å‰å›ž ã¯ã€picoCTF ã® picoCTF 2024 ã®ã†ã¡ã€General Skills ã‚’ã‚„ã£ã¦ã¿ã¾ã—ãŸã€‚å…¨10å•ã‚’全部解ã‘ã¾ã—ãŸã€‚
今回ã¯ã€å¼•ã続ãã€picoCTF ã® picoCTF 2024 ã®ã†ã¡ã€Web Exploitation ã¨ã„ã†ã‚«ãƒ†ã‚´ãƒªã®å…¨6å•ã‚’ã‚„ã£ã¦ã„ããŸã„ã¨æ€ã„ã¾ã™ã€‚Medium ㌠1å•ã€Hard ㌠1å•ã§ã™ã€‚
ãã‚Œã§ã¯ã€ã‚„ã£ã¦ã„ãã¾ã™ã€‚
ã¯ã˜ã‚ã«
「セã‚ュリティã€ã®è¨˜äº‹ä¸€è¦§ã§ã™ã€‚良ã‹ã£ãŸã‚‰å‚考ã«ã—ã¦ãã ã•ã„。
ã‚»ã‚ュリティã®è¨˜äº‹ä¸€è¦§
picoCTF ã®å…¬å¼ã‚µã‚¤ãƒˆã¯ä»¥ä¸‹ã§ã™ã€‚英語ã®ã‚µã‚¤ãƒˆã§ã™ãŒã€ã‚·ãƒ³ãƒ—ルã§åˆ†ã‹ã‚Šã‚„ã™ã„ã®ã§å›°ã‚‰ãšã«é€²ã‚ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚
picoctf.com
ãã‚Œã§ã¯ã€ã‚„ã£ã¦ã„ãã¾ã™ã€‚
picoCTF 2024:Web Exploitation
ãƒã‚¤ãƒ³ãƒˆã®ä½Žã„é †ã«ã‚„ã£ã¦ã„ãã¾ã™ã€‚
Bookmarklet(50ãƒã‚¤ãƒ³ãƒˆï¼‰
Easy ã®å•é¡Œã§ã™ã€‚サーãƒï¼ˆã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ï¼‰ã‚’èµ·å‹•ã™ã‚‹ã¨ã“ã‚ã‹ã‚‰å§‹ã¾ã‚‹ã‚ˆã†ã§ã™ã€‚
Bookmarkletå•é¡Œ
サーãƒã‚’èµ·å‹•ã™ã‚‹ã¨ã€1ã¤ã®ãƒªãƒ³ã‚¯ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚クリックã™ã‚‹ã¨ã€WebページãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚ãã“ã«ã¯ã€ãƒ–ックマークレットãŒã‚ã‚Šã¾ã™ã€‚ãれを Chrome ã«ç™»éŒ²ã—ã¦ã€ç™»éŒ²ã—ãŸãƒ–ックマークレットを実行ã™ã‚‹ã¨ãƒ•ãƒ©ã‚°ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚
一応ã€ãƒ–ックマークレットã®æ‰‹é †ã ã‘書ã„ã¦ãŠãã¾ã™ã€‚Ctrl+Shift+B を押ã—ã¦ã€ãƒ–ックマークãƒãƒ¼ã‚’表示ã—ã¾ã™ã€‚ブックマークãƒãƒ¼ã®ç©ºã„ã¦ã‚‹ã¨ã“ã‚ã‚’å³ã‚¯ãƒªãƒƒã‚¯ã—ã¦ã€ã€Œãƒšãƒ¼ã‚¸ã‚’è¿½åŠ ...ã€ã‚’クリックã—ã¾ã™ã€‚URL ã®ã¨ã“ã‚ã«ã€ãƒ–ックマークレットã®ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ï¼ˆJavaScript)を貼り付ã‘ã¦ã€ä¿å˜ã‚’クリックã™ã‚‹ã¨ã€ãƒ–ックマークレットã®å®Œæˆã§ã™ã€‚ã‚ã¨ã¯ã€ãƒ–ックマークを表示ã™ã‚‹ã®ã¨åŒã˜ã‚ˆã†ã«ã€ç™»éŒ²ã—ãŸãƒ–ックマークレットをクリックã™ã‚‹ã ã‘ã§ã™ã€‚
WebDecode(50ãƒã‚¤ãƒ³ãƒˆï¼‰
Easy ã®å•é¡Œã§ã™ã€‚サーãƒï¼ˆã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ï¼‰ã‚’èµ·å‹•ã™ã‚‹ã¨ã“ã‚ã‹ã‚‰å§‹ã¾ã‚‹ã‚ˆã†ã§ã™ã€‚
WebDecodeå•é¡Œ
