writeup 링크

https://g0pher.kr/Power-Of-XX-2020-Kiban64-writeup-27110c7354e147faaa23f7afd70cd269

 

POC

let strings = "ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz";
strings += "0123456789_-$^{}";
let table = {};

function get_table() {
    /*
     * 조작된 인코딩 테이블을 구하는 함수.
     */
    var text = '';
    for (var i=0; i < 1000; i ++) {
        text += strings[Math.floor(Math.random() * strings.length)];
    }
    var b64text = btoa(text).replace(/\=/g, '');
    return new Promise(function(resolve) {
        fetch('/encode/'+text).then(r => r.json()).then(function(resp){
            if (resp.result.length == b64text.length) {
                resp.result.split('').forEach(function(c, i) {
                    table[c] = b64text[i];
                });
            }
            resolve(text);
        });
    });
}

function kiban2base() {
    /*
     * 조작된 인코딩 테이블을 기반으로
     * 패턴 데이터를 base64 인코딩 데이터로 변환하는 함수.
     */
    return new Promise(function(resolve) {
        fetch('/pattern').then(r=>r.json()).then(function(resp) {
            timeline = Object.keys(resp).sort();
            data = timeline.map(t => table[resp[t]]).join('');
            resolve(data);
        });
    });
}

get_table().then(kiban2base).then(atob).then(console.log);

'CTF' 카테고리의 다른 글

POX 2020 CTF - VaccineWeb Write Up  (0) 2020.12.14
POX 2020 CTF - Mobile Pentest Write Up  (0) 2020.11.23
Power of XX 2020 Write up  (0) 2020.11.21
DownUnderCTF - Is this pwn or web? write-up  (0) 2020.09.28

+ Recent posts

티스토리툴바