CTF 101:從入門到放棄
409262061 資工三乙 鄭帆修
409262176 資工三乙 林后緯
409262449 資工三乙 吳家萱
from begin to give up
Outline
- CTF Intro
- Website Layout
- Flow Chart
- Live Demo
- Details & Exception Handling
- Conclusions
- Future Work
CTF Intro
Capture The Flag
Jeopardy
King of the Hill
Attack & Defense
Jeopardy
Reverse
Web
Pwn
Forensic
Misc
Crypto
Flag
- Flag General Format
- < CTF name >{ ... }
-
Leet
-
Fu_Jen_Catholic_University -
fU_Jen_C@7H01Ic_un1VEr51Ty
-
-
FJCU{fU_Jen_C@7H01Ic_un1VEr51Ty}
CTF Platform
picoCTF (Website)
Website Layout
Home.aspx
Challenge.aspx
Live Demo
Home
Login / Register
Challenge
Playground
More Details &
Exception Handling
Login / Register
(以防萬一) 註冊失敗
登入失敗 (帳密錯誤...等)
未註冊
註冊成功
Submit
收到空白輸入
收到正確答案
輸入長度 < Flag 格式
同一個 Flag 重複繳交
SQL Injection
萬能鑰匙,屢試不爽
'OR 1=1--
SQL Injection
'OR 1=1--
SQL Injection
Parameterized Query
序列化查詢
SQL Injection
- Text Box
- Base64
EncryptionEncode-
NISRA{IK1nd4Lik3y0U} -
TklTUkF7SUsxbmQ0TGlrM3kwVX0=
-
-
SqlCommand with SqlParameter
- Base64
Never take anything for granted ''
Conclusions
Techs
- Visual Studio 2019
- ASP.NET
- HTML 5、CSS 3、JavaScript
- Microsoft SQL Server
- C#
- jQuery
Future Work
- UI / UX
- Bootstrap
- em、RWD
- GUI
- Problem update / insert
- Bootstrap
- Scoreboard
- Exploit patches
BT: Trust me
Yes, but actually NO.