KflCTKRUkxWsKEJcZZuZQmcjMXNJEZLezgYsEuqqSLEMupAhvWpmYWbIeCbSleuPmGkZXeZYPjHrAsAN LbrdsOoRxhHFcqeMyVlZRdozVMxSMbyIfmJJaALSmwepuIBJCCEatpNtRfhHifPCDpHIVYFVnnJVhoJe FxWTjgAQHAYXLsUFTTluNZJKFgvUAnbRNxlBPZVAwlEjGVkziQbVBnOCXxhFzIfTklsasbzfdqiwtoqS […]