当前位置:首页>>软件教程>>病毒安全>>新闻内容  
http://www.try2hack.nl/ 五关破解详解
作者: 发布时间:2003-10-7 14:18:05 | 【字体:

第一关:http://www.try2hack.nl/level1.html
查看源文件,有下面的内容:
<SCRIPT LANGUAGE="JavaScript">
function Try(passwd){
  if (passwd =="hackerzzz"){
    alert("Alright ! On to level 2 ...");
    location.href = "levvel2.html";
第二关:http://www.try2hack.nl/levvel2.html
查看源文件,注意这句:<EMBED src="FlashLevel2.swf" quality=high bgc,
所以到http://www.try2hack.nl/FlashLevel2.swf试下,然后用netant或flashget 把文件到本地, 用ultraedit 打开, 可以看到有下面的字符串:Try2Hack, NokiaIsGood 等, 试user=Try2Hack, pawd=NokiaIsGood, passed.

第三关:http://www.try2hack.nl/LLeVeLL3.html
一开始就跳出密码框, 查不到源文件, 但cancel, 然后stop, 可以查到以下:<SCRIPT language="JavaScript">

pwd = prompt("Please enter the password for level 3 :","");

if (pwd==PASSWORD){
  alert("Alright !\nEntering Level 4 ...");
  location.href = CORRECTSITE;
}else
{
  alert("WRONG !\nBack to disneyland !!!");
  location.href = WRONGSITE;
}

PASSWORD="AbCdE";
CORRECTSITE="level4.html";
WRONGSITE="http://www.disney.com";
里面没有所要的密码. 嗯,到本机的Temporary Internet Files目录下查下最新的文件, 有一JavaScript的文件, 正好是这网站的, 把它copy出来, 打开, 看到
PASSWORD = "TheCorrectAnswer";
CORRECTSITE = "thelevel4.html";
WRONGSITE = "http://www.disney.com";
成功了!

第四关:http://www.try2hack.nl/thelevel4.html
很明显, 是Java applet 程序, 把他下载下来:http://www.try2hack.nl/PasswdLevel4.class, 用java 反编译软件, 我用jad.exe来反编译. jad -f PasswdLevel4.class, 得到PasswdLevel4.jad 文件, 用Notepad 打开, 这句查对passwd和user的:
if(txtlogin.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 2].trim().toUpperCase().intern() && txtpass.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 3].trim().toUpperCase().intern()),
而inuser是从下面这段程序读进来的:
            countConn = inURL.openStream();
            countData = new java.io.BufferedReader(new java.io.InputStreamReader(countConn));
            java.lang.String s;
            while((s = countData.readLine()) != null)
                if(totno < 21)
                {
                    totno = totno + 1;
                    inuser[totno] = s;
                    s = "";
                }
                else
                {
                    lblstatus.setText("Cannot Exceed 10 users, Applet fail start!");
                    destroy();
                }
inuser又从inURL来,
        infile = new java.lang.String("level4");
        try
        {
            inURL = new java.net.URL(getCodeBase(), infile);
        }
所以密码文件为http://www.try2hack.nl/level4, 用flashget下载, 有
5_level_5.html
Try2Hack
AppletsAreEasy

第五关: http://www.try2hack.nl/5_level_5.html
下载, 解压, 看到有VBRun300.dll就知道应该是VB3的文件, 用VB 反编译工具, 可得到level5.bas,
查看有以下查对passwd 的语句:
If txtUsername <> Mid(mc001A, 56, 1) & Mid(mc001A, 28, 1) & Mid(mc001A, 35, 1) & Mid(mc001A, 3, 1) & Mid(mc001A, 44, 1) & Mid(mc001A, 11, 1) & Mid(mc001A, 13, 1) & Mid(mc001A, 21, 1) Then
    MsgBox "Username not accepted."
    Exit Sub
End If
If txtPassword <> Mid(mc001A, 51, 1) & Mid(mc001A, 31, 1) & Mid(mc001A, 30, 1) & Mid(mc001A, 51, 1) & Mid(mc001A, 16, 1) & Mid(mc001A, 45, 1) & Mid(mc001A, 24, 1) & Mid(mc001A, 29, 1) & Mid(mc001A, 26, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 28, 1) & Mid(mc001A, 11, 1) & Mid(mc001A, 30, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 25, 1) & Mid(mc001A, 24, 1) Then
而Const mc001A = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.,:;-*+=~|&!_$#@()[]{}<\/>"
可知是从该字串相应位置的字符组成passwd和user, 如Mid(mc001A, 56, 1)="T", 可得
user:Try2Hack
pwd: OutOfInspiration
又过了!

先干到这关吧.

所用的相应程序均从http://ddcrack.myetang.com/cracktool.htm下载.

 

 
文章来源:
·密码破解速度全面披露
·正版与破解的较量:软件破解大揭密