サーãƒã‚’èµ·å‹•ã™ã‚‹ã¨ã€1ã¤ã®ãƒªãƒ³ã‚¯ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚クリックã™ã‚‹ã¨ã€WebページãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚Webインスペクターを知ã£ã¦ã‚‹ã‹ï¼Ÿã¨è¨€ã‚ã‚Œã¦ã¾ã™ã€‚デベãƒãƒƒãƒ‘ーツールã®ã“ã¨ã§ã—ょã†ã‹ï¼ŸWebインスペクターを調ã¹ã¦ã¿ã‚‹ã¨ã€ã‚„ã¯ã‚Šã€ãƒ‡ãƒ™ãƒãƒƒãƒ‘ーツールã®ã“ã¨ã®ã‚ˆã†ã§ã™ã€‚
ã¨ã‚Šã‚ãˆãšã€è¡¨ç¤ºã•ã‚ŒãŸãƒšãƒ¼ã‚¸ã®ã‚½ãƒ¼ã‚¹ã‚’見ã¦ã¿ã¾ã™ã€‚特ã«å¤‰ãªã¨ã“ã‚ã¯ãªã„よã†ã§ã™ã€‚最åˆã«è¡¨ç¤ºã•ã‚ŒãŸã®ãŒ HOME ã§ã€ãれ以外ã«ã€ABOUT 㨠CONTACT ã®åˆ¥ã®ãƒšãƒ¼ã‚¸ãŒã‚ã‚Šã¾ã™ãŒã€ä¸¡æ–¹ã¨ã‚‚表示ã—ã¦ã€ã‚½ãƒ¼ã‚¹ã®å†…容を確èªã—ã¾ã—ãŸã€‚
ABOUT ã«ã¯ã€å¤§ãã「Try inspecting the page!! You might find it thereã€ã¨æ›¸ã‹ã‚Œã¦ã„ã¾ã™ã€‚ã“ã®ãƒšãƒ¼ã‚¸ã§ã—ょã†ã‹ã€‚ソースを見るã¨ã€æ€ªã—ã„æ–‡å—列(notify_true="cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfZGYwZGE3Mjd9")ãŒæ›¸ã‹ã‚Œã¦ã„ã¾ã™ã€‚Base64ã§ã—ょã†ã‹ï¼Ÿ
ã‚„ã£ã¦ã¿ã¾ã™ã€‚フラグ出ã¾ã—ãŸã€‚
$ echo -n "cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfZGYwZGE3Mjd9" | base64 -d
picoCTF{web_succ3ssfully_d3c0ded_df0da727}
IntroToBurp(100ãƒã‚¤ãƒ³ãƒˆï¼‰
Easy ã®å•é¡Œã§ã™ã€‚サーãƒï¼ˆã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ï¼‰ã‚’èµ·å‹•ã™ã‚‹ã¨ã“ã‚ã‹ã‚‰å§‹ã¾ã‚‹ã‚ˆã†ã§ã™ã€‚
IntroToBurpå•é¡Œ
サーãƒã‚’èµ·å‹•ã™ã‚‹ã¨ã€1ã¤ã®ãƒªãƒ³ã‚¯ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚タイトルã«ã‚ã‚‹ã®ã§ã€BurpSuite ã§ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã¿ã¾ã™ã€‚
Registerç”»é¢ã§ã€Full Nameã€Usernameã€Phone Numberã€Cityã€Password を入力ã—ã¾ã™ã€‚ãã®å¾Œã€2fa authenticationç”»é¢ã«ãªã‚Šã€Enter OTP を入力ã—ã¾ã™ã€‚
2FA ã¨ã¯ã€2è¦ç´ èªè¨¼ã®ã“ã¨ã§ã€ãƒ‘スワード以外ã«ã€ã‚‚ã†1ã¤ã®è¦ç´ ã§èªè¨¼ã™ã‚‹ã“ã¨ã®ã‚ˆã†ã§ã™ã€‚例ãˆã°ã€OTP ã§ã‚ã‚Œã°ã€SMS ã§ç¢ºèªã‚³ãƒ¼ãƒ‰ãŒé€ã‚‰ã‚Œã¦ãã¦ã€ãれを入力ã™ã‚‹ã‚ˆã†ãªã‚‚ã®ã§ã™ã€‚
OTP ã«é©å½“ãªæ–‡å—列を入れã¦ã‚‚ã€Invalid OTP ãŒè¿”ã£ã¦ãã‚‹ã ã‘ã§ã™ã€‚
BurpSuite ã§ã€HTTP ã®é€šä¿¡å†…容を見ã¦ã„ã¾ã™ãŒã€ã“ã‚Œã¨è¨€ã£ã¦å¤‰ãªã¨ã“ã‚ã¯ã‚ã‚Šã¾ã›ã‚“ã®ã§ã€æ”¹å¤‰ã—ã¦ã„ãã¾ã™ã€‚ã¾ãšã¯ã€ã‚¨ãƒ©ãƒ¼ãŒå‡ºã¦ã‚‹åŽŸå› ã«ãªã£ã¦ã‚‹ã€Œotp=xxxã€ã‚’ã€BurpSuite ã§å‰Šé™¤ã—ã¦é€ã‚‰ãªã„よã†ã«ã—ã¾ã™ã€‚ã‚ã€ãƒ•ãƒ©ã‚°ãŒè¡¨ç¤ºã•ã‚Œã¾ã—ãŸã€‚
