[Net-force] JavaScript : Having fun?!? :-)
Net-force Web Wargames
Net-force 사이트 : https://net-force.nl
[힌트]
1. unescape
2. sha1 디코딩
페이지 소스보기를 하면 제대로 script 가 보이지 않는다. F12를 눌러서 Source를 보면 페이지 소스보기에서 있던 script말고 밑에 하나 더있는데 그 부분을 이용해서 풀어야 한다. 밑에 unescape 부분만 풀어주게 되면 함수가 나오는데, SHA1으로 해시되어있다. SHA1으로 디코딩 해보면 login = bas, pass=dude가 나온다. 이 부분을 input password부분에 넣어주면 틀렸다고 나온다. 그 이유는 입력된 password 부분이 대문자로 인식해 sha1으로 암호화 하므로 해시값이 달라지기 때문에 맞지 않는다. 그래서 challenge페이지에 들어가 비밀번호인 bas:dude를 치면 문제는 풀리게 된다.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 | function showlogin(){ document.writeln('<br><br><br><br>'); document.writeln('<table width="346" border="2" cellspacing="0" cellpadding="0" align="center" height="112">'); document.writeln('<tr><td height="41" bgcolor="#61629E">'); document.writeln('<div align="center"><font color="#FFFFFF" face="Courier New, Courier, mono"><b><font size="7">User Login</font></b></font></div>'); document.writeln('</td></tr><tr>'); document.writeln('<td hight="111" bgcolor="#FFBDOO">'); document.writeln('<form name="passwordform" onSubmit="input();"><div align="left">'); document.writeln('<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY>'); document.writeln('<INPUT type="hidden" name="username" value="default"><br>'); document.writeln('<TR><TD width=10 height=33> </TD>'); document.writeln('<TD width=70 height=33><FONT face="Verdana, Arial, Helvetica, sans-serif" size=1><B>'); document.writeln('<FONT face=Verdana size=2>Password</FONT></B></FONT></TD><TD width=100 height=33>'); document.writeln('<INPUT class=input type=password size=20 name=password >'); document.writeln('</TD></TR></TBODY></TABLE>'); document.writeln(' <input type="Submit" name="Submit" value="Login Now">'); document.writeln('</div></form></td></tr></table>'); }; function input() {pd=document.passwordform.password.value.toUpperCase(); ur=document.passwordform.username.value.toUpperCase(); if ((ur!=ur) ||(pd==unescape("%25%30%30%25%32%35%25%33%32"))) {document.cookie="HTMLPasswordUserID="+ur;document.cookie= "HTMLPasswordPassWD="+pd;passwdok();}else{alert("Useraccount: "+ur+ " error !");document.open();document.location.href="http://www.feetman.com";};}; function nem(){return true};window.onerror = nem;var t74;dl = document.layers;da = document.all;ge = document.getElementById; ws = window.sidebar;var msg="";var b97;function passwdok() {document.open();document.write(unescape("%3Chtml%3E%3Chead%3E%3Ctitle%3 ENet%20Force%3C%2Ftitle%3E%3C%2Fhead%3E%3Cbody%3E%3Cscript%20type%3D%22text%2Fjavascript%22%20language%3D%22JavaScript %22%20src%3D%22sha1%2Ejs%22%3E%3C%2Fscript%3E%3Cscript%20type%3D%22text%2Fjavascript%22%20language%3D%22JavaScript%22 %3E%3C%21%2D%2D%20Start%20Hiding%20the%20Script%0D%0A%0D%0Afunction%20validate%28%29%20%7B%0D%0A%20%20if%20%28 %28document%2ELoginForm%2Elogin%2Evalue%2Elength%20%3E%200%29%20%26%26%20%28document%2ELoginForm%2Epassword%2Evalue %2Elength%20%3E%200%29%29%20%7B%0D%0A%20%20%20%20login%3Ddocument%2ELoginForm%2Elogin%2Evalue%3B%0D%0A%20%20 %20%20pass%3Ddocument%2ELoginForm%2Epassword%2Evalue%3B%20%20%20%20%0D%0A%0D%0A%20%20%20%20login%5Fsha1%3DcalcSHA1 %28login%29%3B%0D%0A%20%20%20%20pass%5Fsha1%3DcalcSHA1%28pass%29%3B%0D%0A%0D%0A%20%20%20%20good%5Flogin%3D %221d31d94f30d40df7951505d1034e1e923d02ec49%22%3B%20%0D%0A%20%20%20%20good%5Fpass%3D%222d7a34c9ef8efa2cfdf4b89175f7edec1cd0ddda %22%3B%0D%0A%0D%0A%20%20%20%20if%20%28%28login%5Fsha1%3D%3Dgood%5Flogin%29%20%26%26%20%28pass%5Fsha1%3D%3Dgood %5Fpass%29%29%20%7B%0D%0A%20%0D%0A%20%20%20%20%20%20%20alert%28%27Well%20Done%21%27%29%3B%0D%0A%0D%0A%20 %20%20%20%20%20%20%7D%20else%20%7B%0D%0A%0D%0A%20%20%20%20%20%20%20document%2Elocation%3D%27http%3A%2F%2Fwww %2Efeetman%2Ecom%27%0D%0A%0D%0A%20%20%20%20%20%20%20%7D%0D%0A%0D%0A%20%20%7D%20else%20%7B%0D%0A%20%20 %20%0D%0A%20%20%20%20%20%20%20document%2Elocation%3D%27http%3A%2F%2Fwww%2Efeetman%2Ecom%27%0D%0A%20%20%20%20 %20%20%20%20%0D%0A%20%20%20%20%20%20%20%7D%0D%0A%0D%0A%20return%20false%3B%0D%0A%0D%0A%7D%0D%0A%0D%0A %2F%2F%20Stop%20Hiding%20script%20%2D%2D%2D%3E%3C%2Fscript%3E%3Ctable%20width%3D%22200%22%20height%3D%2290%22%20align %3D%22center%22%20border%3D%220%22%3E%3Ctr%3E%3Ctd%20class%3D%22txt%22%3E%3Ccenter%3E%3Cform%20name%3D%22LoginForm %22%20action%3D%22%22%3E%3Ctable%20border%3D%220%22%20align%3D%22center%22%20width%3D%22100%25%22%3E%3Ctr%3E%3Ctd %20class%3D%22txt%22%3ELogin%3A%3C%2Ftd%3E%3Ctd%20class%3D%22txt%22%3E%3Cinput%20type%3D%22text%22%20name%3D%22login %22%20size%3D%2220%22%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%20class%3D%22txt%22%3EPassword%3A%3C%2Ftd%3E%3Ctd %20class%3D%22txt%22%3E%3Cinput%20type%3D%22password%22%20name%3D%22password%22%20size%3D%2220%22%3E%3C%2Ftd%3E %3C%2Ftr%3E%3C%2Ftable%3E%3Cinput%20type%3D%22submit%22%20value%3D%22Submit%22%20onClick%3D%22return%20validate%28%29 %3B%22%3E%3C%2Fform%3E%3C%2Fcenter%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3C%2Fbody%3E%3C%2Fhtml%3E%0D%0A")); document.close(); }; window.open(unescape("%68%74%74%70%3A%2F%2F%77%77%77%2E%6D%69%6E%69%68%74%74%70%73%65%72%76%65%72%2E%6E%65%74"),"Unregister","with=250,height=180");showlogin(); |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | function validate() { if ((document.LoginForm.login.value.length > 0) && (document.LoginForm.password.value.length > 0)) { login=document.LoginForm.login.value; pass=document.LoginForm.password.value; login_sha1=calcSHA1(login); pass_sha1=calcSHA1(pass); good_login="1d31d94f30d40df7951505d1034e1e923d02ec49"; bas good_pass="2d7a34c9ef8efa2cfdf4b89175f7edec1cd0ddda"; dude if ((login_sha1==good_login) && (pass_sha1==good_pass)) { alert('Well Done!'); } else { document.location='http://www.feetman.com' } } else { document.location='http://www.feetman.com' } return false; } |
'SOLUTION > Net-Force' 카테고리의 다른 글
| [Net-force] HTML Guardian (0) | 2017.07.16 |
|---|---|
| [Net-force] Micro$oft crap... (0) | 2017.07.16 |
| [Net-force] Is this safe...?!? (0) | 2017.07.16 |
| [Net-force] Escape now!!! (0) | 2017.07.16 |
| [Net-force] This won't take long... (0) | 2017.07.16 |
