江湖魔头-BugkuCTF平台(解密和加密)
以下代码在浏览器控制台运行
靶场网址:http://123.206.31.85:1616/
1.解密,获取加密前的字符串
//解密,获取加密前的字符串,直接修改金额
var temp = getCookie('user');
temp = decodeURIComponent(temp);
var mingwen = decode_create(temp);
console.log(mingwen)
结果如图:
2.修改金钱,加密,变成原cookie格式
//加密,把修改好的字符串赋值给a,如下:
a="O:5:\"human\":10:{s:8:\"xueliang\";i:774;s:5:\"neili\";i:747;s:5:\"lidao\";i:80;s:6:\"dingli\";i:55;s:7:\"waigong\";i:0;s:7:\"neigong\";i:0;s:7:\"jingyan\";i:0;s:6:\"yelian\";i:0;s:5:\"money\";i:9999999999;s:4:\"flag\";s:1:\"0\";}";
b="";
for (i = 0; i < a.length; i++) {
var num = a[i].charCodeAt();
num = num + ((i % 10) + 2);
num = num ^ i;
b += String.fromCharCode(num);
}
var input=b
_keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
// public method for encoding
var output = "";
var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
var i = 0;
//input = _utf8_encode(input);
while (i < input.length) {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output +
_keyStr.charAt(enc1) + _keyStr.charAt(enc2) +
_keyStr.charAt(enc3) + _keyStr.charAt(enc4);
}
temp = encodeURIComponent(output);
//console.log(temp)
document.cookie='user='+temp
结果如图: