网络攻防大赛一到题,给我看看,解决给分

你先给出第一关的url也许第4关同前3关是有联系的。

解决方案 »

  1.   

    用十六进制编辑器打开那个logo看看
    总觉得第二句话可疑
      

  2.   

    .tip {?????????????????????? begin 600 M4$-&150P3E575D)&245H5515=V=51E9#5$5L1$E#271,>3E833!-=DPP4E52M0T))5D4Q34E$475-0T)58VU&=6,R;#!A5SEU65=W=@T*3#!63TEJ-$Y#:GA)M5D4Q35!J>$E2549%4&<P2U!%,496145G84A2,&-#,6QC6%9P9&HQ1&(R-3!:M5S4P3%92-6-'56=9,CEU9$=6=0T*9$0P:61'5C1D0SEO9$<Q<T]Y0FIA1T9YM8S)6,%!79&E-:DUX36E)*T11;SA4559545-":F(R-3!:5S4P4%-*3E4P:%54M57=G3FDT=PT*34,T>4]407=,:DDR3411:4E'-6AB5U4Y4C!63U)62D)613E3M4&<P2U!&3E5757A&4&IW=E4Q4EI4154K1%%O.$PP:$9155$K1%%O.`T*46LYM15=30FE:,$YV8D<Y>5!33FU:;5IM6FU9*T11;SA216Q74&IX1U0P-55)2$YPM96U5.4UJ-#%:1%5X3D19>4YZ6FQ9;4UW36U%,`T*3&UH,&)4=W92:SE/5D0TA.$PP4DI6:C0X3#!*4%)&:RM00SE)5D4Q35!G,$L-"@T*,`end}在这里,是CSS里的。
      不过现在还在看,是怎么样编码的
      

  3.   

    估计是用JScript.Encode加密的。
    去找工具解密看看
      

  4.   

    第二关地址关键
    <SCRIPT>
    var string = "5asdfj6sdfe92urjvn1de4we3fd7ad8";
    var enigma = "";
    var whatisthis = "var myxor = prompt('Password:','');for (y=3; y<9; y++) {enigma += (string.indexOf(y)+1);}enigma += 5;if (myxor==enigma){enigma = enigma + '.htm';location.href=enigma;}else{location.href='levels2_comebaby.html';}";
    eval(whatisthis);
    </SCRIPT>
    研究中……
      

  5.   

    记得以前在某论坛不支持 贴图、上传附件 等功能,于是有人以文本的方式传递“zip”文件;就是将网页上的一堆不知所以的乱七八糟的文本复制下来,然后粘贴到二进制文本编辑器中,另存为就可以“下载”zip文件了。
      

  6.   

    第二关密码
    25221728315
    第三关地址
    http://wlgcx.cuit.edu.cn/gfds/Skilltest/25221728315.htm好玩
      

  7.   

    第三关
    username:FiomtEzenA
    password:vkYe9hbeHF
      

  8.   

    第四关   V=51E9#5$5L1$E#271,>3E833; DPP4E52: 6,R; A5SEU65: W=@T*3#; Y: GA)
    M5D4Q35; E2549: M5S4P3%92-6-'56=9,CEU9$=6=0T*9$0P:61'5C1D0SEO9$<Q<T]Y0FIA1T9Y
    M8S)6,%; E-: DUX36E)*T11; SA4559545-:
      

  9.   

    没发现是什么加密算法。就是在CSS里面
      

  10.   

    第四关:
    uuencode编码,解开便是。
      

  11.   

    楼上的你解了吗???
    第一层是uuencode第二层是base64应该还有一层我还没看出来,最近太忙了没时间解,明天再说吧。
    第二层解开是这样的:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <HTML><HEAD>
    <META http-equiv=Content-Type content="text/html; charset=gb2312">
    <META content="MSHTML 6.00.2900.2604" name=GENERATOR>
    <STYLE></STYLE>
    </HEAD>
    <BODY bgColor=#ffffff>
    <DIV><FONT size=2>5d5146276ebc02a4.htm</FONT></DIV></BODY></HTML>
      

  12.   

    lookatliu(独孤常败)
    你是怎么用uuencode解的???我用rar解开的,但是解出来的东西不对.
      

  13.   

    lookatliu(独孤常败 第3成是用MD5加密的啊
      

  14.   

