DoR@Hee의 끄적끄적

webhacking.kr 34번 본문

WarGame/WebHacking.kr

webhacking.kr 34번

DoR@Hee 2019. 2. 22. 16:55
0lDz0mBi2

문제 클릭 시 바로 첫화면 alert창이 보이는걸 확인 할 수있다. 




문제화면은 아무것도 안보인다. 




<script>.. <script>

<script>.. <script>

<script>.. <script>

가 인다.



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
l1l = document.all;
var naa = true;
ll1 = document.layers;
lll = window.sidebar;
naa = (!(l1l && ll1) && !(!l1l && !ll1 && !lll));
l11 = navigator.userAgent.toLowerCase();
function lI1(l1I) {
    return l11.indexOf(l1I) > 0 ? truefalse
};
lII = lI1('kht'| lI1('per');
naa |= lII;
O0O0 = new Array();
O0O0[0= '<script>l1l=document.all;var naa=true;~1~~\r~~~layers~%~=win~ w.sideb~;~~(!(~l&&~&)~J~F!~H~N~&~R~))~%1~\'~vigator.us~0Ag~+.~`Low~0Ca~e(~Wfunction lI1~G1I){retur~|~1.~7~>xOf}}>0?~!~#:f~~e}~%II=~~}za\'kht\')|}$(\'p~0}*~B~|}#}!;O00O=new Arr~.~s}8}:O[0]=\'<script>}Wf(do}Sumen}[.URL}r}_}p}e}nxO~    \\\'\'}8O}9}M~u||    };}MuYYvGUsPrTgKgtmIoOvIPKXjBJLVpjRT|\r|+}M~w~y~{ __\'+\'|9(|:|<}9}|\r};0}M%76%61|H2%20l%3|O3D\\167i|KEd|Y57w|PEo}0|Y6|O|L|TF|T|M3A|T0|TB|K6u|a|J63~y|a7|^|P|R|T3|P8|KC|T4|P9|H|v6{    35|TD|P|n7A|Y4|M2Fg|u{|T|J|W|Y2|}|N|K9n{2Efro|K{4{68~|Y0{5F|`14{2{3|t2{\r3B|a{3{JD|S{K|e|i2{5|i0{I{1ce{{I|T{@C{N|J{E|u|i|{1r{{N{za{$156{S|i{za|Q%{|N}Dy{{ |P{`|T{B{5';
O00O = 'fu';
OO0O = 'OWkhHnBHDQcdCEOiTtMpvSOQsnnl';
O00O += 'nction __' + '__(_' + 'O0){';
O0OO = '\166ar l2=wi\156dow.\157per\141?1:0;funct\151o\156 l3(l4){l5=/za/g;\1546=Str\151\156g.f\162omCharCode(0);l4=\1544.r\145pla\143e(l5,l6);\166\141r l7=\156\145w Array(),l8=_1=l4.\154ength,l9,l\111,il=16256,_1=0,I=0,l\151='';do{l9=\1544.cha\162Cod\145A\164(_1);\154\111=l4.c\150arC\157\144e\101\164(++_1);l7[\111++]=\154\111+\151\154-(\1549<<7)}w\150ile(_1++<l8);v\141r \1541=n\145\167';
O0O0[0+= '|n3|p{M{\n{P{m{65n{7|i4h{{{!3{\r2C{]4z{    69{N{z{"|T|V{3{b{    zza|o{|s{{Iz){Cz{|az|P{r{kB~ {{N{F|Xzz{-|K3|a|t|l7{R1{:o{4{pzF|M7{{A%z\'z{c{G{Iz,{l5{JzOEz?z|LrCo{={?{91z{y2|vzizQz{{FB{jzQBz,zkzk5z{MztBi{]2{zP{|T{F{{{r{\r7Dwh|]yz    {yzR{zj|v3{|3{zT{H|Z{f{h|Q{Nz}>|H7|D};}J]|3}N0lDzy)}lB}_2|}N)!=-1y8{y*~ a}q}X}g}p}sh}U}m}`y;y6PyG}QyWw|1}9y\'e~y[}<\'FZcXBu~dy~xRnnGtwnQpYWDoMCqHSyxjkPYy[0y\'l(~ves\'    xx    |<ca}0|?|B)}|y^~xx(|    |B}G}:}MVbOolLdFvrFXhHrDOXxBeCIQFh}CqvW}x mqtkNOVEjx}M|Dy\\|G|Q|rzD{(zCzyz{]z.|Wz{>5|dxS}C{X|HxX{zz{tzz-|p|V{Bz6|{z|t5zs{!zwz)5{zN|N~7|K{r{.{0{2{t3h{X{h{4|K{<{[{AI|S{cyy!|K8il{Szhzz;~Yz}zo|Y~Yzzxl{}{dz<zxtz*xw|Ww{mz{Nxs{yzrw\'{zw/x[z;zY|T{zaw&z.w(|vzzazz({G~yzBz&zw7{Jx{e|zz tzz~wAy|[wz1wKyFx[zz<z\'wBsy!itcw{zqw&w?zQzx:{Nzm|T|rz.w^wd|L|i{5{@|twqwx{w$w.xi{]w({yw<w5w\\zw>{\'';
