题目链接:HTML前端代码分析(暗链)
(●'◡'●)一个非常浪漫和赛博的网页~
工具:无
1 查看源代码
习惯性ctrl+u查看源代码~
发现这里有一个链接,点开~
再次习惯性ctrl+u查看源代码~
感受一下我右上角画的进度条~这个代码量...777行...
1星难度的题目现在都这么卷了嘛!
而且更让人生气的是,答案不在这777行里~这么多代码完全就是幌子~~
仔细看一下,点开连接以后,网页上显示的访问并不是http://192.168.1.1/19281028102.php,后面的 /19281028102.php直接被截断了,并没有显示~
说明直接点击连接是走不通的~~这个时候我们想起内网和外网的区别[内网外网]:http://124.70.71.251/这个是外网的地址,而http://192.168.1.1/,这个完全就是内网的地址呀~
如果内网访问不了,我们在外网这边访问试试~
http://124.70.71.251:43524/19281028102.php
Key is: mozhefe07710de09b1fbb924adbf16e9
(⌐■_■)借用评论区一位老哥的话:头一次见这么玩的,真是活到老学到老啊~
按照老规矩尝试解释一下777行代码~[虽然与正确答案毫无关联,无论怎么说都是出题人的心血,浪费了岂不是有点可惜,正好提高阅读前端代码的能力~]
...不过限于篇幅,如果像以往每句都释义的话,以我目前的菜鸟水平,可能翻译完眼镜都长蛛网了...这次按照段落简单介绍一下各部分的功能~
能力有限,也许注释会不准确,请见谅~
↑001-007行:这是一个调用html的解析器处理的文件[content-type],经过渲染[X-UA-Compatible],禁止网页缓存[Pragma Cache-control expires]~
<title>title>
<link href="Cuscss/login.css?2022062800070102869193943" media="all" rel="stylesheet"/>
<style type="text/css">
#first{
background-color:white;
height:25px;
text-align: center;
color: red;
position:absolute;
width: 380px;
top: 312px;
}
style>
↑008-020行:规定了网页的样式~
<script language="JavaScript" src="../resource/common/md5.js?2022062800070102869193943">script>
<script language="JavaScript" src="../resource/common/RndSecurityFormat.js?2022062800070102869193943">script>
<script language="JavaScript" src="../resource/common/jquery.min.js?2022062800070102869193943">script>
<script language="JavaScript" src="../resource/common/safelogin.js?2022062800070102869193943">script>
<script language="JavaScript" type="text/javascript">
↑021-025行:调用JavaScript语言写成的加密文件[源文件写得都比较高深奥义,看得我一头雾水≧ ﹏ ≦...],从名字判断,分别载入了哈希函数md5[MD5]、伪随机函数Rnd[Rnd 函数]、编程语言jquery.min.js[jquery.min.js]、安全登陆验证文件safelogin.js,25-712行均为js语句~
function MD5(str) { return hex_md5(str); } //选择MD5加密方式hex_md5
var FailStat ='0'; //失败次数统计:0
var LoginTimes = '0'; //登录次数:0
var ModeCheckTimes = '0'; //模式检查次数:0
var Language ="chinese"; //语言:中文
var UserLeveladmin=0; //用户管理级别:0
var devicename ='WO-36'; //设备名称:WO-36
document.title = devicename; //文档标题赋值为设备名称
↑026-033行:定义变量~
var LockLeftTime = '0'; //锁定剩余时间:0
var errloginlockNum = '3'; //错误登录锁定次数:3
var locklefttimerhandle; //锁定剩余时间
var CfgFtWordArea = '010'; //CfgFt文字区域:0次数10
var CfgFtWord = 'BJUNICOM'; //CfgFt文字内容:北京联通
var APPVersion = '1.1.1.1'; //APP版本:1.1.1.1
var isSupportOptic = '1'; //是否可视:1
var stbport = '0'; //机顶盒端口:0(这个不确定)
var UpUserPortID = '1056769'; //上传用户端口ID:1056769
var P2pFlag = '0'; //P2P功能:0
var BJUNICOM = '1'; //北京联通:1
var br0Ip = '192.168.1.1'; //桥接IP:192.168.1.1
var IsMaintWan = '0'; //是否联系广域网:0
var CurrUserMode = ""; //当前用户模式:空
