SlideShare a Scribd company logo

201412 seccon2014 オンライン予選(英語) write-up

恵寿 東, profile picture
恵寿 東

1) The document describes challenges from the SECCON2014 CTF competition including forensics, programming, and web challenges. 2) The forensics challenge involved analyzing a zip file to find key files and flag. 3) The programming challenge involved connecting to a server via netcat and determining the minimum number from a list of inputs. 4) The web challenge involved exploring a quiz website to increment a point total and find the flag.

1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
SECCON2014䜸䞁䝷䜲䞁ண㑅(ⱥㄒ) Write-up(12/6~7㛤ദ) ke1ju䠄team ju䠅
ゎ䛔䛯ၥ㢟 ṇゎ䛷䛝䛯ၥ㢟䛿䛣䛾4ၥ䠄+⦎⩦1ၥ䠅䛷䛧䛯䚹 ᫬஦ၥ㢟䠄䠛䠅䛾䝸䜰඘䜴䜷䝑䝏䛜ゎ䛡䛯䛾䛿Ⰻ䛛䛳䛯䛷䛩䚹 ḟᅇ䛿䝛䝑䝖䝽䞊䜽䛿䜒䛳䛸ゎ䛝䛯䛔䛷䛩䚹 Title Genre Points Welcome to SECCON Start 100 REA-JUU WATCH Web 200 Get the key.txt Forensics 100 Choose the number Program 100 Get the key Network 100
Get the key (Network-100) ୍␒᭱ึ䛻ゎ䛡䛯ၥ㢟䛷䛩䚹 pcap䝣䜯䜲䝹䛾୰㌟䛿 http䛾䝸䜽䜶䝇䝖䛷䛧䛯䚹 http://133.242.224.21:6809/nw100/ Genre Network Points 100 Question text nw100.pcap ㄆド䜢⪺䛛䜜䛶䛔䜛䛾䛷䚸䛭䜜䜒 base64䛷ᡠ䛧䛶䛒䛢䛶䚸 ID/PW䜢 ධᡭ䛧䜎䛩䚹(seccon2014:YourBattleField) ᐇ㝿䛻ID/PW䛷䝃䜲䝖䛻䜰䜽䝉䝇䛧䛶䜏䜛䛸䚸䝕䜱䝺䜽䝖䝸䛾䝸䝇䝖䛜⾲ ♧䛥䜜䚸key.html䛸䛔䛖䝣䜯䜲䝹䛜䛒䜚䜎䛩䚹 䜰䜽䝉䝇䛩䜛䛸 FLAG䛜䛒䜚䜎䛧䛯䚹 SECCON{Basic_NW_Challenge_Done!} 䠄㛤ጞ┤ᚋ䛾SECCON䝃䜲䝖䛾䜰䜽䝉䝇㐜ᘏ䛻䜘䜚䚸ᅇ⟅䛾ධຊ䛻 ᫬㛫䛜䛛䛛䜚䜎䛧䛯䚹䚹䠅