O00O += 'eva';
OOOO = 'bZbJgXimpgJiRythFtjyLqqcUrROoOnOcGro';
O00O += 'l(unes' + 'cape(_O0))}';
eval(O00O);
OO00 = 'kwQajkuWQqsOeyJwaOOOOPWOqVUfOOUpWyvcVmbXgrOOR';
O00O = '';
O0OO += ' \101\162r\141y(),l0=new Array(),\111l=128;d\157{l0[I\154]=String.f\162om\103\150arCo\144\145(\111\154)}w\150ile(--\111l);Il=128;\1541[0]=li=l0[\1547[0]];ll=\1547[0];_l=1;var l_=\1547.length-1;w\150ile(_l<l_){swi\164ch(\1547[_l]<Il?1:0){case 0 :\1540[Il]=l0[ll]+S\164rin\147(l0[ll]).sub\163t\162(0,1);\1541[_l]=l0[\111\154];if(l2){li+=\1540[\111l]};\142r\145\141';
OOO0 = 'l';
O0O0[0+= 'zD~7{,8x[w.{]yxw{c{-wuubwu~!{ywq{zn|uyw1wivzaw-zrz,vw4z1f{\\w$|Ow^{Ww+|PywHw\'zs|Sxww{G|KzE|jea|1x#\'ly#}I}Ky\'y)}w}w}e}e}s}ZyYyY|;}yPy+}R}nyCyHy+}n}V}\\}cvNW}U~6g~)~N}O/~~~}]xPx}Mk{ 6z{66a|Hvzw[vxwoz|Mwh|nv%{v"xtwgw>Fv4w3vw9v({Ax[v+yw/|]zk|Wxrw1vw:u wuv6w/v2v$z&zxu    zpuv/zQ|}rwV6Evv\ruw0uu*vzEwu|i{T{>2svzPvz(yv|Z|k5v}6|vu"wzfz<zuyu#vz3uzlu { wiuQ|Hw4{){{byuOw8|U{z7uL2{[zNu<|N|zwfuDu:{m2zHv.u0zhz4xgyD{[{~e{{Q}v~|Nn{{|]wuMyv}xU{sy4wGz3tzU{>|{{v+w|]ux\\{9wVy{tzwx|tt|el~z zzAuuyufzpw{rv0z{zPt$x\\};zru/{\ru8u]|uz|t{~Ct.|KzJ{m7cu<|au={?~|ew{QwVzNw8lOufw4y#0 t[t\\}MlJ~7Eyg|||||||||!|#|%|\'|)|+|-|/wycyeygyiykymyoyqysyuW||9|9t\\ x|E~W|vt\'gMbLfyNyvpLHa|    sjDE|    hImUePWluiSxIMSw_CcHpJNQHcJkZUIOUKZeRRDmSkxPtOwx4SPJOZsRmsoCGWnoBLGfwSiFxlVOsdTMTuKsOObYtMElXOqswkwUdVGdE~pMOQUq|</~~~>';
O0OO += '\153;d\145fa\165lt:l1[_l]=l0[\1547[_l]];\151f(\1542){li+=l0[l7[_l]]};\1540[Il]=\1540[\154l]+\123tri\156\147(\1540[l7[_\154]]).sub\163tr(0,1);b\162\145ak};I\154++;ll=l7[_l];_l++};i\146(!l2){r\145tu\162n(l1.join(''))}els\145{\162etu\162n li}};var l\117='';f\157r(\151i=0;ii<\1170\1170.l\145\156g\164\150;i\151++){l\117+=l3(O0\1170[\151i])};if(\156a\141){doc\165ment.\167ri\164e(\154O)};';
OO00 = 'RoxNlIkMOmOOWkhHnBHDQcdCEOiTtMpvSOQsnnlrbZbJgXimpgJiRythFtjyLqq';
____(O0OO);
OOO0 += 'iDyZqTZVcfvUWakfMOsPeOSvGHFKsltOjiCGJyOldSwBXwDSOtKufLdbImGpuYuIBVSlKfOYexPgYdEwOaLbhqeOYZXOvEMnDCTXORmFveQTjPUdaNOxxOgtZpYsNjOOThVnOho';
cs





