ctf web4
来源:互联网 发布:数据挖掘 情报研究 编辑:程序博客网 时间:2024/06/11 14:20
http://120.24.86.145:8002/web4/
根据题目的意思是:看看源代码?
<html>
<title>BKCTF-WEB4</title>
<body>
<div style="display:none;"></div>
<form action="index.php" method="post" >
看看源代码?<br>
<br>
<script>
var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62';
var p2 = '%61%61%36%34%38%63%66%36%65%38%37%61%37%31%31%34%66%31%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b';
eval(unescape(p1) + unescape('%35%34%61%61%32' + p2));
</script>
<input type="input" name="flag" id="flag" />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
查看源代码之后,可以看到一些字符串已经被编码,所以我们可以写一个页面或使用在线字符解码的网站,我这边是自己写的
<p id="val"></p>
<script>
document.getElementById('val').innerText = (unescape("%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62")+unescape('%35%34%61%61%32%61%61%36%34%38%63%66%36%65%38%37%61%37%31%31%34%66%31%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b'));
</script>
然后用浏览器打开的结果是:
function checkSubmit(){var a=document.getElementById("password");if("undefined"!=typeof a){if("67d709b2b54aa2aa648cf6e87a7114f1"==a.value)return!0;alert("Error");a.focus();return!1}}document.getElementById("levelQuest").onsubmit=checkSubmit;
之后,可以看到一串很长的字符串 67d709b2b54aa2aa648cf6e87a7114f1,这可能是有用的,然后将其复制到那个提交页面,点击Submit之后,显示出KEY{J22JK-HS11},之后将其提交
- ctf web4
- 详解2016 SWPU CTF web4
- web4
- web4
- WEB4-servlet
- bugku Web4
- CTF
- ctf
- ctf
- ctf
- CTF
- Web4之CSS选择器实验
- Web4 标签和html基本概念
- About CTF
- CTF训练
- CTF编码
- 一道CTF
- CTF入门
- 初学虚幻4-各种准备工作
- json时间格式化(JS)
- Image-to-Image Translation with Conditional Adversarial Networks论文学习
- 【尺取】hdu 6103 Kirinriki
- 错误0x80070522错误问题
- ctf web4
- Java8源码-LinkedList
- 自已动手编译Linux系统-基于ALFS的LFS8.0实践(一)
- linux使用运算符(; || &&)
- 签到题
- EMF学习笔记(四)——使用EMF编程——持久化(续)
- 两个列表合并成字典
- JTable 不能正确显示标题总结
- HDU-3713---Double Maze (bfs) 详细解释