Get the key.txt (Forensics-100) zip䜢ゎ෾ᚋ䚸䝞䜲䝘䝸䜶䝕䜱䝍䛷㛤䛔䛶䜏䜛䛸䚸ఱ䛛䛾䝣䜯䜲䝹䝅䝇䝔䝮䛾䜘䛖䛷䚸䝕䞊䝍䛜䛒䜛㒊ศ䜔䚸 䝣䜯䜲䝹䛾䝸䝇䝖䛜䛒䜛㒊ศ䛜⾲♧䛥䜜䜎䛩䚹 䝣䜯䜲䝹䛿key.txt,key1.txt,key2.txtࠥkey250䛠䜙䛔䜎䛷ከᩘ䛒䜚䜎䛩䚹 䛭䛾ᚋ䛻䛿SECCON{xxxxxxxxx}䛸䛔䛖᝟ሗ䛜ከᩘ䚹 䛖ࠥ䜣䚸䛹䛖䛧䜘䛖䛸ᛮ䛔䛺䛜䜙䚸㐺ᙜ䛻᭱ึ䛸᭱ᚋ䛾್䜢ධ䜜䛶䜏䜛䛸䚸᭱ᚋ䛻䛒䛳䛯䛾䛜ṇゎ䛷䛧䛯䚹 ຊᢏ䛷䝅䝵䞊䝖䜹䝑䝖䚹䚹 # file forensic100 forensic100: Linux rev 1.0 ext2 filesystem data (mounted or unclean) 䝣䜯䜲䝹䛿ext2䛺䛾䛷䚸 䝬䜴䞁䝖䛧䛶ᬑ㏻䛻☜ㄆ䛩䜜䜀 Ⰻ䛛䛳䛯䛷䛩䚹 Genre Forensics Points 100 Question text forensic100.zip
Choose the number (Programming-100) ᣦᐃ䛾䝃䞊䝞䛻᥋⥆䛩䜛䛸」ᩘ䛾 ᩘᏐ䛸The minimun number?䛸䛔䛖ၥ䛔䛛䛡䛜䚹 # nc number.quals.seccon.jp 31337 7, -6 The minimum number? Genre Programming Points 100 Questi on text nc number.quals.seccon.jp 31337 sorry fixed URL ṇ䛧䛔ᩘᏐ䜢㏦ಙ䛧䛶䜏䜛䛸䚸ᩘᏐ䛾ᩘ䛜ቑ䛘䛯ḟ䛾ၥ㢟䛻⥆䛝䜎䛩䚹 perl䛷䝇䜽䝸䝥䝖䜢᭩䛔䛶䛔䛯䛸䛣䜝䚸㉁ၥᩥ䛜ᨵ⾜䛺䛧䛷⤊䜟䛳䛶䛔䜛䛾䛷 1⾜䛤䛸䛻ㄞ䜏㎸䜣䛷䛾ฎ⌮䛰 䛸㉁ၥᩥ䛾ㄞ䜏㎸䜏䛜⤊䜟䜙䛪ⱞᡓ䚹 ⤖ᒁ1ᩥᏐ䛪䛴ㄞ䜏㎸䜐᪉ἲ䛻ኚ䛘䛶䚸ᑐᛂ䛧䜎䛧䛯䚹 䛒䛸䚸᭱ᚋ䛾ᩥᏐ䜢䜻䞊䛻䛧䛶䛔䛯䛾䛷䚸඲ၥ䜽䝸䜰䛧䛯ᚋ䜒ḟ䛾ၥ㢟䜢ᚅ䛳䛶䛧䜎䛔䚸 FLAG䛜⾲♧䛥䜜䛺 䛔䛸䛔䛖ၥ㢟䛜Ⓨ⏕䚹ಟṇ䜒㠃ಽ䛰䛳䛯䛾䛷䚸䝟䜿䝑䝖䜻䝱䝥䝏䝱䛧䛶 FLAG䛿┤᥋㏻ಙ䜢䜏䛶ᅇ⟅䛧䜎䛧 䛯䚹
Choose the number (Programming-100) use IO::Socket; use List::Util qw/max min/; $host = 'number.quals.seccon.jp'; $port = '31337'; $addr = inet_aton($host) || die "host($con_host) not found.n"; $sockaddr = pack_sockaddr_in($port, $addr); socket(SOCKET, PF_INET, SOCK_STREAM, 0) || die "socket error.n"; connect(SOCKET, $sockaddr) || die "connect $con_host $con_port error.n"; SOCKET->autoflush; while (true) { $a=0; $str=""; while ($a ne 'T') { $a = getc(SOCKET); $str=$str.$a; } chop($str); chop($str); @list = split(/, /,$str); $max=max(@list); $min=min(@list); while ($a ne '?') { $a = getc(SOCKET); $str=$str.$a; } $check=index($str,"max"); if ($check >= 0) { print STDOUT "$maxn"; print SOCKET "$maxn"; } else { print STDOUT "$minn"; print SOCKET "$minn"; } } close(SOCKET);
