검은화면에 버튼두개
로그인 버튼과 회원가입 버튼뿐이다.
회원가입은 접근이 안되고 로그인버튼뿐
입력칸=sql injection 시도 역시 실패다.
다른 힌트역시 쉽게 찾기 힘들었다.
그런데 상단 url을 보니 login.php로 바로 접근하는 모습을 볼수있다.
join.php?도 있지 않을까?
바로접근이 되는 모습 하지만 알림창의 bye가 뜨면서 검은 화면만 보인다.
일단 코드 확인해보니 역시 스크립트 그런데 굉장히 알아보기 힘들었다.
난독화를 어우 눈아파....
일단
이곳을 통해 코드를 정렬 해보자.
l = 'a';
ll = 'b';
lll = 'c';
llll = 'd';
lllll = 'e';
llllll = 'f';
lllllll = 'g';
llllllll = 'h';
lllllllll = 'i';
llllllllll = 'j';
lllllllllll = 'k';
llllllllllll = 'l';
lllllllllllll = 'm';
llllllllllllll = 'n';
lllllllllllllll = 'o';
llllllllllllllll = 'p';
lllllllllllllllll = 'q';
llllllllllllllllll = 'r';
lllllllllllllllllll = 's';
llllllllllllllllllll = 't';
lllllllllllllllllllll = 'u';
llllllllllllllllllllll = 'v';
lllllllllllllllllllllll = 'w';
llllllllllllllllllllllll = 'x';
lllllllllllllllllllllllll = 'y';
llllllllllllllllllllllllll = 'z';
I = '1';
II = '2';
III = '3';
IIII = '4';
IIIII = '5';
IIIIII = '6';
IIIIIII = '7';
IIIIIIII = '8';
IIIIIIIII = '9';
IIIIIIIIII = '0';
li = '.';
ii = '<';
iii = '>';
lIllIllIllIllIllIllIllIllIllIl = lllllllllllllll + llllllllllll + llll + llllllllllllllllllllllllll + lllllllllllllll + lllllllllllll + ll + lllllllll + lllll;
lIIIIIIIIIIIIIIIIIIl = llll + lllllllllllllll + lll + lllllllllllllllllllll + lllllllllllll + lllll + llllllllllllll + llllllllllllllllllll + li + lll + lllllllllllllll + lllllllllllllll + lllllllllll + lllllllll + lllll;
if (eval(lIIIIIIIIIIIIIIIIIIl).indexOf(lIllIllIllIllIllIllIllIllIllIl) == -1) {
alert('bye');
throw "stop";
}
if (eval(llll + lllllllllllllll + lll + lllllllllllllllllllll + lllllllllllll + lllll + llllllllllllll + llllllllllllllllllll + li + 'U' + 'R' + 'L').indexOf(lllllllllllll + lllllllllllllll + llll + lllll + '=' + I) == -1) {
alert('access_denied');
throw "stop";
} else {
document.write('<font size=2 color=white>Join</font><p>');
document.write('.<p>.<p>.<p>.<p>.<p>');
document.write('<form method=post action=' + llllllllll + lllllllllllllll + lllllllll + llllllllllllll + li + llllllllllllllll + llllllll + llllllllllllllll +
'>');
document.write('<table border=1><tr><td><font color=gray>id</font></td><td><input type=text name=' + lllllllll + llll + ' maxlength=20></td></tr>');
document.write('<tr><td><font color=gray>pass</font></td><td><input type=text name=' + llllllllllllllll + lllllllllllllllllllllll + '></td></tr>');
document.write('<tr align=center><td colspan=2><input type=submit></td></tr></form></table>');
}
눈으로 해석하거나 일일이 해석하기는 눈이 너무 아플거같다.
복사하여 파이썬에 맞게 조금 변경하여 볼수 있도록 해야될거같다.
eval 함수는 해당 문자열을 코드로 인식하게 하는 함수
대충 print 함수를 이용해 필요한 부분만 완성해봣다.
if (eval(document.cookie).indexOf(oldzombie) == -1) {
alert('bye');
throw "stop";
}
if (eval(document.URL).indexOf(mode=1) == -1) {
alert('access_denied');
throw "stop";
}
else밑에는 해당페이지의 소스인거 같다.
위 두 조건을 만족시켜보자 (indexOf는 해당 문자열이 있는 위치를 반환하며 없으면 -1을 반환한다.)
edithiscookie앱을 이용하여 oldzombie라는 쿠키를 만들고 https://webhacking.kr/challenge/web-
05/mem/join.php?mode=1 로 접근하면 회원가입을 할수 있다.
회원가입을 하고 로그인을 해보자.
You have to login as admin
You have to login as admin 관리자로 로그인하라고 하네요 기껏가입햇더니
admin으로 가입할려고 하면 이미 있다고 합니다.
띄워쓰기를 이용해 봅니다. 뒤에 띄워쓰기는 다 있다고 하네요
앞에도 추가하니 회원가입 완료
띄워쓰기 한대로 아이디를 치고 로그인 해주면 클리어!
'보안 > webhacking' 카테고리의 다른 글
| webhacking.kr old-07 (0) | 2019.11.23 |
|---|---|
| webhacking.kr old-06 (0) | 2019.11.23 |
| webhacking.kr old-04 (0) | 2019.11.22 |
| webhaking.kr old-03 (0) | 2019.11.22 |
| webhacking.kr old-02 (0) | 2019.11.22 |
최근댓글