function stOpticInfo(domain,transOpticPower,revOpticPower) //起始视觉信息
{
this.domain = domain; //域
this.transOpticPower = transOpticPower; //转化视觉能力(这个不确定)
this.revOpticPower = revOpticPower; //修订视觉能力(这个不确定)
}
↑035-054行:定义函数与变量~
var opticInfos = new Array(new stOpticInfo("InternetGatewayDevice.X_HW_DEBUG.AMP.Optic","3\x2e61\x20","\x2d12\x2e25"),null);
var opticInfo = opticInfos[0];
↑057-059行:定义变量 视觉信息[opticInfos]为数组(stOpticInfo函数赋值(这个产品好像是...华为光猫?),0),定义变量 opticInfo赋值为opticInfos[0]即为stOpticInfo函数的值~
function GEInfo(domain, Status)
{
this.domain= domain;
this.Status = Status;
}
↑060-064行:定义函数GEInfo[getinfo]据后文应该是网关设备:域[domain]、状态[status]~
function stModifyUserInfo(domain,name)
{
this.domain = domain;
this.name = name;
}
↑066-070行:定义函数用户起始信息[stModifyUserInfo]:域[domain]、名称[name]~
var geInfos = new Array(new GEInfo("InternetGatewayDevice.X_HW_DEBUG.AMP.LANPort.1.CommonConfig","1"),new GEInfo("InternetGatewayDevice.X_HW_DEBUG.AMP.LANPort.2.CommonConfig","1"),new GEInfo("InternetGatewayDevice.X_HW_DEBUG.AMP.LANPort.3.CommonConfig","0"),new GEInfo("InternetGatewayDevice.X_HW_DEBUG.AMP.LANPort.4.CommonConfig","0"),null);
↑072-072行:定义变量geInfos为数组,含4个成员[4个华为交换机,状态2个开启2个关闭];
var superUserInfo = new Array(null); //超级用户信息:空
function isJLCU(page) { //检查CfgFtWord信息是否为JLCU(不晓得JLCU的意思...)
if('JLCU' == CfgFtWord.toUpperCase())
{
var styleState1 = page === 'home' ? 'none' : 'block';
document.getElementById("regdeviceform").style.display = styleState1;
}
else
{
var styleState2 = page === 'home' ? 'block' : 'none';
document.getElementById("regdeviceform").style.display = styleState2;
}
}
↑075-087行:isJLCU这个函数我没有看懂,据后文Cfgft与行政区域有关,判断结果影响的好像是页面样式。
function AreaRelationInfo(ChineseDes, E8CArea)
{
this.ChineseDes = ChineseDes;
this.E8CArea = E8CArea;
}
var AreaRelationInfos = new Array();
var userEthInfos = new Array(new AreaRelationInfo("重庆","023"),
new AreaRelationInfo("四川","028"),
new AreaRelationInfo("云南","0871"),
new AreaRelationInfo("贵州","0851"),
new AreaRelationInfo("北京","010"),
new AreaRelationInfo("上海","021"),
new AreaRelationInfo("天津","022"),
new AreaRelationInfo("安徽","0551"),
new AreaRelationInfo("福建","0591"),
new AreaRelationInfo("甘肃","0931"),
new AreaRelationInfo("广东","020"),
new AreaRelationInfo("广西","0771"),
new AreaRelationInfo("海南","0898"),
new AreaRelationInfo("河北","0311"),
new AreaRelationInfo("河南","0371"),
new AreaRelationInfo("湖北","027"),
new AreaRelationInfo("湖南","0731"),
new AreaRelationInfo("吉林","0431"),
new AreaRelationInfo("江苏","025"),
new AreaRelationInfo("江西","0791"),
new AreaRelationInfo("辽宁","024"),
new AreaRelationInfo("宁夏","0951"),
new AreaRelationInfo("青海","0971"),