REA-JUU WATCH (Web-200) Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/ URL䛻䜰䜽䝉䝇䛩䜛䛸䝸䜰඘䜴䜷䝑䝏䛸䛔䛖 Web䝃䜲䝖䛻㣕䜃䜎䛩䚹 䛿䛨䜑䛾䝨䞊䝆䛾 Start䜢ᢲ䛩䛸䚸䝻䜾䜲䞁䝨䞊䝆䛜⾲♧䛥䜜䜎䛩䚹 ᪂つ䝴䞊䝄䜢సᡂ䛩䜛䛷䚸䝴䞊䝄䜢స䜛䛸䝻䜾䜲䞁䛷䛝䜎䛩䚹 䝻䜾䜲䞁ᚋ䚸㑅ᢥᘧ䛾㉁ၥ䛜⾲♧䛥䜜䜛䛾䛷䚸㑅ᢥ䛧䛶䛔䛟䛸 6ၥ䜋䛹 䛷⤖ᯝ䛾䝫䜲䞁䝖䛜⾲♧䛥䜜䜎䛩䚹 350䝫䜲䞁䝖䛷䛧䛯䚹 URL䛿䛂http://reajuu.pwn.seccon.jp/quiz/6?co=5&ch=15䛃䛸䛔䛳䛯ᙧ ᘧ䛷䚸䛭䜜䜎䛷䛾㑅ᢥ䛧䛶䛝䛯⤖ᯝ䛸ḟ䛾ၥ㢟䜢ಖᣢ䛧䛶䛔䜛䜘䛖䛷 䛩䚹
REA-JUU WATCH (Web-200) ᭱ᚋ䛾⤖ᯝ䝨䞊䝆䛾䝋䞊䝇䜢ぢ䛶䜏䜛䛸䚸䛣䛾䝨䞊䝆䛰 䛡䚸JSON䛷ูURL䛾䝣䜯䜲䝹䛛䜙᝟ሗ䜢䛸䛳䛶᮶䛶䛔䜎 䛩䚹 ྲྀ䛳䛶䛝䛶䛔䜛᝟ሗ䝨䞊䝆䛻䜰䜽䝉䝇 䛧䛶䜏䜛䛸䛺䜣䛸 point䛰䛡䛷䛺䛟䚸 䝴䞊䝄ྡ䝟䝇䝽䞊䝗䛜୍⥴䛻ධ䛳䛶䜎䛩䚹 Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/ <script> function finishpoint(){ 䚷$.getJSON("/users/chk/14445", null, function(data){ 䚷䚷point = data.point; 䚷䚷$("#finishpoint").text("䛒䛺䛯䛾䝫䜲䞁䝖䛿" + point + "䛷䛩䚹"); 䚷}); } </script> http://reajuu.pwn.seccon.jp//users/chk/14445 䛾୰㌟ {"username":"9rg52828","password":"wtfs8z64","point":350}
REA-JUU WATCH (Web-200) 䝣䜯䜲䝹ྡ䛜␒ྕ䛺䛾䛜Ẽ䛻䛺䛳䛶䚸ᩘᏐ䜢ኚ䛘䛶䜏䜛䛸䚸ㄆド䛺䛟ู䛾䝴䞊䝄ྡ䛸䝟䝇䝽䞊䝗䛸䝫䜲䞁䝖䛜 ⾲♧䛥䜜䜎䛧䛯䟿䝬䜲䝘䝇 10䝫䜲䞁䝖䚹䚹䚹 䛣䜜䛰䛸ᛮ䛳䛶䚸ᩘᏐ䜢 1䛻䛩䜛䛸䚸ព࿡䛾䛒䜛ឤ䛨䛾䝴䞊䝄ྡ䛜䚹 http://reajuu.pwn.seccon.jp//users/chk/1 䛾୰㌟ {"username":"rea-juu","password":"way_t0_f1ag","point":99999} ୍ᗘ䝻䜾䜰䜴䝖䛧䛶䚸䝻䜾䜲䞁䛧䛺䛚䛧䛶䜏䜛䛸ᬑ㏻䛻ၥ㢟䛜ጞ䜎䛳䛶䛧䜎䛔䜎䛧䛯䚹䛖ࠥ䜣䚸䛹䛖䛩䜜䜀䛔䛔 䛾䛛䛺䛸ᛮ䛔䛺䛜䜙㐺ᙜ䛻ᅇ⟅䜢㐍䜑䛶䛔䛟䛸䚹䚹䚹䝫䜲䞁䝖䛜 99999䛾⤖ᯝ䛸୍⥴䛻 FLAG䛜ฟ䛶䛝䜎䛧 䛯䚹 SECCON{REA_JUU_Ji8A_NYAN} 䠄䛒䜜䚸䛭䛖䛔䛘䜀䝃䜲䝖䛜ⱥㄒ䛨䜓䛺䛔䚹䚹䚹䠅 Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/

