jam 블로그

[Hackthissite Javascript] level 6 본문

해킹/웹해킹

[Hackthissite Javascript] level 6

kid1412 2010. 9. 26. 14:32
728x90
해설과 답은 마우스로 글을 긁으면 보여요..

Fiftysixer decided to try his hand at javascript!

All was going well until he realized that he forgot to remove the unused code, which resulted in a confusing mess.
He didn't mind, in fact, he did his best to make it even MORE confusing!
=> 미안합니다... 길어서 해석이 안되네요 ㅋ

풀이:
일단 소스보기를 하여 스크롤을 내려서 스크립트를 찾자
<script type="text/javascript" src="http://hackthissite.org/missions/javascript/6/checkpass"></script>
<script language="javascript">
RawrRawr = "moo";
function check(x)
{
"+RawrRawr+" == "hack_this_site"
if (x == ""+RawrRawr+"")
{
alert("Rawr! win!");
window.location = "about:blank";
} else {
alert("Rawr, nope, try again!");
}
}

function checkpassw(moo)
{
RawrRawr = moo;
checkpass(RawrRawr);
}
</script>

<p align=center>Fiftysixer decided to try his hand at javascript!<br />
All was going well until he realized that he forgot to remove the unused code, which resulted in a confusing mess.<br />
He didn't mind, in fact, he did his best to make it even MORE confusing!</p>
<h2 align="center">Find the password:</h2>
<p align="center"><input type="password" id="pass" name="lvl_password" value=""><br />
<button onclick="javascript:checkpass(document.getElementById('pass').value)">Check Password</button></p>

버튼 부분(소스에서)보면 클릭을 하였을 경우 pass의 인자값을 checkpass로 보낸다고 되어있다. 하지만 위 소스에서
checkpass라는 함수가 없다.
소스를 더 자세히 보면 src로 해서
http://hackthissite.org/missions/javascript/6/checkpass를 찹조하는 것을 알 수 있다.
위 주소로 들어가면 다음과 같은 소스가 나온다.

dairycow="moo"; moo = "pwns"; rawr = "moo"; function checkpass(pass) { if(pass == rawr+" "+moo) { alert("How did you do that??? Good job!"); window.location = "../../../missions/javascript/6/?lvl_password="+pass; } else { alert("Nope, try again"); } }
이제 다음과 같이 소스를 바꾸어서 실행시켜 보자
<HTML>
 <BODY>
<script language="javascript">


dairycow="moo";
moo = "pwns";
rawr = "moo";
RawrRawr = "moo";


var pass = rawr+" "+moo;
document.write(pass);

</script>
 </BODY>
</HTML>

답은 moo pwns 이다.

'해킹 > 웹해킹' 카테고리의 다른 글

[Hackthissite Javascript] level 7  (0) 2010.09.26
[Hackthissite Javascript] level 5  (0) 2010.09.26
[Hackthissite Javascript] level 4  (0) 2010.09.26
[Hackthissite Javascript] level 3  (0) 2010.09.26
[Hackthissite Javascript] level 2  (0) 2010.09.26
Comments