第一关:http://www.try2hack.nl/level1.html
查看源文件,有下面的内容:
<SCRIPT LANGUAGE="JavaScript">
function Try(passwd){
if (passwd =="hackerzzz"){
alert("Alright ! On to level 2 ...");
location.href = "levvel2.html";
第二关:http://www.try2hack.nl/levvel2.html
查看源文件,注意这句:<EMBED src="FlashLevel2.swf" quality=high bgc,
所以到http://www.try2hack.nl/FlashLevel2.swf试下,然后用netant或flashget 把文件到本地, 用ultraedit 打开, 可以看到有下面的字符串:Try2Hack, NokiaIsGood 等, 试user=Try2Hack, pawd=NokiaIsGood, passed.
第三关:http://www.try2hack.nl/LLeVeLL3.html
一开始就跳出密码框, 查不到源文件, 但cancel, 然后stop, 可以查到以下:<SCRIPT language="JavaScript">
pwd = prompt("Please enter the password for level 3 :","");
if (pwd==PASSWORD){
alert("Alright !\nEntering Level 4 ...");
location.href = CORRECTSITE;
}else
{
alert("WRONG !\nBack to disneyland !!!");
location.href = WRONGSITE;
}
PASSWORD="AbCdE";
CORRECTSITE="level4.html";
WRONGSITE="http://www.disney.com";
里面没有所要的密码. 嗯,到本机的Temporary Internet Files目录下查下最新的文件, 有一JavaScript的文件, 正好是这网站的, 把它copy出来, 打开, 看到
PASSWORD = "TheCorrectAnswer";
CORRECTSITE = "thelevel4.html";
WRONGSITE = "http://www.disney.com";
成功了!
第四关:http://www.try2hack.nl/thelevel4.html
很明显, 是Java applet 程序, 把他下载下来:http://www.try2hack.nl/PasswdLevel4.class, 用java 反编译软件, 我用jad.exe来反编译. jad -f PasswdLevel4.class, 得到PasswdLevel4.jad 文件, 用Notepad 打开, 这句查对passwd和user的:
if(txtlogin.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 2].trim().toUpperCase().intern() && txtpass.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 3].trim().toUpperCase().intern()),
而inuser是从下面这段程序读进来的:
countConn = inURL.openStream();
countData = new java.io.BufferedReader(new java.io.InputStreamReader(countConn));
java.lang.String s;
while((s = countData.readLine()) != null)
if(totno < 21)
{
totno = totno + 1;
inuser[totno] = s;
s = "";
}
else
{
lblstatus.setText("Cannot Exceed 10 users, Applet fail start!");
destroy();
}
inuser又从inURL来,
infile = new java.lang.String("level4");
try
{
inURL = new java.net.URL(getCodeBase(), infile);
}
所以密码文件为http://www.try2hack.nl/level4, 用flashget下载, 有
5_level_5.html
Try2Hack
AppletsAreEasy
第五关: http://www.try2hack.nl/5_level_5.html
下载, 解压, 看到有VBRun300.dll就知道应该是VB3的文件, 用VB 反编译工具, 可得到level5.bas,
查看有以下查对passwd 的语句:
If txtUsername <> Mid(mc001A, 56, 1) & Mid(mc001A, 28, 1) & Mid(mc001A, 35, 1) & Mid(mc001A, 3, 1) & Mid(mc001A, 44, 1) & Mid(mc001A, 11, 1) & Mid(mc001A, 13, 1) & Mid(mc001A, 21, 1) Then
MsgBox "Username not accepted."
Exit Sub
End If
If txtPassword <> Mid(mc001A, 51, 1) & Mid(mc001A, 31, 1) & Mid(mc001A, 30, 1) & Mid(mc001A, 51, 1) & Mid(mc001A, 16, 1) & Mid(mc001A, 45, 1) & Mid(mc001A, 24, 1) & Mid(mc001A, 29, 1) & Mid(mc001A, 26, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 28, 1) & Mid(mc001A, 11, 1) & Mid(mc001A, 30, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 25, 1) & Mid(mc001A, 24, 1) Then
而Const mc001A = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.,:;-*+=~|&!_$#@()[]{}<\/>"
可知是从该字串相应位置的字符组成passwd和user, 如Mid(mc001A, 56, 1)="T", 可得
user:Try2Hack
pwd: OutOfInspiration
又过了!
先干到这关吧.
所用的相应程序均从http://ddcrack.myetang.com/cracktool.htm下载.