functiongetCookie(cname) { var name = cname + "="; var ca = document.cookie.split(';'); for (var i = 0; i < ca.length; i++) { var c = ca[i].trim(); if (c.indexOf(name) == 0) return c.substring(name.length, c.length) } return"" }
functiondecode_create(temp) { var base = new Base64(); var result = base.decode(temp); var result3 = ""; for (i = 0; i < result.length; i++) { var num = result[i].charCodeAt(); num = num ^ i; num = num - ((i % 10) + 2); result3 += String.fromCharCode(num) } return result3 }
functionertqwe() { var temp_name = "user"; var temp = getCookie(temp_name); temp = decodeURIComponent(temp); var mingwen = decode_create(temp); var ca = mingwen.split(';'); var key = ""; for (i = 0; i < ca.length; i++) { if (-1 < ca[i].indexOf("flag")) { key = ca[i + 1].split(":")[2] } } key = key.replace('"', "").replace('"', ""); document.write('<img id="attack-1" src="image/1-1.jpg">'); setTimeout(function() { document.getElementById("attack-1").src = "image/1-2.jpg" }, 1000); setTimeout(function() { document.getElementById("attack-1").src = "image/1-3.jpg" }, 2000); setTimeout(function() { document.getElementById("attack-1").src = "image/1-4.jpg" }, 3000); setTimeout(function() { document.getElementById("attack-1").src = "image/6.png" }, 4000); setTimeout(function() { alert("你使用如来神掌打败了蒙老魔,但不知道是真身还是假身,提交试一下吧!flag{" + md5(key) + "}") }, 5000) }
functiondecode_create(temp) { var base = new Base64(); // 创建Base64对象 var result = base.decode(temp); // 对temp变量b64解码 var result3 = ""; for (i = 0; i < result.length; i++) { var num = result[i].charCodeAt(); // 把字符转换为Unicode编码 num = num ^ i; // Unicode编码和下标异或 num = num - ((i % 10) + 2); // 数值变换 result3 += String.fromCharCode(num) // 将Unicode编码转换为字符并追加至结果 } return result3 }
根据解密函数写出加密函数
1 2 3 4 5 6 7 8 9 10 11 12
functionencode_create(temp) { var result3 = ""; for (i = 0; i < temp.length; i++) { var num = temp.charCodeAt(i); num = num + ((i % 10) + 2); num = num ^ i; result3 += String.fromCharCode(num); } var base = new Base64(); var result1 = base.encode(result3); return result1; }
此外,贴出辅助函数
1 2 3 4 5 6 7 8
functionencrypt() { var str = 'O:5:"human":10:{s:8:"xueliang";i:537;s:5:"neili";i:618;s:5:"lidao";i:59;s:6:"dingli";i:77;s:7:"waigong";i:0;s:7:"neigong";i:0;s:7:"jingyan";i:0;s:6:"yelian";i:0;s:5:"money";i:200000;s:4:"flag";s:1:"0";}'; var miwen = encode_create(str); var encrypt = encodeURIComponent(miwen);