iT邦幫忙

0

資安學習路上-picoCTF 解題(Web)2

  • 分享至 

  • xImage
  •  

4. Some Assembly Required 1

https://ithelp.ithome.com.tw/upload/images/20220514/20148431OT4knzaej7.png

按右鍵,檢視網頁原始碼
https://ithelp.ithome.com.tw/upload/images/20220514/20148431OVpYMNEzOg.png

點擊js檔看到下面,雖然知道是js檔,但有點亂
https://ithelp.ithome.com.tw/upload/images/20220514/20148431HHkjUFK6aW.png

用(線上Javascript工具,執行看看
https://ithelp.ithome.com.tw/upload/images/20220514/20148431I9gWZjCtSh.png

接著為了再去混淆度,把常出現的兩個參數findMiddlePosition跟navigatePop丟進去,看他的結果,並已編譯後的值帶入
https://ithelp.ithome.com.tw/upload/images/20220514/20148431dV8EBIkqey.png

結果如下

(async() => {
  const findMiddlePosition = _0x4e0e;
  let leftBranch = await fetch(./JIFxzHyW8W);
  let rightBranch = await WebAssembly[instantiate](await leftBranch[arrayBuffer]());
  let module = rightBranch[instance];
  exports = module["exports"];
})();
/**
 * @return {undefined}
 */
function onButtonPress() {
  const navigatePop = _0x4e0e;
  let params = document["getElementById"](input)[value];
  for (let i = 0; i < params["length"]; i++) {
    exports[copy_char](params[charCodeAt](i), i);
  }
  exports["copy_char"](0, params["length"]);
  if (exports[check_flag]() == 1) {
    document[getElementById](result)[innerHTML] = Correct!;
  } else {
    document[getElementById](result)[innerHTML] = Incorrect!;
  }
}

知道是從JIFxzHyW8W下載wasm檔,是用copy_char存每個flag,再用check_flag來確認是否正確,用wget指令下載wasm檔,在用kali內建wasm2wat將wasm檔轉成wat檔(WebAssembly 文字格式)
https://ithelp.ithome.com.tw/upload/images/20220514/20148431uG8RwbNg0k.png

用Cat指令得到flag
https://ithelp.ithome.com.tw/upload/images/20220514/20148431Tqo620hbMN.png


圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言