打开网页,题目提示我看看源代码,所以就打开看看吧
<pre id="line1"><html> <title>BKCTF-WEB4</title> <body> <div style="display:none;"></div> <form action="[index.php](view-source:http://123.206.87.240:8002/web4/index.php)" method="post" > 看看源代码?<br> <br> <script> var p1 = '%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%53%75%62%6d%69%74%28%29%7b%76%61%72%20%61%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%70%61%73%73%77%6f%72%64%22%29%3b%69%66%28%22%75%6e%64%65%66%69%6e%65%64%22%21%3d%74%79%70%65%6f%66%20%61%29%7b%69%66%28%22%36%37%64%37%30%39%62%32%62';
var p2 = '%61%61%36%34%38%63%66%36%65%38%37%61%37%31%31%34%66%31%22%3d%3d%61%2e%76%61%6c%75%65%29%72%65%74%75%72%6e%21%30%3b%61%6c%65%72%74%28%22%45%72%72%6f%72%22%29%3b%61%2e%66%6f%63%75%73%28%29%3b%72%65%74%75%72%6e%21%31%7d%7d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%6c%65%76%65%6c%51%75%65%73%74%22%29%2e%6f%6e%73%75%62%6d%69%74%3d%63%68%65%63%6b%53%75%62%6d%69%74%3b';
eval(unescape(p1) + unescape('%35%34%61%61%32' + p2)); </script> <input type="input" name="flag" id="flag" /> <input type="submit" name="submit" value="Submit" /> </form> </body> </html> </pre>
对中间的那两串字符解码
function checkSubmit(){var a=document.getElementById("password");if("undefined"!=typeof a){if("67d709b2b
aa648cf6e87a7114f1"==a.value)return!0;alert("Error");a.focus();return!1}}document.getElementById("levelQuest").onsubmit=checkSubmit;
54aa2
这个的结果很明显了,对输入的值进行比较,如果输入的值等于 p1+54aa2+p2
,就输出 flag ,于是输入
67d709b2b54aa2aa648cf6e87a7114f1
得到结果
KEY{J22JK-HS11}
题目里面出现了一个 unescape 的函数,这是一个解码函数,unescape解码
Escape/Unescape加密解码/编码解码,又叫%u编码,从以往经验看编码字符串出现有"u",它是unicode编码,那么Escape编码采用是那一种unicode实现形式呢。其实是UTF-16BE模式。这样一来问题非常简单了。 Escape编码/加密,就是字符对应UTF-16 16进制表示方式前面加%u。Unescape解码/解密,就是去掉"%u"后,将16进制字符还原后,由utf-16转码到自己目标字符。如:字符“中”,UTF-16BE是:“6d93”,因此Escape是“%u6d93”,反之也一样!因为目前%字符,常用作URL编码,所以%u这样编码已经逐渐被废弃了!
网友评论