    第五关地址
    http://wlgcx.cuit.edu.cn/gfds/Skilltest/5964256.htm
      

  15.   

    晕,真的5d5146276ebc02a4是5964256通过md5加密的!
     menrock(做人要厚道),大哥,太佩服你了!怎么解,爆破?
      

  16.   

    回复人: ccxxcc(cc小超) ( ) 信誉:100  2005-04-12 08:32:00  得分: 0  
     
     
       晕,真的5d5146276ebc02a4是5964256通过md5加密的!
     menrock(做人要厚道),大哥,太佩服你了!怎么解,爆破?
      
     
    md5加密后应该是32位字串啊……
    这才几位??……
      

  17.   

    汗!
    果然是md5……
    总结一下:
    目标是style.css文件,原内容:
    .tip {
    下面的东东看不看的懂? 
    begin 600 
    M4$-&150P3E575D)&245H5515=V=51E9#5$5L1$E#271,>3E833!-=DPP4E52
    M0T))5D4Q34E$475-0T)58VU&=6,R;#!A5SEU65=W=@T*3#!63TEJ-$Y#:GA)
    M5D4Q35!J>$E2549%4&<P2U!%,496145G84A2,&-#,6QC6%9P9&HQ1&(R-3!:
    M5S4P3%92-6-'56=9,CEU9$=6=0T*9$0P:61'5C1D0SEO9$<Q<T]Y0FIA1T9Y
    M8S)6,%!79&E-:DUX36E)*T11;SA4559545-":F(R-3!:5S4P4%-*3E4P:%54
    M57=G3FDT=PT*34,T>4]407=,:DDR3411:4E'-6AB5U4Y4C!63U)62D)613E3
    M4&<P2U!&3E5757A&4&IW=E4Q4EI4154K1%%O.$PP:$9155$K1%%O.`T*46LY
    M15=30FE:,$YV8D<Y>5!33FU:;5IM6FU9*T11;SA216Q74&IX1U0P-55)2$YP
    M96U5.4UJ-#%:1%5X3D19>4YZ6FQ9;4UW36U%,`T*3&UH,&)4=W92:SE/5D0T
    A.$PP4DI6:C0X3#!*4%)&:RM00SE)5D4Q35!G,$L-"@T*,
    `
    end
    }
    第一层:
    uuencode编码,解码方法:
    原文修改为:
    begin 600 style.txt
    M4$-&150P3E575D)&245H5515=V=51E9#5$5L1$E#271,>3E833!-=DPP4E52
    M0T))5D4Q34E$475-0T)58VU&=6,R;#!A5SEU65=W=@T*3#!63TEJ-$Y#:GA)
    M5D4Q35!J>$E2549%4&<P2U!%,496145G84A2,&-#,6QC6%9P9&HQ1&(R-3!:
    M5S4P3%92-6-'56=9,CEU9$=6=0T*9$0P:61'5C1D0SEO9$<Q<T]Y0FIA1T9Y
    M8S)6,%!79&E-:DUX36E)*T11;SA4559545-":F(R-3!:5S4P4%-*3E4P:%54
    M57=G3FDT=PT*34,T>4]407=,:DDR3411:4E'-6AB5U4Y4C!63U)62D)613E3
    M4&<P2U!&3E5757A&4&IW=E4Q4EI4154K1%%O.$PP:$9155$K1%%O.`T*46LY
    M15=30FE:,$YV8D<Y>5!33FU:;5IM6FU9*T11;SA216Q74&IX1U0P-55)2$YP
    M96U5.4UJ-#%:1%5X3D19>4YZ6FQ9;4UW36U%,`T*3&UH,&)4=W92:SE/5D0T
    A.$PP4DI6:C0X3#!*4%)&:RM00SE)5D4Q35!G,$L-"@T*,
    `
    end
    保存为style.uue,用winzip或者winrar解压得到style.txt文件,内容:
    PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
    L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
    dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4w
    MC4yOTAwLjI2MDQiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8
    Qk9EWSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIHNpemU9Mj41ZDUxNDYyNzZlYmMwMmE0
    Lmh0bTwvRk9OVD48L0RJVj48L0JPRFk+PC9IVE1MPg0K这是第二层,base64编码:
    解码方法:
    将style.txt内容修改为:
    Content-Type: text/plain;charset="cn-gb"
    Content-Transfer-Encoding: BASE64PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
    L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
    dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4w
    MC4yOTAwLjI2MDQiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8
    Qk9EWSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIHNpemU9Mj41ZDUxNDYyNzZlYmMwMmE0
    Lmh0bTwvRk9OVD48L0RJVj48L0JPRFk+PC9IVE1MPg0K
    保存为style.eml,用outlook打开,得到内容为:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <HTML><HEAD>
    <META http-equiv=Content-Type content="text/html; charset=gb2312">
    <META content="MSHTML 6.00.2900.2604" name=GENERATOR>
    <STYLE></STYLE>
    </HEAD>
    <BODY bgColor=#ffffff>
    <DIV><FONT size=2>5d5146276ebc02a4.htm</FONT></DIV></BODY></HTML>
    关键内容为:5d5146276ebc02a4.htm第三层加密,md5
    解密方法:
    哭,穷举!
      