1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
l1l = document.all;
var naa = true;
ll1 = document.layers;
lll = window.sidebar;
naa = (!(l1l && ll1) && !(!l1l && !ll1 && !lll));
l11 = navigator.userAgent.toLowerCase();
function lI1(l1I) {
    return l11.indexOf(l1I) > 0 ? truefalse
};
lII = lI1('kht'| lI1('per');
naa |= lII;
O00O = new Array();
O00O[0= '<script>if(document.URL.indexO~    \'';
OOO0 = 'fu';
OO0O = 'uYYvGUsPrTgKgtmIoOvIPKXjBJLVpjRT';
OOO0 += 'nction __' + '__(_' + 'O0){';
O0O0 = 'var l2=\167ind\157w.ope\162a?1:0;fu\156cti\157n l3(l4){l5=/z\141/g;l6=\123tring.fromChar\103od\145(0);\1544=l4.\162\145\160\154\141ce(\1545,l6);\166ar l7=\156\145\167 Array(),l8=_1=l4.\154en\147\164h,l9,\154I,il=16256,_1=0,I=0,l\151='';do{l9=\1544.c\150ar\103o\144\145\101t(_1);\154I=\1544.charCod\145\101\164(++_1);l7[I++]=lI+i\154-(l9<<7)}while(_1++<l8);\166ar l1=new';
O00O[0+= '0lDz0mBi2\')!=-1){l~ ation.href=\'Passw';
OOO0 += 'eva';
OOOO = 'FZcXBuusyipxRnnGtwnQpYWDoMCqHSyxjkPY';
OOO0 += 'l(unes' + 'cape(_O0))}';
eval(OOO0);
O000 = 'VbOolLdFvrFXhHrDOXxBeCIQFhrrqvWOfOOOmqtkNOVEj';
OOO0 = '';
O0O0 += ' Array(),\1540=n\145w Arr\141y(),Il=128;d\157{l0[Il]=String.fromCh\141rCode(Il)}whil\145(--\111\154);\111l=128;\1541[0]=l\151=l0[l7[0]];l\154=\1547[0];_l=1;var l_=\1547.le\156\147th-1;\167h\151le(_\154<\154_){switch(l7[_l]<Il?1:0){ca\163e 0 :\1540[I\154]=l0[l\154]+String(\1540[\154l]).\163ub\163tr(0,1);l1[_l]=l0[Il];\151f(\1542){\154\151+=\1540[Il]};b\162ea';
OO00 = 'l';
O00O[0+= '0RRdd.pww\';}else{alert(\'Wr~6g~)~N</~~~>';
O0O0 += 'k;defaul\164:l1[_l]=l0[l7[_l]];if(\1542){li+=l0[l7[_\154]]};l0[Il]=l0[ll]+Str\151ng(\1540[l7[_l]]).\163\165\142str(0,1);b\162eak};\111\154++;ll=l7[_\154];_l++};i\146(!\1542){ret\165r\156(l1.\152o\151n(''))}else{\162eturn li}};\166ar lO='';\146or(ii=0;i\151<O00O.len\147\164\150;ii++){l\117+=l3(O00O[\151i])};i\146(naa){d\157c\165\155\145nt.w\162\151te(lO)};';
O000 = 'lJinEyguYYvGUsPrTgKgtmIoOvIPKXjBJLVpjRTwFZcXBuusyipxRnnGtwnQpYW';
____(O0O0);
OO00 += 'gMbLfyNyvpLHaOOaOjDEOOhImUePWluiSNOMSBsCcHpJNQHcJkZUIOUKZeRRDmSkxPtOwDOSPJOZsRmsoCGWnoBLGfwSiFxlVOaOdTMTuKJOObYtMElXOqXOkwUdVGdECaMOQUq';
cs


1
if(document.URL.indexOf('0lDz0mBi2')!=-1){location.href='Passw0RRdd.pww';}else{alert('Wrong');}
cs


3개에 결과가 보이고, 

document.URL.indexOf에 값이 0lDz0mBi2없을 경우 wrong가 보이는것이 보인다. 

또한 href = "Pass0RRdd.pww"가 보이는걸로봐선 저기에 패스워드가 있을거같다. 






'WarGame > WebHacking.kr' 카테고리의 다른 글

webhacking.kr 36번  (0) 2019.02.22
webhacking.kr 35번  (0) 2019.02.22
webhacking.kr 33번  (0) 2019.02.21
webhacking.kr 32번  (0) 2019.02.21
webhacking.kr 31번  (0) 2019.02.21
'WarGame/WebHacking.kr' Related Articles more
Comments