Written by php-style
on 

webhacking 5번 문제풀이

webhacking 5번 문제풀이

https://webhacking.kr/challenge/web-05/

첫 페이지에서 로그인과 회원가입 중 먼저 회원가입부터 하고 로그인을 하는 거로 유추합니다.

join 클릭시 alert 경고창으로 접속이 거부됩니다.

소스코드 확인시 login을 누르면 mem/login.php로 진입하므로 join이 있음을 확인하고 mem/join.php로 접근을 시도해봅니다.

진입시 alert으로 진입 거부. 소스코드를 통해 소스를 확인해봅니다.

자바스크립트단이 알아보기 힘들게 되어있습니다. 난독화된 코드임을 확인 할 수 있습니다.

Challenge 5 l='a';ll='b';lll='c';llll='d';lllll='e';llllll='f';lllllll='g';llllllll='h';lllllllll='i';llllllllll='j';lllllllllll='k';llllllllllll='l';lllllllllllll='m';llllllllllllll='n';lllllllllllllll='o';llllllllllllllll='p';lllllllllllllllll='q';llllllllllllllllll='r';lllllllllllllllllll='s';llllllllllllllllllll='t';lllllllllllllllllllll='u';llllllllllllllllllllll='v';lllllllllllllllllllllll='w';llllllllllllllllllllllll='x';lllllllllllllllllllllllll='y';llllllllllllllllllllllllll='z';I='1';II='2';III='3';IIII='4';IIIII='5';IIIIII='6';IIIIIII='7';IIIIIIII='8';IIIIIIIII='9';IIIIIIIIII='0';li='.';ii='<';iii='>';lIllIllIllIllIllIllIllIllIllIl=lllllllllllllll+llllllllllll+llll+llllllllllllllllllllllllll+lllllllllllllll+lllllllllllll+ll+lllllllll+lllll; lIIIIIIIIIIIIIIIIIIl=llll+lllllllllllllll+lll+lllllllllllllllllllll+lllllllllllll+lllll+llllllllllllll+llllllllllllllllllll+li+lll+lllllllllllllll+lllllllllllllll+lllllllllll+lllllllll+lllll;if(eval(lIIIIIIIIIIIIIIIIIIl).indexOf(lIllIllIllIllIllIllIllIllIllIl)==-1) {alert('bye');throw "stop";}if(eval(llll+lllllllllllllll+lll+lllllllllllllllllllll+lllllllllllll+lllll+llllllllllllll+llllllllllllllllllll+li+'U'+'R'+'L').indexOf(lllllllllllll+lllllllllllllll+llll+lllll+'='+I)==-1){alert('access_denied');throw "stop";}else{document.write('Join

');document.write('.

.

.

.

.

');document.write('

');document.write('');document.write('');document.write('
id
pass
');}

난독화 해제 사이트를 이용합니다.

https://www.strictly-software.com/unpack-javascript

< html > Challenge 5 < /title>

난독화에서 풀지 못한 부분들을 console에 입력하면 실제 평문이 나옵니다.

난독화 해제시 oldzombie가 쿠키에 존재하며 url에 mode=1이 존재해야한다.

if(eval(document.cookie).indexOf(oldzombie) == -1){ // oldzombie라는 단어가 cookie에 존재하지 않으면 bye alert('bye'); throw "stop"; } if(eval(document.URL).indexOf(mode=1)==-1){ // url 뒤에 mode=1가 없으면 전페이지로 이동 alert('access_denied'); throw "stop"; }

oldzombie를 쿠키에 추가 후 https://webhacking.kr/challenge/web-05/mem/join.php?mode=1 mode=1을 url에 붙힌다.

testtest라는 아이디를 만들었지만 admin 아이디가 요구되므로 다시 admin으로 회원가입하러 가야합니다.

php는 공백을 넣은 단어를 다른 문자열로 인식합니다. admin에 공백 추가하여 회원가입

끝~

from http://devkwon97.tistory.com/17 by ccl(A) rewrite - 2021-09-19 02:27:03