Unminify(100ãƒã‚¤ãƒ³ãƒˆï¼‰
Easy ã®å•é¡Œã§ã™ã€‚サーãƒï¼ˆã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ï¼‰ã‚’èµ·å‹•ã™ã‚‹ã¨ã“ã‚ã‹ã‚‰å§‹ã¾ã‚‹ã‚ˆã†ã§ã™ã€‚
Unminifyå•é¡Œ
サーãƒã‚’èµ·å‹•ã™ã‚‹ã¨ã€1ã¤ã®ãƒªãƒ³ã‚¯ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚アクセスã—ã¦ã¿ã¾ã™ã€‚フラグã¯æ—¢ã«å—ä¿¡ã—ã¦ã‚‹ã€ã¨ã„ã†ã‚ˆã†ãªãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚ソースコードを見ã¦ã¿ã¾ã™ã€‚1è¡Œã«åœ§ç¸®ã•ã‚Œã¦ã¾ã™ã€‚
VSCode ã§ã€ã‚½ãƒ¼ã‚¹ã‚’æ•´å½¢ã—ã¾ã™ã€‚フラグãŒã‚ã‚Šã¾ã—ãŸã€‚
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<title>picoCTF - picoGym | Unminify Challenge</title>
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<style>
body {
font-family: "Lucida Console", Monaco, monospace;
}
h1,
p {
color: #000;
}
</style>
</head>
<body class="picoctf{}" style="margin: 0">
<div
class="picoctf{}"
style="
margin: 0;
padding: 0;
background-color: #757575;
display: auto;
height: 40%;
"
>
<a class="picoctf{}" href="/"
><img
src="picoctf-logo-horizontal-white.svg"
alt="picoCTF logo"
style="
display: inline-block;
width: 160px;
height: 90px;
padding-left: 30px;
"
/></a>
</div>
<center>
<br class="picoctf{}" /><br class="picoctf{}" />
<div
class="picoctf{}"
style="
padding-top: 30px;
border-radius: 3%;
box-shadow: 0 5px 10px #0000004d;
width: 50%;
align-self: center;
"
>
<img
class="picoctf{}"
src="hero.svg"
alt="flag art"
style="width: 150px; height: 150px"
/>
<div class="picoctf{}" style="width: 85%">
<h2 class="picoctf{}">Welcome to my flag distribution website!</h2>
<div class="picoctf{}" style="width: 70%">
<p class="picoctf{}">
If you're reading this, your browser has succesfully received the
flag.
</p>
<p class="picoCTF{pr3tty_c0d3_622b2c88}"></p>
<p class="picoctf{}">
I just deliver flags, I don't know how to read them...