More Related Content

What's hot (19)

PDF
ZeroMQ Is The Answer: DPC 11 Version
Ian Barber
 
PDF
Report: Avalanche 'very likely' to host outdoor game at Coors Field
fabulouspsychop39
 
PDF
Service intergration
재민 장
 
TXT
C99
sifo12
 
PPTX
London XQuery Meetup: Querying the World (Web Scraping)
Dennis Knochenwefel
 
PPT
Shell and perl scripting classes in mumbai
Vibrant Technologies & Computers
 
PDF
Speeding up Red Team engagements with carnivorall
Nullbyte Security Conference
 
TXT
C99.php
veng33k
 
PDF
CGI.pm - 3ло?!
Anatoly Sharifulin
 
TXT
C99[2]
guest8914af
 
PDF
The Magic Of Tie
brian d foy
 
ZIP
全裸でワンライナー(仮)
Yoshihiro Sugi
 
DOC
Php
Linh Tran
 
PDF
ZeroMQ: Messaging Made Simple
Ian Barber
 
TXT
Yy
yygh
 
TXT
Nouveau document texte
Sai Ef
 
ODP
Maintaining your own branch of Drupal core
drumm
 
PDF
☣ ppencode ♨
Audrey Tang
 
PDF
Parsing JSON with a single regex
brian d foy
 
ZeroMQ Is The Answer: DPC 11 Version
Ian Barber
 
Report: Avalanche 'very likely' to host outdoor game at Coors Field
fabulouspsychop39
 
