ADWORLD web/NaNNaNNaNNaN-Batman

1 下载打开附件

  附件是一个js乱码文件

ADWORLD web/NaNNaNNaNNaN-Batman

 

 

    用火狐浏览器打开,得到以下界面

ADWORLD web/NaNNaNNaNNaN-Batman

 

 

2 解决方法

   将乱码中的eval()改成alert(),然后以html文件的格式打开,

ADWORLD web/NaNNaNNaNNaN-Batman

 

 

    乱码正常:

ADWORLD web/NaNNaNNaNNaN-Batman

 

 将这段js代码对齐:

function $() {
    var e = document.getElementById("c").value;
    if (e.length == 16)
        if (e.match(/^be0f23/) != null)
            if (e.match(/233ac/) != null)
                if (e.match(/e98aa$/) != null)
                    if (e.match(/c7be9/) != null) {
                        var t = ["fl", "s_a", "i", "e}"];
                        var n = ["a", "_h0l", "n"];
                        var r = ["g{", "e", "_0"];
                        var i = ["it‘", "_", "n"];
                        var s = [t, n, r, i];
                        for (var o = 0; o < 13; ++o) {
                            document.write(s[o % 4][0]);
                            s[o % 4].splice(0, 1)
                        }
                    }
}
document.write(‘<input id="c"><button onclick=$()>Ok<button>‘);
delete _

          拿到flag可通过两种方法:

    ①满足正则,长度16,内容从^到$,得到e的值:be0f23233ace98aa,输入到原始链接里面的方框中,点击ok获得flag

    ②在控制器运行这段代码:

 var t = ["fl", "s_a", "i", "e}"];
                        var n = ["a", "_h0l", "n"];
                        var r = ["g{", "e", "_0"];
                        var i = ["it‘", "_", "n"];
                        var s = [t, n, r, i];
                        for (var o = 0; o < 13; ++o) {
                            document.write(s[o % 4][0]);
                            s[o % 4].splice(0, 1)

 

ADWORLD web/NaNNaNNaNNaN-Batman

 

 

 

 

ADWORLD web/NaNNaNNaNNaN-Batman

上一篇:VUE如何上传大文件


下一篇:zabbix3.0.4-agent通过shell脚本获取mysql数据库登陆用户