</p>
</div>
</div>
<br class="picoctf{}" />
</div>
</center>
</body>
</html>
No Sql Injection(200ãƒã‚¤ãƒ³ãƒˆï¼‰
メンテナンスä¸ã§å‡ºæ¥ã¾ã›ã‚“ã§ã—ãŸã€‚
Trickster(300ãƒã‚¤ãƒ³ãƒˆï¼‰
Medium ã®å•é¡Œã§ã™ã€‚サーãƒï¼ˆã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ï¼‰ã‚’èµ·å‹•ã™ã‚‹ã¨ã“ã‚ã‹ã‚‰å§‹ã¾ã‚‹ã‚ˆã†ã§ã™ã€‚
Tricksterå•é¡Œ
サーãƒã‚’èµ·å‹•ã™ã‚‹ã¨ã€ãƒªãƒ³ã‚¯ãŒ 1ã¤è¡¨ç¤ºã•ã‚Œã‚‹ã®ã§ã€ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã¿ã¾ã™ã€‚
ファイルをアップãƒãƒ¼ãƒ‰ã§ãるよã†ã§ã™ã€‚é©å½“㪠PNGç”»åƒã‚’é¸æŠžã—ã¦ã€Upload File ボタンを押ã—ã¾ã™ã€‚ã™ã‚‹ã¨ã€File uploaded successfully and is a valid PNG file. We shall process it and get back to you... Hopefully ã¨ã€æ£å¸¸çµ‚了ã—ãŸã‚ˆã†ã§ã™ã€‚
æ‹¡å¼µå㌠PNGç”»åƒãªã‚‰ã„ã„ã¨ã„ã†ã“ã¨ãªã®ã§ã€é©å½“ãªã‚·ã‚§ãƒ«ã‚¹ã‚¯ãƒªãƒ—トを拡張åã ã‘ã€PNG ã«ã—ã¦ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—ã¦ã¿ã¾ã™ã€‚
DATE=`date '+%Y/%m/%d %H:%M:%S'`
echo ${DATE} "start"
アップãƒãƒ¼ãƒ‰ã—ã¦ã¿ã¾ã™ã€‚ã™ã‚‹ã¨ã€Error: The file is not a valid PNG image: 23212f62 ã¨è¨€ã‚ã‚Œã¾ã—ãŸã€‚23212f62(#!/b) ã¯ã€ãƒã‚¤ãƒŠãƒªã®å…ˆé ã® 4byte ã ã¨æ€ã„ã¾ã™ã€‚PNGç”»åƒã®å…ˆé 4byte(89 50 4E 47)をãƒã‚§ãƒƒã‚¯ã—ã¦ã„ã‚‹ã¨ã„ã†ã“ã¨ã ã¨æ€ã„ã¾ã™ã€‚
ãã“ã•ãˆå¾“ãˆã°ã€ãªã‚“ã¨ã§ã‚‚出æ¥ã‚‹ã¨ã„ã†ã“ã¨ã ã¨æ€ã„ã¾ã™ã€‚ã¾ãšã€å…ˆã»ã©ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—㟠PNGç”»åƒï¼ˆread.png)ãŒè¡¨ç¤ºã§ãã‚‹ã‹ã‚’確èªã—ã¾ã™ã€‚image/real.pngã€img/real.pngã€gif/real.pngã€upload/real.png ãªã©ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’試ã—ã¾ã—ãŸãŒã€ãƒ’ットã—ã¾ã›ã‚“。
ã†ãƒ¼ã‚“ã€ã‚®ãƒ–アップã§ã™ã€‚writeup を見ã¦ã¿ã¾ã™ã€‚
robots.txt ã«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®å ´æ‰€ãŒæ›¸ã‹ã‚Œã¦ã‚‹ãã†ã§ã™ã€‚ãã†ã ã£ãŸã€Webå•é¡Œã¯ã€ã¨ã«ã‹ãã€robots.txt を見ã¦ã¿ã‚‹ã®ãŒå®šçŸ³ã¨ã•ã‚Œã¦ã¾ã—ãŸã€‚ã¡ãªã¿ã«ä»¥ä¸‹ãŒ robots.txt ã§ã™ã€‚/uploads/real.png を見るã¨ã€ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—ãŸç”»åƒãŒç¢ºèªã§ãã¾ã—ãŸã€‚
User-agent: *
Disallow: /instructions.txt
Disallow: /uploads/
instructions.txt も見ã¦ã¿ã¾ã™ã€‚å…ˆé ã® 0x89 ã¯ãƒã‚§ãƒƒã‚¯ã—ã¦ãªã„よã†ã§ã™ã€‚ãªã®ã§ã€æœ€åˆã®æ–¹ã« PNG ã¨æ›¸ã‹ã‚Œã¦ã„ã‚Œã°ã„ã„よã†ã§ã™ã€‚
Let's create a web app for PNG Images processing.
It needs to:
Allow users to upload PNG images
look for ".png" extension in the submitted files
make sure the magic bytes match (not sure what this is exactly but wikipedia says that the first few bytes contain 'PNG' in hexadecimal: "50 4E 47" )
after validation, store the uploaded files so that the admin can retrieve them later and do the necessary processing.