Service intergration
재민 장
 
C99
sifo12
 
London XQuery Meetup: Querying the World (Web Scraping)
Dennis Knochenwefel
 
Shell and perl scripting classes in mumbai
Vibrant Technologies & Computers
 
Speeding up Red Team engagements with carnivorall
Nullbyte Security Conference
 
C99.php
veng33k
 
CGI.pm - 3ло?!
Anatoly Sharifulin
 
C99[2]
guest8914af
 
The Magic Of Tie
brian d foy
 
全裸でワンライナー(仮)
Yoshihiro Sugi
 
Php
Linh Tran
 
ZeroMQ: Messaging Made Simple
Ian Barber
 
Yy
yygh
 
Nouveau document texte
Sai Ef
 
Maintaining your own branch of Drupal core
drumm
 
☣ ppencode ♨
Audrey Tang
 
Parsing JSON with a single regex
brian d foy
 

201412 seccon2014 オンライン予選(英語) write-up

  • 2. ゎ䛔䛯ၥ㢟 ṇゎ䛷䛝䛯ၥ㢟䛿䛣䛾4ၥ䠄+⦎⩦1ၥ䠅䛷䛧䛯䚹 ᫬஦ၥ㢟䠄䠛䠅䛾䝸䜰඘䜴䜷䝑䝏䛜ゎ䛡䛯䛾䛿Ⰻ䛛䛳䛯䛷䛩䚹 ḟᅇ䛿䝛䝑䝖䝽䞊䜽䛿䜒䛳䛸ゎ䛝䛯䛔䛷䛩䚹 Title Genre Points Welcome to SECCON Start 100 REA-JUU WATCH Web 200 Get the key.txt Forensics 100 Choose the number Program 100 Get the key Network 100
  • 3. Get the key (Network-100) ୍␒᭱ึ䛻ゎ䛡䛯ၥ㢟䛷䛩䚹 pcap䝣䜯䜲䝹䛾୰㌟䛿 http䛾䝸䜽䜶䝇䝖䛷䛧䛯䚹 http://133.242.224.21:6809/nw100/ Genre Network Points 100 Question text nw100.pcap ㄆド䜢⪺䛛䜜䛶䛔䜛䛾䛷䚸䛭䜜䜒 base64䛷ᡠ䛧䛶䛒䛢䛶䚸 ID/PW䜢 ධᡭ䛧䜎䛩䚹(seccon2014:YourBattleField) ᐇ㝿䛻ID/PW䛷䝃䜲䝖䛻䜰䜽䝉䝇䛧䛶䜏䜛䛸䚸䝕䜱䝺䜽䝖䝸䛾䝸䝇䝖䛜⾲ ♧䛥䜜䚸key.html䛸䛔䛖䝣䜯䜲䝹䛜䛒䜚䜎䛩䚹 䜰䜽䝉䝇䛩䜛䛸 FLAG䛜䛒䜚䜎䛧䛯䚹 SECCON{Basic_NW_Challenge_Done!} 䠄㛤ጞ┤ᚋ䛾SECCON䝃䜲䝖䛾䜰䜽䝉䝇㐜ᘏ䛻䜘䜚䚸ᅇ⟅䛾ධຊ䛻 ᫬㛫䛜䛛䛛䜚䜎䛧䛯䚹䚹䠅
