按右鍵,檢視網頁原始碼
點擊js檔看到下面,雖然知道是js檔,但有點亂
用(線上Javascript工具,執行看看
接著為了再去混淆度,把常出現的兩個參數findMiddlePosition跟navigatePop丟進去,看他的結果,並已編譯後的值帶入
(async() => {
const findMiddlePosition = _0x4e0e;
let leftBranch = await fetch(./JIFxzHyW8W);
let rightBranch = await WebAssembly[instantiate](await leftBranch[arrayBuffer]());
let module = rightBranch[instance];
exports = module["exports"];
})();
/**
* @return {undefined}
*/
function onButtonPress() {
const navigatePop = _0x4e0e;
let params = document["getElementById"](input)[value];
for (let i = 0; i < params["length"]; i++) {
exports[copy_char](params[charCodeAt](i), i);
}
exports["copy_char"](0, params["length"]);
if (exports[check_flag]() == 1) {
document[getElementById](result)[innerHTML] = Correct!;
} else {
document[getElementById](result)[innerHTML] = Incorrect!;
}
}
知道是從JIFxzHyW8W下載wasm檔,是用copy_char存每個flag,再用check_flag來確認是否正確,用wget指令下載wasm檔,在用kali內建wasm2wat將wasm檔轉成wat檔(WebAssembly 文字格式)
用Cat指令得到flag