CTF 101：從入門到放棄

409262061 資工三乙鄭帆修

409262176 資工三乙林后緯

409262449 資工三乙吳家萱

from begin to give up

Outline

CTF Intro
Website Layout
- Flow Chart
- Live Demo
Details & Exception Handling
Conclusions
- Future Work

CTF Intro

Capture The Flag

Jeopardy

King of the Hill

Attack & Defense

Jeopardy

Reverse

Web

Pwn

Forensic

Misc

Crypto

Flag

Flag General Format

< CTF name >{ ... }

Leet

```
Fu_Jen_Catholic_University
```
```
fU_Jen_C@7H01Ic_un1VEr51Ty
```

```
FJCU{fU_Jen_C@7H01Ic_un1VEr51Ty}
```

CTF Platform

CTFd framework (GitHub、ctfd.io)

picoCTF (Website)

Website Layout

Home.aspx

Challenge.aspx

Live Demo

Home

Login / Register

Challenge

Playground

More Details &

Exception Handling

Login / Register

(以防萬一) 註冊失敗

登入失敗 (帳密錯誤...等)

未註冊

註冊成功

Submit

收到空白輸入

收到正確答案

輸入長度 < Flag 格式

同一個 Flag 重複繳交

SQL Injection

萬能鑰匙，屢試不爽

'OR 1=1--

SQL Injection

'OR 1=1--

SQL Injection

Parameterized Query

序列化查詢

SQL Injection

Text Box
- Base64 ~~Encryption~~ Encode
  - ```
  NISRA{IK1nd4Lik3y0U}
```
- ```
TklTUkF7SUsxbmQ0TGlrM3kwVX0=
```
- SqlCommand with SqlParameter
  - stack overflow Questions
  - iThelp series

Never take anything for granted ''

Conclusions

Techs

Visual Studio 2019
ASP.NET
- HTML 5、CSS 3、JavaScript
- Microsoft SQL Server
- C#
- jQuery

Future Work

UI / UX
- Bootstrap
  - em、RWD
- GUI
  - Problem update / insert
Scoreboard
Exploit patches

BT: Trust me

Yes, but actually NO.

web presentation

By lavi0724

web presentation

287

lavi0724