  18.   

    第五关是java题:我觉得这个是关键,可惜自己对java不了解
    public void actionPerformed(ActionEvent actionevent)
        {
            String s = code.getText();
            try
            {
                String s1 = Base64.encodeString(inpass);
                if(s.equals(s1))
                {
                    s1 = s1.replaceAll("=", "");
                    code.setText(s1 + ".htm");
                    answer.setText("Go to: " + s1 + ".htm");
                } else
                {
                    answer.setText("密码错误");
                }
            }
      

  19.   

    第五关是java题:我觉得这个是关键,可惜自己对java不了解
    public void actionPerformed(ActionEvent actionevent)
        {
            String s = code.getText();
            try
            {
                String s1 = Base64.encodeString(inpass);
                if(s.equals(s1))
                {
                    s1 = s1.replaceAll("=", "");
                    code.setText(s1 + ".htm");
                    answer.setText("Go to: " + s1 + ".htm");
                } else
                {
                    answer.setText("密码错误");
                }
            }
    密码是:anVzdGFnYW1l,但是下面显示go to:anVzdGFnYW1l.htm明显不是答案,还有什么地方有圈套,晚上再研究了
      

  20.   

    如果那串是MD5,出题的人肯定不会用那么复杂的字串去生成MD5,要不谁解得开?所以就试了8位内的数字穷举,如果8位数字穷举不出来,那就试别的,很简单的道理
      

  21.   

    http://wlgcx.cuit.edu.cn/gfds/Skilltest/hqlhfocn6.htm
      

  22.   

    第六关地址
    http://wlgcx.cuit.edu.cn/gfds/Skilltest/hqlhfocn6.htm
      

  23.   

    menrock太厉害了,俺还还在第四关的logo.jpg里苦苦搜索哩,没想到是css.
      

  24.   

    不懂java,请教menrock(做人要厚道)第五关
      

  25.   

