EvilZone
Programming and Scripting => Web Oriented Coding => : icon August 24, 2013, 05:11:40 AM
-
Hey guys. Yep, I'm still alive. Sorry for the long absence, I'm just getting back from basic training. Anyway, I'm trying out for a competitive cyber warfare team, and the tryout is basically just a series of wargames. This one has me really stumped. Which bothers me, because it should be easy. The page looks like:
<html>
<head>
<title><3 Burritos</title>
<script type="text/javascript">
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('a 9(){4 1=3.6(\'c\');4 0=3.6(\'7\');0.2(\'8\',\'b\');0.2(\'k\',\'i==\');0.2(\'d\',\'h\');1.2(\'g\',\'e\');1.5(0);3.f.5(1);1.j()}',21,21,'theInput|theForm|setAttribute|document|var|appendChild|createElement|input|name|donate|function|donate_the_monies|form|type|POST|body|method|hidden|MQ|submit|value'.split('|'),0,{})) </script>
<style type="text/css"> body { background-color:#281400; color:#fff; text-align:center; } </style>
</head>
<body>
<h2>I <3 Chipotle.</h2>
<img src="menu_burrito.png" width="672" height="376" alt=""> <br />
Chipotle is among Shareef12's top 3 favorite things in the world. Unfortunately, due to a limited supply and high demand, burritos currently cost $10,000.00 each. <br />
However, if you donate enough for a burrito, you may be rewarded.<br />
<button onclick="javascript:donate();">Donate $0.01</button><br /> So far, $0 has been donated. <br /> That's not enough money for a burrito </body>
</html>
The part that is messing me up is the Javascript. I've never been strong in this area, and I dont know what the fuck that means. If yall could help me, much respect.
Thanks. It's good to be back.
MOD: Sorry for the formatting of the code; that's the way it came
???
-
Hint: use a JavaScript beautifier.
It should be obvious that the code is obfuscated though.
-
Hint: use a JavaScript beautifier
I did. The top portion makes sense to me. It's the last line thats fucking me over
}('a 9(){4 1=3.6(\'c\');4 0=3.6(\'7\');0.2(\'8\',\'b\');0.2(\'k\',\'i==\');0.2(\'d\',\'h\');1.2(\'g\',\'e\');1.5(0);3.f.5(1);1.j()}', 21, 21, 'theInput|theForm|setAttribute|document|var|appendChild|createElement|input|name|donate|function|donate_the_monies|form|type|POST|body|method|hidden|MQ|submit|value'.split('|'), 0, {})
I have no idea what this is.
-
I did. The top portion makes sense to me. It's the last line thats fucking me over
}('a 9(){4 1=3.6(\'c\');4 0=3.6(\'7\');0.2(\'8\',\'b\');0.2(\'k\',\'i==\');0.2(\'d\',\'h\');1.2(\'g\',\'e\');1.5(0);3.f.5(1);1.j()}', 21, 21, 'theInput|theForm|setAttribute|document|var|appendChild|createElement|input|name|donate|function|donate_the_monies|form|type|POST|body|method|hidden|MQ|submit|value'.split('|'), 0, {})
I have no idea what this is.
That would be obfuscation I think lol, I don't know
-
You obviously did not use what I told you to use :P the code is obfuscated.
-
i ran it through a couple different beautifiers, it still gave me the same code back
-
Try using Firebug to deobfuscate this.
-
I don't like spoonfeeding, how ever, http://jsbeautifier.org/ gives me a pretty readable code block. If you can't make sense of what that gives then I've got bad news for you.