Webhacking.kr write-up: old-12
1 minutes to read| Link | point | tag |
|---|---|---|
| old-12 | 250 | JavaScript |
Howdy there, welcome to another weird CTF challenge on webhacking.kr. Today, we are walking through a JavaScript challenge.
Huh, look like there is nothing on the front page except a small hints. How about the source code.
Alright, this is an AAencoded text where I have included a similar challenge in CTF100, tryhackme. Simply use an online AAdecoder to reveal the JS code.
Understand the code is easy, you just need to follow the enco() function that converts the char code to ASCII and concatenates the strings.
- The for loop generate all ASCII character from 1 to 121
- The enco function used to find the indexed ASCII character from variable enco
If you’re lazy, drop the code to the JS online compiler
var enco='';
var enco2=126;
var enco3=33;
var ck=document.URL.substr(document.URL.indexOf('='));
for(i=1;i<122;i++){
enco=enco+String.fromCharCode(i,0);
}
function enco_(x){
return enco.charCodeAt(x);
}
console.log(String.fromCharCode(enco_(240))+String.fromCharCode(enco_(220))+String.fromCharCode(enco_(232))+String.fromCharCode(enco_(192))+String.fromCharCode(enco_(226))+String.fromCharCode(enco_(200))+String.fromCharCode(enco_(204))+String.fromCharCode(enco_(222-2))+String.fromCharCode(enco_(198))+"~~~~~~"+String.fromCharCode(enco2)+String.fromCharCode(enco3)+".php")
Visit the php and pwn the web.
Thanks for reading. Follow my twitter for latest update
If you like this post, consider a small donation. Much appreciated. :)