    呵呵~~
    <SCRIPT LANGUAGE="JavaScript">
        <!--
    var testkey1 = "%BFDT%9C%C1%BF0";
    var testkey2 = "%B9EV%98";
    var s = "%B7%1D%16%C4%9B%B9%0C2%0E%14%266%28%91%8A%E3%06%F0T%21i%05%28oR%A8kc%B8P/K%94%97%B0Q%7C%8B%D1/%DD%8BX%3CD%B3%C54%FC%08%10%0E%06%89%D1%92%1A%A4q%7Ej%90%F4%9D%DC4Z%00D@39%DB%3AW%B2R%7F%94%84pQ%7B%AC%5Bx%13%D3%11%DC%C4%08%E4%D5%u900C%u8F34%7B%CC%93%AE%EB%D6I%F4%EEd%B6%1D%F4C%28U%AC%A1%F8%0E%8D%96%90%AF%8D%AF%93%A1%E6i%9C%8F%A7%A1%EFN%BA%BC%06jI@%EB%93q%12D%FE%AAN%DA%80%0E%06%3C9%E6%F8%DE%C2%E8%29%CF%25%F5%F1%CFc%9B3%5B%A2%8A%3Bs%03%3C%EE%7Cu%EA%26%07%BC%19%1DK%F3%90%97_%07%AF%11%3Dk%FF%1A%D1%D3%D2FxJo%1Dr%5D%1B%C2%CD%5B%D8%93%D4%1E%08%0F%E1J%5E%E5%D9%90%97%A35%BC%9E%E9%A4*n%91%C3M%19%0C%0F.%29v%A3%0Djz%92%1B%A5%BA%1Ed1%9E%B3%037*%A1%94h%1DZ%FF%8A%E9%BC%D8%9E%80T%60%F9%00%D5%F2%18%D1K%EAS%5C%F3%B0%1D%BF%9D%7BK%E2%C8%21%EF%F0%ECEd%3A%CE%F5_%5B%EA%CE%A8fi%5B%96%3D%FD%8A%A4%8B%24%C6%DF%BA%E59%19%C3%91%BCL%8F%24%17%8C%B0T%E2%03%E1%86%C5-Ul%22%3D%C9d%AC%7B%A0%EF%F7%9A%CA%8E%AE%DBk%26%D86%9AlLqV%19%D0%7C%E3i%AF%D5%E0%7Dn%FD%96%9B%9F%DA%ED%B6W%F1%00%1F%0A%FF%03n%29%DD%BA%E7%06%BE*i%D9%ED%90%23c%5C%D6%29%0A7I%FD%B1%0A%AD%9Ad%A3%9E%A0%9E%B6Gx%3C%DC%B8%07%7DvsOJ%28g%D9%8BY%C3u%08%89R%0C3%91%B8%FB%8D%3B%FD%DB%22Cq%95%D3C%C5%23k%3B%7C%3B%92%CA%BF%20%B5%B1sc%CB%C6%83%DC%1D%E0%E6T%E7q%E4l_%29%E4P%C0%DA%02%EA%F8%02%3D%E5%9A%DCM%ED%A9%BE%8CP/%CA%A7i%D5%0C%93%CACt%5C%13%E0%BEqr%8A%A8%E93G%D2%EE%C23%F7O%3A%03-+%93o%8D%27%5C%23D%FB%5C%93%1E%D4mw%9B%AE%B4%7E%D6%BAn%F8%DD+%EC%0A%A2-%90%9D%F1%EB%B5%9Ac%12%8F%C2%EE%A5%02Kp/%2CG%A0%B1%3Bz%21%3B%00%DB%A9%9B%D5%8B%1C%1FY%AF%E3%A6%FC%09/%CB%AA%CF%CA*%FDzD%01%B5%22%C4%9Er%E2%89%CD%F6%F9@%AF%87%FE%C7%20%AB%18%F4s%9A%FC%A8%FC%D5C%B2%8E%10%B7%17%9CG%BB%D4+%A2%E7%A0%91%D7%12%88%E9C%95%D3%83Y%5Dx%F6%F8%13%5ELZ%83%FBc%0B%8A%25%12%27UJ%B4%C8%09/F%A8%E7%8C%0D%84G%D9%95%B9%CA%1B%D3%21%02%CD%D4%E8%DD%D4%B5Nc%DA%D5%D8%7B%09jjX%00%29mA%95%A5%85%AC%7F%9BT%03+X%29%C8%F9%AA%EDU%83KK%BA%1C%DB%97%9E%EC%D9%CF%87%9B%0E%C5%CASVrz%AFn%9C%C0g7%D2%AD%D1%C3%22%EB%FBX%EDb%EBp%DD%F4%D4%9A%E1xg%AF1B%ED%E8%A7%5B%AC%E13%01%60f%7D%F6%E1%FD%3C%7B%7Bo%91%B5%A1%3F%A6%04%90%CA2Y%EC%13%BA%24%D5T%E1%29%B6%ECq%C2@%EF%7D%DD%AB%25%DDx%D6%AA%AC%C3%AF%9A%17%u6013%u55F5%uFF61%u4F6A%u5DC5%u905D%u8F9A%u6B95%u5132%u300Di%3A%C9%B4Mq%91%0F%1C%D0Nj%D5%23%A9%5C%DF/m%07%90%BCK%B8%B1%8A%CB%BB%A5%A8D%AA%29%D0%E9%9B@%5Bw%8D8bR%29%C8%DD%AC%9DJ%20%3F%3FgM%168%A9%BF%26T%20%1A%9B%E1Q%F7%C2%B9%81%DFW%5D%F2%7C%D2CI%A1%E0%CBR%A1%0Cy6_Ww%BE%88%135%B5D%ADaV%CE%7E%C3%C6r%E6sH%A3%9C%8A3%D9%C92%B0%B5%81%EF%8Et%1D%B6%EF%0B%06%D6sF%96%E9B%D5Z%25%EFH%F3%D4%DFW%8F%EBA%A4%F64%94C%3A%A3%F1n%B0%8F%21%F53V%1ETv%DA%BF%01%ECf%90%BA%B5%18%05U%9F%7Ff%17%DDX1%7E%11%95%09pG%1F%F3hq%CD.k%8AM%F0%3FXU%20%CAIx*%C6k%D11%231%D3%FA%04%DA%CBM%23%2C%F0%14K%E4%C3%05%EE%F8G%FF%D6%D9%F8%A0%EA%17%97%3A%E3G%DC%ABN%A4%AA%19%5CRy%14K%10%8B%F1%07%3B%9F%09%08%E0%B0%20a16i%F1%9CI%9A%06%E3%FB%0B%1DIEf%E0%AC%0F%20@%BF%15%A3%82MVO%E3%80%B1%1F%87%5E%FB%86%F4%F0%12%14%89%18%F52S%C4%u8B33%u5C2D%u7610%u7BA6%u89F2%u8F37%u510D%u8F4C%u7A67%u54CF%u57D3%u6BEA%u5182%u4E49%u6204%u4FAC%u75C6%u7692%u5D36%u5136%u537F%u5F79%u632A%u5BC4%u908D%u7B0C%uFF66%uFF88%22%u6253%u4EEF%u5C77%u912A%u604C%u52CA%u52C3%5B%D7Y%8F%0A%F7%09%11K%EA%D1%20%07Q%0D%8B%FA%F0%B0%D6%86%03%F5%E5%24%B5%AE%E3M3pq%E7%A9%F5h%F5%26%8D3%CC%EF%A8P%8E%23%08*E%8Bw%E8nTK%FF%14%1D%91%EF%E5T%24%3A%2C%1E%60%22%16%E9i%FB.%01%16th%EB1%25%0A%89Qd%25%C9%96R%CD%DF%CDW%AEK%A6%EE%B0eN%A9%EB%CD%28%7C%06%1D*%0F%C9u%B1%9E%BES%96%07%C1%60%7F%CA%00zE%3C%D7%C9%98d%A5RX%3A%5C%99%89%85%5B%FB%8E%60%E2%CD%9E%B8%10%E8%E3%DC%20H%D3%B8%F6%3EI%D3%9E%FE%DBk%2CA%1A%94t%F5z%13SS5%B9%3D%09Uh%A2%5C-%FB%86%20Z%1C%EA%A3";

