首页
论坛
专栏
课程

[原创]看雪CTF.TSRC 2018 团队赛 第十题 侠义双雄 wp

2018-12-19 18:55 567

[原创]看雪CTF.TSRC 2018 团队赛 第十题 侠义双雄 wp

2018-12-19 18:55
567
delphi 程序,中间放了一个TwebBrowser,验证在JS函数中。

参考:https://blog.csdn.net/yanjiaye520/article/details/7887420

关键点:

//屏蔽右键菜单

procedure TForm1.ApplicationEvents1Message(var Msg: tagMSG; var Handled: Boolean);

OD中找到这个函数,


直接ruturn 跳过这个函数。
保存之后重新运行,就可以看到右键菜单。
查看源:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<script>
eval(function(s,p,a,c,k,e,d){for(i=0;i<k.length;i++)k[i]=k[i].replace(s, '');e=function(c){eval(document.write(String.fromCharCode(13)));return(eval(c<a)?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('$$$','8 4() {    1 = 6.3.e.f;    9 (1 == "b") {        2("5!")    } 7 {        2("g!<" + 1 + "> a d c 0 ;-)")    }}',62,17,'GUID$$$@a$$$@alert$$$@all$$$@ckpswd$$$@congratulations$$$@document$$$@else$$$@function$$$@if$$$@is$$$@kanxueCTF2018bySimpower91$$$@my$$$@not$$$@pswd$$$@value$$$@wrong$$$'.split('@'),0,{}))</script>
CTF 2018&reg;<script language="vbscript">
function alert(msg_str)
MsgBox msg_str,vbOKOnly + vbExclamation + vbApplicationModal,""
End Function
</script>
<center><br><br><br><input value="" id="pswd" size=39></input><br><br><br><input type=button value="checkMyFlag" onclick="ckpswd();"></center>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         

保存一下,在浏览器中调试:

返回值P为:
function ckpswd() 
{   
a = document.all.pswd.value;    
if (a == "kanxueCTF2018bySimpower91") 
{        
alert("congratulations!")    
}
else 
{        
alert("wrong!<" + a + "> is not my GUID ;-)")    
}
}

答案就是kanxueCTF2018bySimpower91


[推荐]看雪企服平台,提供安全分析、定制项目开发、APP等级保护、渗透测试等安全服务!

上一主题 下一主题
最新回复 (0)
游客
登录 | 注册 方可回帖
返回