CTF Training Camp Web Chapter

　　

Easy JS Encryption not difficult

　　Problem Solving Address: here

Process: Open the source page, start analyzing JS code

Can see a lot of >.< and messy feeling (well, the great God will ignore this sentence)

First save the site as a local, in fact, there is a decoding method on the Internet, here I use the document.write (Blablablabla ...), after the change to open the file locally, do not map, copy the code on the page to replace the original JS code, Adjust the format to get the result:

　　　　

<script type= "Text/javascript" >varA=prompt ("\u8f93\u5165\u4f60\u7684\x66\x6c\x61\x67\u5427\uff0c\u5c11\u5e74\uff01", "" ");varB= "\x66\x33\x33\x37\x33\x65\x33\x36\x63\x36\x37\x37\x37\x35\x30\x37\x37\x39\x66\x35\x64\x30\x34\x66\x66\x37\ X38\x38\x35\x62\x33\x65 ";varC=/.+_.+_.+/gi;//g match all I to case insensitivevard=0x0;varE=a.substr (0x8,0x5);////d = 0if($.MD5 (e) ==b.replace (/7/ig,++d). Replace (/8/ig,d*0x2)) {//8-12 Jiami    //d = 1        varF=a.substr (0x0/d,0x7);if(F.substr (0x5,0x2) = = "\x6a\x73" &&$.md5 (F.substr (0x0/d,d+0x3)) = = "\x64\x30\x31\x35\x34\x64\x35\x30\x34\ X38\x62\x35\x61\x35\x65\x62\x31\x30\x65\x66\x31\x36\x34\x36\x34\x30\x30\x37\x31\x39\x66\x31 ") {//5-6js 0-3WCTF//d = 1document.write ("2:" +d+ "\ n"); document.write ("A:" +a+ "\ n"); R=a.substr (0xd);//oxd=>13        //0xd = 1document.write ("RR:" +r+ "\ n"); //d = 0x1;        if(R.charcodeat (d) -0x19==r.charcodeat (++d) -0x19&&r.charcodeat (--d) -0x19==r.charcodeat (--d)) {//charCodeAt () returns the Unicode value at the specified position            //d = 3document.write ("3:" +d+ "\ n"); varG=string.fromcharcode (0x4f); G=g.tolowercase () +g.tolowercase ();//g =>oodocument.write (R.substr ((++d) *0x3,0x6) ==g.concat ("\x65\x61\x73\x79") + ""); //document.write ("G:" +g.concat ("\x65\x61\x73\x79") + "\ n");document.write (C.test (a)); if(C.test (a)) {// Easydocument.write ("4:" +d+ "\ n"); D=string (0x1) +String (a.length); document.write ("5:" +d+ "\ n"); }        }    }};if(A.substr (0x4,0x1)!=string.fromcharcode (d) | | A.substr (0x4,0x1) = = "\X7A") {alert ("\u989d\uff0c\u518d\u53bb\u60f3\u60f3\u3002\u3002")}Else{alert ("\u606d\u559c\u606d\u559c\uff01")}</script>

View Code

　　Okay, next parse code ==>ok Wctf{js_jiami_xxooeasy}

Cookie Spoofing

　　The topic took several days (the technology is too slag t^t)

　　　　

　　Problem Solving Address: here

Process:

Face the page a large string of garbled, the first reaction is to decode, the results probably all know ...

View URL/INDEX.PHP?LINE=&FILE=ZMXHZY50EHQ

Passed 2 values, where the file parameter value is a little bit encrypted feel, then come again! Usually the URL is Base64 encrypted, so the solution, attached to the online decryption site: here

Solve this value for flag.txt, well it seems that the directory should have other files waiting for us to visit, then try a few commonly used filenames, and finally try out is index.php base64 ciphertext AW5KZXGUCGHW, followed by the use of line this parameter , changed 1,2,3,4,5 ..... We can find that the page has PHP code appears, OK, then write a script to take this file

ImportURLLIBURL1="http://ctf.idf.cn/game/web/40/index.php?line="Url2="&FILE=AW5KZXGUCGHW"result="" forIinchRange (200): URL= Url1 + str (i) +Url2#Print URLWP =urllib.urlopen (URL) content=Wp.read ()PrintContent Result+=contentPrintResult

View Code

after getting the php file, parse, if there is a key in the cookie and corresponds to IDF, add flag.php base64 encryption and add KEY:IDF OK to Url,cookie. Wctf{idf_c00kie}

<?PHPerror_reporting(0); $file=Base64_decode(isset($_get[' File ']?$_get[' File ']: ""); $line=isset($_get[' line '])?intval($_get[' line ']): 0; if($file= = ")Header("Location:index.php?line=&file=zmxhzy50ehq"); $file _list=Array(        ' 0 ' = ' flag.txt ', ' 1 ' = ' index.php ',    ); if(isset($_cookie[' Key ']) &&$_cookie[' Key ']== ' IDF '){        $file _list[2]= ' flag.php '; }    if(In_array($file,$file _list)){        $fa=file($file); Echo $fa[$line]; }?>

View CodeAncient message encoding

　　Uuencode code, just find a website to solve

Super-Simple JS problem

　　Pure decoding.

Simple JS Decryption

　　Well, not yet, to be continued ... Ask Daniel for the subject

A code.

　　copy Paste to the console, the answer is out, you can check Jsfuck

CTF Training Camp Web Chapter