What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2012-11-02

TRY2HACK - Level 4

Description:

LEVEL 4
Solution:
  1. There is a java applet in this challenge.
    <!--[if !IE]>-->
      <object classid="java:PasswdLevel4.class" type="application/x-java-applet" height="370" width="330" >
    <!--<![endif]-->
      <object classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" codebase="http://java.sun.com/update/1.6.0/jinstall-6u10-windows-i586.cab" height="370" width="330" > 
        <param name="code" value="PasswdLevel4" />
      </object> 
    <!--[if !IE]>-->
      </object>
    <!--<![endif]-->
    
  2. Let's download the Java class to check it out. Use a Java Decompiler to decompile the class file.
    The decompiled code:
  3. In the code you could find the URL like below.
    ...
    infile = new String("level4");
    try
    {
        inURL = new URL(getCodeBase(), infile);
    }
    catch(MalformedURLException _ex)
    {
        getAppletContext().showStatus("Bad Counter URL:" + inURL);
    }
    ...
    
  4. Okay, let's check the file now. hxxp://try2hack.nl/levels/level4
    level5-fdvbdf.xhtml
    appletking
    pieceofcake
  5. It's done!!

4 comments:

  1. Hey There. I discovered your bolg is so impressive. That is a very well written article.I will be sure to bookmark it and come back to learn extra of your helpful info. Thanks for the post. I will certainly return.
    Thanks
    Susanne Green
    medical assistant

    ReplyDelete