ã‚ã¨ã¯ã€.png ã¨ã„ã†åå‰ã‚’å«ã‚€ php ファイルを作ã£ã¦ã€ãã“ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚Œã°ã„ã„ã¨ã„ã†ã“ã¨ã§ã™ã€‚以下ã®å†…容ã§ã€xxx.png.php ã¨ã„ã†ãƒ•ã‚¡ã‚¤ãƒ«ã‚’アップãƒãƒ¼ãƒ‰ã§ãã¾ã—ãŸã€‚
PNG
<?php
phpinfo();
exec('find ../ -type f', $find);
print_r($find);
?>
uploads/xxx.png.php ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ã€phpinfo ã®æƒ…å ±ãŒå‡ºåŠ›ã•ã‚ŒãŸå¾Œã€ä»¥ä¸‹ãŒå‡ºåŠ›ã•ã‚Œã¦ã¾ã—ãŸï¼ˆåˆ†ã‹ã‚Šã‚„ã™ã„よã†ã«æ”¹è¡Œã—ã¦ã„ã¾ã™ï¼‰ã€‚上㮠2ã¤ã¯ç§ãŒã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—ãŸãƒ•ã‚¡ã‚¤ãƒ«ã§ã€ä¸‹ã® 2ã¤ã¯å…ˆã»ã©è¦‹ã¾ã—ãŸã€‚index.php ã¯ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ç”»é¢ã ã¨æ€ã†ã®ã§ã€GAZWIMLEGU2DQ.txt ãŒæ€ªã—ã„ã§ã™ã€‚
Array (
[0] => ../uploads/real.png
[1] => ../uploads/xxx.png.php
[2] => ../GAZWIMLEGU2DQ.txt
[3] => ../index.php
[4] => ../instructions.txt
[5] => ../robots.txt )
ã§ã¯ã€GAZWIMLEGU2DQ.txt ã«ãƒ–ラウザã§ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã¿ã¾ã™ã€‚/* picoCTF{c3rt!fi3d_Xp3rt_tr1ckst3r_03d1d548} */ ãŒè¡¨ç¤ºã•ã‚Œã¾ã—ãŸã€‚
elements(500ãƒã‚¤ãƒ³ãƒˆï¼‰
Hard ã®å•é¡Œã§ã™ã€‚ãƒã‚¤ãƒŠãƒªãƒ•ã‚¡ã‚¤ãƒ«ï¼ˆelements.tar.gz)㌠1ã¤ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã§ãã¾ã™ã€‚ã¾ãŸã€ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ï¼ˆã‚µãƒ¼ãƒï¼‰ã‚‚èµ·å‹•ã§ãã¾ã™ã€‚ãƒã‚¤ãƒŠãƒªãƒ•ã‚¡ã‚¤ãƒ«ã¯ 158MB ã‚‚ã‚ã‚Šã¾ã™ã€‚
elementså•é¡Œ
解å‡ã™ã‚‹ã¨ã€400MB 以上ã‚ã‚Šã¾ã—ãŸã€‚ã¡ã‚‡ã£ã¨å®¹é‡ãŒè¶³ã‚Šãªã„ã®ã§ã€ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã§ããªã„ã§ã™ã€‚ã“ã®å•é¡Œã«ã¤ã„ã¦ã¯ã€writeup を見ã•ã›ã¦é ‚ã„ã¦ã€å‹‰å¼·ã•ã›ã¦ã‚‚らã†ã“ã¨ã«ã—ã¾ã™ã€‚
writeup を見ã¾ã—ãŸãŒã€æ£ç›´è¨€ã£ã¦è¦‹ã¦ã‚‚全然分ã‹ã‚Šã¾ã›ã‚“(笑)。Web ã«ã¤ã„ã¦ã¯ã€åŸºç¤ŽãŒè¶³ã‚Šã¦ãªã„よã†ã§ã™ã€‚
ãŠã‚ã‚Šã«
今回ã¯ã€picoCTF ã® picoCTF 2024 ã®ã†ã¡ã€Web Exploitation ã¨ã„ã†ã‚«ãƒ†ã‚´ãƒªã®å…¨6å•ã‚’ã‚„ã‚Šã¾ã—ãŸã€‚最後㮠2å•ã¯è§£ã‘ã¾ã›ã‚“ã§ã—ãŸãŒã€è‹¦æ‰‹ãª Webå•é¡Œã®è‰¯ã„経験ã«ãªã‚Šã¾ã—ãŸã€‚
最後ã«ãªã‚Šã¾ã—ãŸãŒã€ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã‚°ãƒ«ãƒ¼ãƒ—ã®ãƒ©ãƒ³ã‚ングã«å‚åŠ ä¸ã§ã™ã€‚
気楽ã«ãƒãƒãƒƒã¨ã‚ˆã‚ã—ããŠé¡˜ã„ã„ãŸã—ã¾ã™ðŸ™‡
今回ã¯ä»¥ä¸Šã§ã™ï¼
最後ã¾ã§ãŠèªã¿ã„ãŸã ãã€ã‚ã‚ŠãŒã¨ã†ã”ã–ã„ã¾ã—ãŸã€‚
