In the previous post of TRY2HACK wargame level 1 has described the basic about the wargaming. The website TRY2HACK is simlating the conflict between web page programmer who writes a login page and the hacker trying to crack a login page.
Level 2
After passing the level 1, another login page is shown. But this time, the input box is fancier than the previous one.
Try random username and password with qwer. Nothing happens.
If right click is performed, an alert message would inform that the right click is disabled.
To open the developer tools of Google chrome, open the view menu and choose developer option. There is the developer tools.
After opening the developer tools, press the icon of a mouse in a box on the top left.
In this mode, the selected element would be highlighted in the right pane of html and left pane of codes. Move the mouse on the login object and the code for these input boxes is selected on the left. An object tag of flash appears.
Oh wait, there is a script tag above.
Extend the script tag and the javascript code is shown.
Browsing the code below, we may find out that the functions, disable_right_click, check_mouse, and trap_page_mouse_key_events are functions that trap and disable right clicks. So this piece of code doesn't program the validation of username and password.
<!--passwd="ItIsSoEasy";functiondisable_right_click(e){varbrowser=navigator.appName.substring(0,9);varevent_number=0;if(browser=="Microsoft")event_number=event.button;elseevent_number=e.which;if(event_number==2||event_number==3||event_number==4){alert("Right/middle mousebutton is disabled");return(false);}return(true);}functioncheck_mousekey(){varmouse_key=93;varkeycode=event.keyCode;if(keycode==mouse_key)alert("Mouse Key Is Disabled");}functiontrap_page_mouse_key_events(){varbrowser=navigator.appName.substring(0,9);document.onmousedown=disable_right_click;if(browser=="Microsoft")document.onkeydown=check_mousekey;elsedocument.captureEvents(Event.MOUSEDOWN);}window.onload=trap_page_mouse_key_events;//-->
Ok, the javascript code isn't the important thing. Then let's look back to the object on the page. Let's copy the data of the object which is level2.swf. It looks like a flash vedio.
Copy the name of the flash object and paste to the url bar.
The flash object may be obtained by a url.
Find a flash decompiler online. Here I use Show my code
This compiler may decompile class, flash, and .NET etc.
Enter the url of the flash object, the check character, and press the show my code button.
And the reverse engineering code is shown below.
A simple piece of code about the comparing of username and password appears.
Copy the username and password, enter them to the flash vedio, and level 3 is passed.
Conclusion
The techniques needed in this level are
Mouse disabled
Flash decompile
Flash actionscript
Flash is used to display streaming video, advertisement and interactive multimedia on web pages. The actionscript is an object-oriented programming language and used for the development of websites and software targeting the Adobe Flash Player platform, used on Web pages in the form of embeded SWF files. Well in recent years, Flash has been declined by many of the browsers since there are many vulnerabilities.
Try random username and password with qwer. Nothing happens.
If right click is performed, an alert message would inform that the right click is disabled.
To open the developer tools of Google chrome, open the view menu and choose developer option. There is the developer tools.
After opening the developer tools, press the icon of a mouse in a box on the top left.
In this mode, the selected element would be highlighted in the right pane of html and left pane of codes. Move the mouse on the login object and the code for these input boxes is selected on the left. An object tag of flash appears.
Oh wait, there is a script tag above.
Extend the script tag and the javascript code is shown.
Browsing the code below, we may find out that the functions, disable_right_click, check_mouse, and trap_page_mouse_key_events are functions that trap and disable right clicks. So this piece of code doesn't program the validation of username and password.
Copy the name of the flash object and paste to the url bar.
The flash object may be obtained by a url.
Find a flash decompiler online. Here I use Show my code
This compiler may decompile class, flash, and .NET etc.
Enter the url of the flash object, the check character, and press the show my code button.
And the reverse engineering code is shown below.
A simple piece of code about the comparing of username and password appears.
