ABOUT ME

-

Today
-
Yesterday
-
Total
-
  • Webhacking.kr :: old-12๋ฒˆ
    SECURITY/Webhacking 2021. 2. 16. 16:44

    script ๋ฅผ ๋ณด์ž..

    ์ด๋Ÿฐ ์ด๋ชจ์ง€๊ฐ€ (์ •๋ง) ๊ฐ€๋“ํ•˜๋‹ค..

    (15,376 byte ๋‚˜ ๋œ๋‹ค)

     

    ์ž˜๋ณด๋ฉด ์‚ฌ์ด์‚ฌ์ด์— ์ƒˆ๋ฏธํด๋ก (;) ์ด ์žˆ์–ด์„œ, ๊ฐ„๋‹จํžˆ ํ•˜๋‚˜๋ฅผ console ์— ์ž…๋ ฅํ•ด๋ณด์•˜๋‹ค.

    (๏พŸ๏ฝฐ๏พŸ)+=(๏พŸΘ๏พŸ);

    ํ•˜๋‚˜ํ•˜๋‚˜๊ฐ€ javascript ์ฝ”๋“œ๋กœ ํ•ด์„๋˜๋Š” ๊ฒƒ์ด์—ˆ๋‹ค..!

     

    ์ฐพ์•„๋ณด๋‹ˆ ์ด๋ ‡๊ฒŒ ์ด๋ชจ์ง€๋กœ javascript ๋ฅผ encoding ํ•˜๋Š” ๊ฒƒ์ด aaencode ๋ผ๋Š” ๊ฒƒ์ด์—ˆ๋‹ค.

    ๊ทธ๋Ÿผ aadecode ๋ฅผ ํ•˜์ž!

     

    (์ฃผ์˜์ : ๊ทธ๋ƒฅ chrome ๊ฐœ๋ฐœ์ž ๋„๊ตฌ์˜ Elemnets ๋กœ ๋“ค์–ด๊ฐ€์„œ script ๋ฅผ ๋ณด๋ฉด ๋’ค๊ฐ€ ์ž˜๋ฆฐ๋‹ค. Sources ๋กœ ๋“ค์–ด๊ฐ€์„œ ๋ณด๋„๋ก ํ•˜์ž!)

     

     

    ๊ฒฐ๊ตญ ์ˆจ์–ด์žˆ๋˜ javascript ์ฝ”๋“œ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

    var enco='';
    var enco2=126;
    var enco3=33;
    var ck=document.URL.substr(document.URL.indexOf('='));
    for(i=1;i<122;i++){
      enco=enco+String.fromCharCode(i,0);
    }
    function enco_(x){
      return enco.charCodeAt(x);
    }
    if(ck=="="+String.fromCharCode(enco_(240))
              +String.fromCharCode(enco_(220))
              +String.fromCharCode(enco_(232))
              +String.fromCharCode(enco_(192))
              +String.fromCharCode(enco_(226))
              +String.fromCharCode(enco_(200))
              +String.fromCharCode(enco_(204))
              +String.fromCharCode(enco_(222-2))
              +String.fromCharCode(enco_(198))
              +"~~~~~~"
              +String.fromCharCode(enco2)
              +String.fromCharCode(enco3)){
      location.href="./"+ck.replace("=","")+".php";
    }

     

    console ๋กœ ์‹คํ–‰ํ•ด์„œ ๊ฐ’์„ ์ฐพ์•„๋‚ด๋ณด์ž.

     

     

    enco ๊ฐ’์„ ์–ป์—ˆ๊ณ , enco_ ํ•จ์ˆ˜๋ฅผ ์ •์˜ํ•˜๊ณ  ๋‹ค์Œ์„ ์‹คํ–‰ํ•˜๋ฉด ์›ํ•˜๋Š” ๊ฐ’์„ ์–ป์„ ์ˆ˜ ์žˆ๋‹ค.

     

      location.href="./"+ck.replace("=","")+".php";

     

    ๊ฒฐ๊ตญ "./youaregod~~~~~~~!.php" ๋กœ ๋“ค์–ด๊ฐ€๋ฉด ๋œ๋‹ค ~

     

    ์„ฑ๊ณต~~

    'SECURITY > Webhacking' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

    Webhacking.kr :: old-41๋ฒˆ  (0) 2021.02.17
    Burp Suite ์„ค์น˜ ๋ฐ ์‚ฌ์šฉ - Windows 64 bit  (0) 2021.02.17
    Webhacking.kr :: old-59๋ฒˆ  (0) 2021.02.16
    Webhacking.kr :: old-36๋ฒˆ  (0) 2021.02.16
    Webhacking.kr :: old-20๋ฒˆ  (0) 2021.02.16

    ๋Œ“๊ธ€

Designed by Tistory.