What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2012-11-18

Bright Shadows - JavaScript 7: "$cript Kiddie$"

Description:
          ________________
Username:|________________|
Password:|________________|Check Info

Solution:
  1. View page source code and find below encoded JScript code.
    Reference: http://en.wikipedia.org/wiki/JScript
    Reference: http://en.wikipedia.org/wiki/JScript.Encode

    <script language="JScript.Encode">
    #@~^xgMAAA==@#@&0; mDkW P14+13\+v0G.s#P@#@& @#@&\m.~Ek+MPxPWGM: EknDc\Cs!+@#@&-mD~wmdkPx,0KD:cwmd/c\CV!+@#@&b0PvcEk+D,xxPr:bm.W^.mwE#,'[,`2Ck/Pxx,J8DKVxE*#@#@&dP@#@&7dmVnDD`E%kmDb2Ycwta~r/,XKE.P.C 3;wrbi@#@&7N@#@&+sd@#@&dP@#@&dC^+MY`r?K.DHR~KMX~CTlk ZJ*i@#@&7.+DEMx~0Csk+I@#@&78@#@&N@#@&0EU^DkGx,[b/C(VIkTtD/VbmV`#@#@&P@#@&,~\mDPsnd/moPxPE]bo4Y,^VbmV~9k/C8^+[Jp@#@&P~@#@&,Pk6`e[W1Eh+ Y .botD/Vbm3Grdl(VNbP&&,kUkDrl^k"n@#@&P~`@#@&~P,~b0c9W1E:xD VmXnDk#~@#@&PP,~ @#@&P,~~P,NKm;:nUDR^laOEM+3-xYdcA\nxD triU2Grg#p@#@&,P~P,P[G1E:UYcWxsG;/NKhUPx~9kdl(s+"kL4DZVr^0i@#@&,~,PN@#@&,PP,+^d+,NGm!:nUDRW ^W Y+XOh+ E,'~Nrdm4s+"ro4Y/sbm3I@#@&P~P,.Y;Mx,NW1EsnxDR.kTtO/^km09kkl4^n[P{PDD;+I@#@&P~8@#@&P,kWc9Wm;hxOR^CH+.kP-uPvNK^Es+UYconOAV+snxDAX&[~[LPeNGm;hxORmsV*#@#@&,P @#@&,P~PbW,`nch4km4'{+u-+ h4k^4{'&*@#@&,PP,`@#@&,P,P~PCsDO`sn/klLn*i@#@&~,P~P,.Y;Mx,0l^/I@#@&P~P,8@#@&,P8@#@&P,+Vkn@#@&,PP@#@&P~~,ls+MO`s+ddmo+bI@#@&~P,~M+O!D P0mVkni@#@&~P)@#@&N@#@&Nbdl(V+"rLtDZ^k^3cbp@#@&HAwBAA==^#~@
    </script>
  2. Use online tool to decode it.
    Tool: http://www.greymagic.com/security/tools/decoder/decoder.asp

    function checkMe(form)
    { var user = form.user.value var pass = form.pass.value if ((user == "microcrap") && (pass == "broken")) { alert("jscript.php is your rankup"); } else { alert("Sorry. Try again!"); return false; } } function disableRightClick(e) { var message = "Right click disabled"; if(!document.rightClickDisabled) // initialize { if(document.layers) { document.captureEvents(Event.MOUSEDOWN); document.onmousedown = disableRightClick; } else document.oncontextmenu = disableRightClick; return document.rightClickDisabled = true; } if(document.layers || (document.getElementById && !document.all)) { if (e.which==2||e.which==3) { alert(message); return false; } } else { alert(message); return false; } } disableRightClick();
  3. Enter username and password or visit the target URL directly. Well done!!

Posted by at Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)