i春秋娱乐解题赛-端午web题

搞完部门的事回来看到小白在群里面讨论做i春秋的题

看了一下社工题没有思路

看下web感觉有点思路就一直在做

写下writeup吧

题目

ctf

跟着提示的思路来

ctf

改请求头 改User-Agent为tip的

改X-Forwarded-For 随便改个IP就好了

改Cookie:Magic_Code=1

然后就得到一个

ctf

bugku上有道类似的看源码发现一个JS

1
2
3
<script>
var encode_version = 'sojson.v4';var __0x10aaf=['GB/DssOzYA==','IG3DhU/CgA==','wqshG8OzaQ==','w4gRCMKvw54=','wonCssOfesKQew==','eMOwwoDCli4=','HsKgEsOROT9gw78QZMKe','YhPCnMKTO1QZw7MVTsOHEiHCtcOCdmjDncOzwqfChlHDuRHCgjdJwqJTwo8=','wozDg07CqRNOwrZSSVnDo23Di3DCk8KUwo8ewpxNwq7DhMKVHU/CssKzG8K3GGZ3w4Z6w5R3wr8FwqLDqA==','b8KqERXCm8KvFmNLw70=','w4PCvyHDssOCw4LDmw==','NHPDg0c=','w4gWwoxjwoo=','woViw5TDkMOk','w65aLMORWA==','wq80w4HDgQ0=','PlRxa0o=','wq9cwp8qPi4=','KcKNFMO3w6rClMOm','w7Unw7AvCA==','w77CpCzCt8OLDA==','woXCmMKKO3o=','woQpwrzCtFY=','PcO6w7hv','w7xpEsOnUg==','wrfDuMK0ZEU=','ZA3DhcK3woM=','w7VbdxvCvQ==','wqvDnwPDq8Oh'];(function(_0x4b62bb,_0x4884c2){var _0x4f42e4=function(_0x19f0d2){while(--_0x19f0d2){_0x4b62bb['push'](_0x4b62bb['shift']());}};_0x4f42e4(++_0x4884c2);}(__0x10aaf,0x79));var _0x9bdd=function(_0x5e5d64,_0x3e968f){_0x5e5d64=_0x5e5d64-0x0;var _0x40b26f=__0x10aaf[_0x5e5d64];if(_0x9bdd['initialized']===undefined){(function(){var _0x133a9d=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;var _0x2b26dd='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x133a9d['atob']||(_0x133a9d['atob']=function(_0x27b884){var _0x50ea49=String(_0x27b884)['replace'](/=+$/,'');for(var _0x5d56c0=0x0,_0x484ca0,_0x1fdce4,_0x3285be=0x0,_0x5aaa6b='';_0x1fdce4=_0x50ea49['charAt'](_0x3285be++);~_0x1fdce4&&(_0x484ca0=_0x5d56c0%0x4?_0x484ca0*0x40+_0x1fdce4:_0x1fdce4,_0x5d56c0++%0x4)?_0x5aaa6b+=String['fromCharCode'](0xff&_0x484ca0>>(-0x2*_0x5d56c0&0x6)):0x0){_0x1fdce4=_0x2b26dd['indexOf'](_0x1fdce4);}return _0x5aaa6b;});}());var _0x17bf79=function(_0x4cc0ac,_0x523873){var _0x3e29d3=[],_0x16fc57=0x0,_0x175f65,_0x41a094='',_0x1902c2='';_0x4cc0ac=atob(_0x4cc0ac);for(var _0x8ac140=0x0,_0x2a7193=_0x4cc0ac['length'];_0x8ac140<_0x2a7193;_0x8ac140++){_0x1902c2+='%'+('00'+_0x4cc0ac['charCodeAt'](_0x8ac140)['toString'](0x10))['slice'](-0x2);}_0x4cc0ac=decodeURIComponent(_0x1902c2);for(var _0xd9ec31=0x0;_0xd9ec31<0x100;_0xd9ec31++){_0x3e29d3[_0xd9ec31]=_0xd9ec31;}for(_0xd9ec31=0x0;_0xd9ec31<0x100;_0xd9ec31++){_0x16fc57=(_0x16fc57+_0x3e29d3[_0xd9ec31]+_0x523873['charCodeAt'](_0xd9ec31%_0x523873['length']))%0x100;_0x175f65=_0x3e29d3[_0xd9ec31];_0x3e29d3[_0xd9ec31]=_0x3e29d3[_0x16fc57];_0x3e29d3[_0x16fc57]=_0x175f65;}_0xd9ec31=0x0;_0x16fc57=0x0;for(var _0x2a4993=0x0;_0x2a4993<_0x4cc0ac['length'];_0x2a4993++){_0xd9ec31=(_0xd9ec31+0x1)%0x100;_0x16fc57=(_0x16fc57+_0x3e29d3[_0xd9ec31])%0x100;_0x175f65=_0x3e29d3[_0xd9ec31];_0x3e29d3[_0xd9ec31]=_0x3e29d3[_0x16fc57];_0x3e29d3[_0x16fc57]=_0x175f65;_0x41a094+=String['fromCharCode'](_0x4cc0ac['charCodeAt'](_0x2a4993)^_0x3e29d3[(_0x3e29d3[_0xd9ec31]+_0x3e29d3[_0x16fc57])%0x100]);}return _0x41a094;};_0x9bdd['rc4']=_0x17bf79;_0x9bdd['data']={};_0x9bdd['initialized']=!![];}var _0x5ca5b6=_0x9bdd['data'][_0x5e5d64];if(_0x5ca5b6===undefined){if(_0x9bdd['once']===undefined){_0x9bdd['once']=!![];}_0x40b26f=_0x9bdd['rc4'](_0x40b26f,_0x3e968f);_0x9bdd['data'][_0x5e5d64]=_0x40b26f;}else{_0x40b26f=_0x5ca5b6;}return _0x40b26f;};var clicks=0x0;$(function(){var _0x291bc2={'zylCx':function _0x12a707(_0x4b97a5,_0x5f1c2d){return _0x4b97a5(_0x5f1c2d);},'yXdGg':'350px','MhlGn':_0x9bdd('0x0','3&sO'),'VpzYp':_0x9bdd('0x1','4ryP'),'hJRur':function _0x2b5304(_0x494dda,_0x1303ac){return _0x494dda>=_0x1303ac;},'itGPz':function _0x292fe4(_0x3c5335,_0x1a786a){return _0x3c5335+_0x1a786a;},'iFZDu':function _0x441ba7(_0x13e19a,_0x3eafd0){return _0x13e19a+_0x3eafd0;},'TODvQ':_0x9bdd('0x2','#$LN'),'krPqg':_0x9bdd('0x3','k@UG'),'Yfxrk':_0x9bdd('0x4',']QK['),'yBhlX':_0x9bdd('0x5','NdTE'),'gQsNu':_0x9bdd('0x6','siJj'),'BBPeC':function _0x495df1(_0x3ec6d9,_0x1fbd4e){return _0x3ec6d9(_0x1fbd4e);},'Vrwja':'#Click'};_0x291bc2[_0x9bdd('0x7','AaCe')]($,_0x291bc2[_0x9bdd('0x8','ua$Q')])['mousedown'](function(){_0x291bc2[_0x9bdd('0x9','^RwV')]($,this)[_0x9bdd('0xa','7gW6')](_0x291bc2[_0x9bdd('0xb','xO2K')])[_0x9bdd('0xc','pB#]')](_0x291bc2['yXdGg']);})[_0x9bdd('0xd','T*bl')](function(){_0x291bc2['zylCx']($,this)[_0x9bdd('0xe','#%S3')](_0x291bc2['MhlGn'])[_0x9bdd('0xf','HEcg')](_0x291bc2[_0x9bdd('0x10','94FV')]);clicks++;_0x291bc2[_0x9bdd('0x11','NKw[')]($,_0x291bc2['VpzYp'])[_0x9bdd('0x12','H[R8')](clicks);if(_0x291bc2[_0x9bdd('0x13','^RwV')](clicks,0x989680)){var _0x45dee2=_0x291bc2[_0x9bdd('0x14','6h3Z')]($,_0x291bc2['itGPz'](_0x291bc2['itGPz'](_0x291bc2[_0x9bdd('0x15','d0#0')](_0x291bc2[_0x9bdd('0x16','mPZH')](_0x291bc2[_0x9bdd('0x17','NdTE')],_0x291bc2[_0x9bdd('0x18','ATHI')]),clicks),_0x291bc2[_0x9bdd('0x19','gP0T')]),_0x291bc2[_0x9bdd('0x1a','Yye)')]));_0x291bc2[_0x9bdd('0x1b','y]D!')]($,_0x291bc2['gQsNu'])['append'](_0x45dee2);_0x45dee2[_0x9bdd('0x1c','nQ49')]();}});});;encode_version = 'sojson.v4';
</script>

看得好晕
注意到了clicks就直接post给他赋值就解出来了

ctf

然后根据提示倒序一下里面的flag然后连解base64几下就解出来了

ctf

这题难度不是很高,但是毕竟是自己在没有writeup的情况下解出来的

还是很开心的,记录一下。