  • 4. Get the key.txt (Forensics-100) zip䜢ゎ෾ᚋ䚸䝞䜲䝘䝸䜶䝕䜱䝍䛷㛤䛔䛶䜏䜛䛸䚸ఱ䛛䛾䝣䜯䜲䝹䝅䝇䝔䝮䛾䜘䛖䛷䚸䝕䞊䝍䛜䛒䜛㒊ศ䜔䚸 䝣䜯䜲䝹䛾䝸䝇䝖䛜䛒䜛㒊ศ䛜⾲♧䛥䜜䜎䛩䚹 䝣䜯䜲䝹䛿key.txt,key1.txt,key2.txtࠥkey250䛠䜙䛔䜎䛷ከᩘ䛒䜚䜎䛩䚹 䛭䛾ᚋ䛻䛿SECCON{xxxxxxxxx}䛸䛔䛖᝟ሗ䛜ከᩘ䚹 䛖ࠥ䜣䚸䛹䛖䛧䜘䛖䛸ᛮ䛔䛺䛜䜙䚸㐺ᙜ䛻᭱ึ䛸᭱ᚋ䛾್䜢ධ䜜䛶䜏䜛䛸䚸᭱ᚋ䛻䛒䛳䛯䛾䛜ṇゎ䛷䛧䛯䚹 ຊᢏ䛷䝅䝵䞊䝖䜹䝑䝖䚹䚹 # file forensic100 forensic100: Linux rev 1.0 ext2 filesystem data (mounted or unclean) 䝣䜯䜲䝹䛿ext2䛺䛾䛷䚸 䝬䜴䞁䝖䛧䛶ᬑ㏻䛻☜ㄆ䛩䜜䜀 Ⰻ䛛䛳䛯䛷䛩䚹 Genre Forensics Points 100 Question text forensic100.zip
  • 5. Choose the number (Programming-100) ᣦᐃ䛾䝃䞊䝞䛻᥋⥆䛩䜛䛸」ᩘ䛾 ᩘᏐ䛸The minimun number?䛸䛔䛖ၥ䛔䛛䛡䛜䚹 # nc number.quals.seccon.jp 31337 7, -6 The minimum number? Genre Programming Points 100 Questi on text nc number.quals.seccon.jp 31337 sorry fixed URL ṇ䛧䛔ᩘᏐ䜢㏦ಙ䛧䛶䜏䜛䛸䚸ᩘᏐ䛾ᩘ䛜ቑ䛘䛯ḟ䛾ၥ㢟䛻⥆䛝䜎䛩䚹 perl䛷䝇䜽䝸䝥䝖䜢᭩䛔䛶䛔䛯䛸䛣䜝䚸㉁ၥᩥ䛜ᨵ⾜䛺䛧䛷⤊䜟䛳䛶䛔䜛䛾䛷 1⾜䛤䛸䛻ㄞ䜏㎸䜣䛷䛾ฎ⌮䛰 䛸㉁ၥᩥ䛾ㄞ䜏㎸䜏䛜⤊䜟䜙䛪ⱞᡓ䚹 ⤖ᒁ1ᩥᏐ䛪䛴ㄞ䜏㎸䜐᪉ἲ䛻ኚ䛘䛶䚸ᑐᛂ䛧䜎䛧䛯䚹 䛒䛸䚸᭱ᚋ䛾ᩥᏐ䜢䜻䞊䛻䛧䛶䛔䛯䛾䛷䚸඲ၥ䜽䝸䜰䛧䛯ᚋ䜒ḟ䛾ၥ㢟䜢ᚅ䛳䛶䛧䜎䛔䚸 FLAG䛜⾲♧䛥䜜䛺 䛔䛸䛔䛖ၥ㢟䛜Ⓨ⏕䚹ಟṇ䜒㠃ಽ䛰䛳䛯䛾䛷䚸䝟䜿䝑䝖䜻䝱䝥䝏䝱䛧䛶 FLAG䛿┤᥋㏻ಙ䜢䜏䛶ᅇ⟅䛧䜎䛧 䛯䚹
  • 6. Choose the number (Programming-100) use IO::Socket; use List::Util qw/max min/; $host = 'number.quals.seccon.jp'; $port = '31337'; $addr = inet_aton($host) || die "host($con_host) not found.n"; $sockaddr = pack_sockaddr_in($port, $addr); socket(SOCKET, PF_INET, SOCK_STREAM, 0) || die "socket error.n"; connect(SOCKET, $sockaddr) || die "connect $con_host $con_port error.n"; SOCKET->autoflush; while (true) { $a=0; $str=""; while ($a ne 'T') { $a = getc(SOCKET); $str=$str.$a; } chop($str); chop($str); @list = split(/, /,$str); $max=max(@list); $min=min(@list); while ($a ne '?') { $a = getc(SOCKET); $str=$str.$a; } $check=index($str,"max"); if ($check >= 0) { print STDOUT "$maxn"; print SOCKET "$maxn"; } else { print STDOUT "$minn"; print SOCKET "$minn"; } } close(SOCKET);
