第一關(guān):http://www.try2hack.nl/level1.html
查看源文件,有下面的內(nèi)容:
<SCRIPT LANGUAGE="JavaScript">
function Try(passwd){
if (passwd =="hackerzzz"){
alert("Alright ! On to level 2 ...");
location.href = "levvel2.html";
第二關(guān):http://www.try2hack.nl/levvel2.html
查看源文件,注意這句:<EMBED src="FlashLevel2.swf" quality=high bgc,
所以到http://www.try2hack.nl/FlashLevel2.swf試下,然后用netant或flashget 把文件到本地, 用ultraedit 打開, 可以看到有下面的字符串:Try2Hack, NokiaIsGood 等, 試user=Try2Hack, pawd=NokiaIsGood, passed.
第三關(guān):http://www.try2hack.nl/LLeVeLL3.html
一開始就跳出密碼框, 查不到源文件, 但cancel, 然后stop, 可以查到以下:<SCRIPT language="JavaScript">
pwd = prompt("Please enter the password for level 3 :","");
if (pwd==PASSWORD){
alert("Alright !\nEntering Level 4 ...");
location.href = CORRECTSITE;
}else
{
alert("WRONG !\nBack to disneyland !!!");
location.href = WRONGSITE;
}
PASSWORD="AbCdE";
CORRECTSITE="level4.html";
WRONGSITE="里面沒有所要的密碼. 嗯,到本機(jī)的Temporary Internet Files目錄下查下最新的文件, 有一JavaScript的文件, 正好是這網(wǎng)站的, 把它c(diǎn)opy出來, 打開, 看到
PASSWORD = "TheCorrectAnswer";
CORRECTSITE = "thelevel4.html";
WRONGSITE = "成功了!
第四關(guān):http://www.try2hack.nl/thelevel4.html
很明顯, 是Java applet 程序, 把他下載下來:http://www.try2hack.nl/PasswdLevel4.class, 用java 反編譯軟件, 我用jad.exe來反編譯. jad -f PasswdLevel4.class, 得到PasswdLevel4.jad 文件, 用Notepad 打開, 這句查對passwd和user的:
if(txtlogin.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 2].trim().toUpperCase().intern() && txtpass.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 3].trim().toUpperCase().intern()),
而inuser是從下面這段程序讀進(jìn)來的:
countConn = inURL.openStream();
countData = new java.io.BufferedReader(new java.io.InputStreamReader(countConn));
java.lang.String s;
while((s = countData.readLine()) != null)
if(totno < 21)
{
totno = totno + 1;
inuser[totno] = s;
s = "";
}
else
{
lblstatus.setText("Cannot Exceed 10 users, Applet fail start!");
destroy();
}
inuser又從inURL來,
infile = new java.lang.String("level4");
try
{
inURL = new java.net.URL(getCodeBase(), infile);
}
所以密碼文件為http://www.try2hack.nl/level4, 用flashget下載, 有
5_level_5.html
Try2Hack
AppletsAreEasy
第五關(guān): http://www.try2hack.nl/5_level_5.html
下載, 解壓, 看到有VBRun300.dll就知道應(yīng)該是VB3的文件, 用VB 反編譯工具, 可得到level5.bas,
查看有以下查對passwd 的語句:
If txtUsername <> Mid(mc001A, 56, 1) & Mid(mc001A, 28, 1) & Mid(mc001A, 35, 1) & Mid(mc001A, 3, 1) & Mid(mc001A, 44, 1) & Mid(mc001A, 11, 1) & Mid(mc001A, 13, 1) & Mid(mc001A, 21, 1) Then
MsgBox "Username not accepted."
Exit Sub
End If
If txtPassword <> Mid(mc001A, 51, 1) & Mid(mc001A, 31, 1) & Mid(mc001A, 30, 1) & Mid(mc001A, 51, 1) & Mid(mc001A, 16, 1) & Mid(mc001A, 45, 1) & Mid(mc001A, 24, 1) & Mid(mc001A, 29, 1) & Mid(mc001A, 26, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 28, 1) & Mid(mc001A, 11, 1) & Mid(mc001A, 30, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 25, 1) & Mid(mc001A, 24, 1) Then
而Const mc001A = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.,:;-*+=~|&!_$#@()[]{}<\/>"
可知是從該字串相應(yīng)位置的字符組成passwd和user, 如Mid(mc001A, 56, 1)="T", 可得
user:Try2Hack
pwd: OutOfInspiration
又過了!
先干到這關(guān)吧.
所用的相應(yīng)程序均從http://ddcrack.myetang.com/cracktool.htm下載.