๐Ÿ’ญ Minji's Archive

[Webhacking.kr] old-12 Javascript challenge

October 27, 2025

script ์ƒ๊ธด ๊ฑธ ๋ณด์•„ํ•˜๋‹ˆ ์›๋ž˜ ์ฝ”๋“œ๋ฅผ ์ด๋ชจํŠธ์ฝ˜์œผ๋กœ ๋Œ€์ฒดํ•œ ๊ฒƒ ๊ฐ™์€๋ฐโ€ฆ javascript ์•”ํ˜ธํ™”๋กœ ์„œ์น˜ํ•ด๋ณด๋‹ˆ๊นŒ https://cat-in-136.github.io/2010/12/aadecode-decode-encoded-as-aaencode.html ์š”๋Ÿฐ ์‚ฌ์ดํŠธ๋ฅผ ์ฐพ์„ ์ˆ˜ ์žˆ์—ˆ๋‹ค. ๋ฐ”๋กœ ๋ณตํ˜ธํ™” ใ„ฑใ„ฑ. ์ฝ”๋“œ๋ฅผ ์ข€ ์ž˜ ์‚ดํŽด๋ณด์ž๋ฉดโ€ฆ

var enco='';
var enco2=126;
var enco3=33;

126์€ ascii๋กœ ~์ด๊ณ , 33์€ ascii๋กœ !์ด๋‹ค.

var ck=document.URL.substr(document.URL.indexOf('='));
for(i=1;i<122;i++){
  enco=enco+String.fromCharCode(i,0);
}

ck: URL์—์„œ = ์ดํ›„์˜ ๋ถ€๋ถ„์„ ์ถ”์ถœ enco: ascii์ฝ”๋“œ 1์—์„œ 121๊นŒ์ง€ ๋ฌธ์ž + \x00๋“ค์„ ์—ฐ๊ฒฐํ•œ ๋ฌธ์ž์—ด ์ƒ์„ฑ ์ฆ‰ \x01\x00\x02\x00 ์ด๋Ÿฐ์‹์œผ๋กœ ์ƒ์„ฑ๋  ๊ฒƒ์ž„

function enco_(x){
  return enco.charCodeAt(x);
}

enco ๋ฌธ์ž์—ด์˜ x๋ฒˆ์งธ ์œ„์น˜ ๋ฌธ์ž์˜ ascii ์ฝ”๋“œ๋ฅผ ๋ฐ˜ํ™˜

if(ck=="="+String.fromCharCode(enco_(240))+String.fromCharCode(enco_(220))+String.fromCharCode(enco_(232))+String.fromCharCode(enco_(192))+String.fromCharCode(enco_(226))+String.fromCharCode(enco_(200))+String.fromCharCode(enco_(204))+String.fromCharCode(enco_(222-2))+String.fromCharCode(enco_(198))+"~~~~~~"+String.fromCharCode(enco2)+String.fromCharCode(enco3)){
  location.href="./"+ck.replace("=","")+".php";
}

์ด๊ฑธ ์ฝ˜์†”์—์„œ ์‹คํ–‰ํ•ด ๋ณด์ž.

์ด๋ ‡๊ฒŒ ํ•จ์ˆ˜ ์ •์˜๋ฅผ ๊ทธ๋Œ€๋กœ ๊ฐ–๊ณ ์™€์„œ ํ•ด์ฃผ๊ณ  ์š”๋ ‡๊ฒŒ ํ•˜๋ฉด ๋ฌด์Šจ ๋ฌธ์ž์—ด์ธ์ง€ ํ™•์ธ ๊ฐ€๋Šฅ.

์•ผํ˜ธ