    function Try(key)
    {
    if(test(key)==false)
    alert("错误!");
    else
    document.write(decrypt(unescape(s),key));
    }
    function test(pass)
    {
    if(pass=="")
    return false;
    else
    {
    var t1 = decrypt(unescape(testkey1),pass);
    var t2 = decrypt(unescape(testkey2),pass);
    if(t1%t2==0)
    return true;
    else
    return false;
    }
    }    function decrypt(str,key) {
    var out=new String();
    var i,j;
    var tmp,s;
    var t,x;
    var len=key.length;
    var X=new Array();
    var Y=new Array(); for(i=0;i<256;i++)
    X[i]=i; for(i=0,j=0;i<256;++i,j%=len)
    {
    Y[i] =key.charCodeAt(j);
    j++;
    } for(i=0,j=0;i<256;i++)
    {
    j = (j+X[i]+Y[i])%256;
    tmp = X[i];
    X[i]=X[j];
    X[j]=tmp;
    }
    for(i=0,j=0,x=0;x<str.length;++x)
    {
    i = (i+1)%256;
    j = (j+X[i])%256;
    tmp = X[i];
    X[i] = X[j];
    X[j] = tmp;
    t = (X[i]+(X[j]%256))%256;
    s = X[t];
    out = out.concat(String.fromCharCode(str.charCodeAt(x)^s));
    }
    return out;
    }
        //-->
        </SCRIPT>
      

  26.   

    附加关的题
    function Try(key)
    求这个key