IDF实验室:天罗地网--超简单的js题
2015-05-25 21:52
260 查看
地址:
ctf.idf.cn/index.php?g=game&m=article&a=index&id=42
题目:
http://ctf.idf.cn/game/web/42/index.php
打开网页,显示一个输入框和一个提交按钮,直接查看源代码,发现有用的地方:
var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%61%32%64%31%38%35%37%34%61%62%37%33';
var p2 = '%61%62%65%39%30%62%33%38%39%35%65%38%65%36%33%32%38%36%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b';
eval(unescape(p1) + unescape('%64%64' + p2))
显然,这是一种URL编码,首先需要将p1和p2接起来,并在中间加 %64%64 。当不知道是什么编码时,直接借助XSS编码神奇(chrome插件)
百度网盘:pan.baidu.com/s/1dD8GYbR
尝试解码后出现:
if("a2d18574ab73ddabe90b3895e8e63286"==a.value)return!0
所以,需要提交这个代码:a2d18574ab73ddabe90b3895e8e63286 (这个值是动态的,从这里复制不一定),之后得出flag
ctf.idf.cn/index.php?g=game&m=article&a=index&id=42
题目:
http://ctf.idf.cn/game/web/42/index.php
打开网页,显示一个输入框和一个提交按钮,直接查看源代码,发现有用的地方:
var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%61%32%64%31%38%35%37%34%61%62%37%33';
var p2 = '%61%62%65%39%30%62%33%38%39%35%65%38%65%36%33%32%38%36%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b';
eval(unescape(p1) + unescape('%64%64' + p2))
显然,这是一种URL编码,首先需要将p1和p2接起来,并在中间加 %64%64 。当不知道是什么编码时,直接借助XSS编码神奇(chrome插件)
百度网盘:pan.baidu.com/s/1dD8GYbR
尝试解码后出现:
if("a2d18574ab73ddabe90b3895e8e63286"==a.value)return!0
所以,需要提交这个代码:a2d18574ab73ddabe90b3895e8e63286 (这个值是动态的,从这里复制不一定),之后得出flag
相关文章推荐
- IDF实验室之天罗地网简单的js解密
- IDF实验室之天罗地网超简单的js题
- IDF实验室:天罗地网--简单的js解密
- IDF实验室-简单的js解密
- IDF实验室-简单的js解密
- IDF实验室之天罗地网不难不易的js加密
- IDF实验室:WEB_超简单的js题
- IDF实验室:天罗地网--不难不易的js加密
- IDF实验室之牛刀小试最简单的题
- IDF实验室:初探乾坤--简单编程-字符统计
- node.js + express + mongodb 新手写的简单的高校实验室人员及任务管理系统
- IDF实验室-部分简单题目writeup
- IDF-CTF-简单的js加密 writeup
- IDF实验室之初探乾坤简单编程-字符统计
- ctfidf实验室超简单的js题
- IDF实验室-部分简单题目writeup
- IDF实验室-简单编程-特殊的日子 writeup
- idf实验室--简单编程字符统计
- IDF实验室:天罗地网--你关注最新的漏洞吗
- jsfuck编码---idf实验室“一种编码而已”笔记