  • 7. REA-JUU WATCH (Web-200) Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/ URL䛻䜰䜽䝉䝇䛩䜛䛸䝸䜰඘䜴䜷䝑䝏䛸䛔䛖 Web䝃䜲䝖䛻㣕䜃䜎䛩䚹 䛿䛨䜑䛾䝨䞊䝆䛾 Start䜢ᢲ䛩䛸䚸䝻䜾䜲䞁䝨䞊䝆䛜⾲♧䛥䜜䜎䛩䚹 ᪂つ䝴䞊䝄䜢సᡂ䛩䜛䛷䚸䝴䞊䝄䜢స䜛䛸䝻䜾䜲䞁䛷䛝䜎䛩䚹 䝻䜾䜲䞁ᚋ䚸㑅ᢥᘧ䛾㉁ၥ䛜⾲♧䛥䜜䜛䛾䛷䚸㑅ᢥ䛧䛶䛔䛟䛸 6ၥ䜋䛹 䛷⤖ᯝ䛾䝫䜲䞁䝖䛜⾲♧䛥䜜䜎䛩䚹 350䝫䜲䞁䝖䛷䛧䛯䚹 URL䛿䛂http://reajuu.pwn.seccon.jp/quiz/6?co=5&ch=15䛃䛸䛔䛳䛯ᙧ ᘧ䛷䚸䛭䜜䜎䛷䛾㑅ᢥ䛧䛶䛝䛯⤖ᯝ䛸ḟ䛾ၥ㢟䜢ಖᣢ䛧䛶䛔䜛䜘䛖䛷 䛩䚹
  • 8. REA-JUU WATCH (Web-200) ᭱ᚋ䛾⤖ᯝ䝨䞊䝆䛾䝋䞊䝇䜢ぢ䛶䜏䜛䛸䚸䛣䛾䝨䞊䝆䛰 䛡䚸JSON䛷ูURL䛾䝣䜯䜲䝹䛛䜙᝟ሗ䜢䛸䛳䛶᮶䛶䛔䜎 䛩䚹 ྲྀ䛳䛶䛝䛶䛔䜛᝟ሗ䝨䞊䝆䛻䜰䜽䝉䝇 䛧䛶䜏䜛䛸䛺䜣䛸 point䛰䛡䛷䛺䛟䚸 䝴䞊䝄ྡ䝟䝇䝽䞊䝗䛜୍⥴䛻ධ䛳䛶䜎䛩䚹 Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/ <script> function finishpoint(){ 䚷$.getJSON("/users/chk/14445", null, function(data){ 䚷䚷point = data.point; 䚷䚷$("#finishpoint").text("䛒䛺䛯䛾䝫䜲䞁䝖䛿" + point + "䛷䛩䚹"); 䚷}); } </script> http://reajuu.pwn.seccon.jp//users/chk/14445 䛾୰㌟ {"username":"9rg52828","password":"wtfs8z64","point":350}
  • 9. REA-JUU WATCH (Web-200) 䝣䜯䜲䝹ྡ䛜␒ྕ䛺䛾䛜Ẽ䛻䛺䛳䛶䚸ᩘᏐ䜢ኚ䛘䛶䜏䜛䛸䚸ㄆド䛺䛟ู䛾䝴䞊䝄ྡ䛸䝟䝇䝽䞊䝗䛸䝫䜲䞁䝖䛜 ⾲♧䛥䜜䜎䛧䛯䟿䝬䜲䝘䝇 10䝫䜲䞁䝖䚹䚹䚹 䛣䜜䛰䛸ᛮ䛳䛶䚸ᩘᏐ䜢 1䛻䛩䜛䛸䚸ព࿡䛾䛒䜛ឤ䛨䛾䝴䞊䝄ྡ䛜䚹 http://reajuu.pwn.seccon.jp//users/chk/1 䛾୰㌟ {"username":"rea-juu","password":"way_t0_f1ag","point":99999} ୍ᗘ䝻䜾䜰䜴䝖䛧䛶䚸䝻䜾䜲䞁䛧䛺䛚䛧䛶䜏䜛䛸ᬑ㏻䛻ၥ㢟䛜ጞ䜎䛳䛶䛧䜎䛔䜎䛧䛯䚹䛖ࠥ䜣䚸䛹䛖䛩䜜䜀䛔䛔 䛾䛛䛺䛸ᛮ䛔䛺䛜䜙㐺ᙜ䛻ᅇ⟅䜢㐍䜑䛶䛔䛟䛸䚹䚹䚹䝫䜲䞁䝖䛜 99999䛾⤖ᯝ䛸୍⥴䛻 FLAG䛜ฟ䛶䛝䜎䛧 䛯䚹 SECCON{REA_JUU_Ji8A_NYAN} 䠄䛒䜜䚸䛭䛖䛔䛘䜀䝃䜲䝖䛜ⱥㄒ䛨䜓䛺䛔䚹䚹䚹䠅 Genre Web Points 200 Question text http://reajuu.pwn.seccon.jp/