https://picoctf.com/problems/clientside.html
Ta xem src nó thử :D
<html> <head> <title>Secure Login Server</title> </head> <body bgcolor="#000000"> <!-- standard MD5 implementation --> <script type="text/javascript" src="md5.js"></script> <script type="text/javascript"> function verify() { checkpass = document.getElementById("pass").value; if (md5(checkpass) == "03318769a5ee1354f7479acc69755e7c") { alert("Correct!"); document.location="./aebe515f7c62b96ad7de047c11aa3228.html"; } else { alert("Incorrect password"); } } </script> <div style="position:relative; padding:5px;top:50px; left:38%; width:350px; height:140px; background-color:red"> <div style="text-align:center"> <p>Welcome to the Secure Login Server.</p> <p>Please enter your credentials to proceed</p> <form action="index.html" method="post"> <input type="password" id="pass" size="8" /> <br/> <input type="submit" value="Log in" onclick="verify(); return false;" /> </form> </div> </div> </body> </html>
à, ra vậy, nó dùng javascript để giấu thông tin credentials
function verify() { checkpass = document.getElementById("pass").value; if (md5(checkpass) == "03318769a5ee1354f7479acc69755e7c") { alert("Correct!"); document.location="./aebe515f7c62b96ad7de047c11aa3228.html"; } else { alert("Incorrect password"); } }
Chú ý hàm này, khi chạy, nó sẽ lấy thông tin "pass" từ form nhập.
Rồi kiểm tra pass bằng so sánh md5: 03318769a5ee1354f7479acc69755e7c
Tra gg xem ra cái gì không
pass: dinosaur
nó redirect sang https://picoctf.com/problems/aebe515f7c62b96ad7de047c11aa3228.html
Key: cl13nt_s1d3_1s_w0rst_s1d3
0 nhận xét:
Đăng nhận xét