new AreaRelationInfo("山东","0531"),
new AreaRelationInfo("山西","0351"),
new AreaRelationInfo("陕西","029"),
new AreaRelationInfo("西藏","0891"),
new AreaRelationInfo("新疆","0991"),
new AreaRelationInfo("浙江","0571"),
new AreaRelationInfo("黑龙江","0451"),
new AreaRelationInfo("内蒙古","0471"),
null);
function GetE8CAreaByCfgFtWord(userEthInfos,name)
{
var length = userEthInfos.length;
for( var i = 0; i < length - 1; i++)
{
if(name == userEthInfos[i].E8CArea)
{
return userEthInfos[i].ChineseDes;
}
}
return null;
}
var CfgFtChineseArea = GetE8CAreaByCfgFtWord(userEthInfos,CfgFtWordArea);
↑088-143行:定义行政区的名称与编号,赋值,读取并输出用户的当前定位。
function stResultInfo(domain, Result, Status)
{
this.domain = domain;
this.Result = Result;
this.Status = Status;
}
var stResultInfos = new stResultInfo("0", "0", "0");
↑145-152行:定义函数初始输出信息[stResultInfo]:域、结果、状态。定义同名函数,赋值为0。
function IsUsedCuHtml()
{
if(window.location.href.toUpperCase().indexOf("CU.HTML")>0)
{
return true;
}
return false;
}
function showlefttime()
{
if(LockLeftTime <= 0)
{
if(window.location.href.toUpperCase().indexOf("CU.HTML")>0)
{
window.location="/CU.HTML";
}
else
{
window.location="/login.asp";
}
return;
}
var html = '您登录失败的次数已超出限制,请' + LockLeftTime + '秒后重试!';
SetDivValue("DivErrPage", html);
LockLeftTime = LockLeftTime - 1;
}
function setErrorStatus()
{
clearInterval(locklefttimerhandle);
if ('1' == FailStat)
{
if(ModeCheckTimes >= errloginlockNum)
{
SetDivValue("DivErrPage", "您尝试的次数已超出限制。");
}
else
{
SetDivValue("DivErrPage", "您登录失败的次数已超出限制。");
}
setDisable('txt_Password',1);
if(window.location.href.toUpperCase().indexOf("CU.HTML")>0)
{
document.getElementById('regdevice').onclick=function(){}
}
else
{
if (('GDCU' != CfgFtWord.toUpperCase())
&& ('LNCU' != CfgFtWord.toUpperCase())
&& ('BJCU' != CfgFtWord.toUpperCase())
&& ('BJUNICOM' != CfgFtWord.toUpperCase()))
{
document.getElementById('regdevice').onclick=function(){}
}
}
document.getElementById('btnSubmit').onclick=function(){}
}
else if(((LoginTimes >= errloginlockNum) || (ModeCheckTimes >= errloginlockNum)) && parseInt(LockLeftTime) > 0)
{
var html = '您登录失败的次数已超出限制,请' + LockLeftTime + '秒后重试!';
SetDivValue("DivErrPage", html);
setDisable('txt_Password',1);
document.getElementById('adminphoto').onclick=function(){}
document.getElementById('normalphoto').onclick=function(){}
document.getElementById('regdevice').onclick=function(){}
document.getElementById('btnSubmit').onclick=function(){}
locklefttimerhandle = setInterval('showlefttime()', 1000);
}
else if (LoginTimes > 0 && LoginTimes < errloginlockNum)
{
if(('JSCU' == CfgFtWord.toUpperCase()))
{
SetDivValue("DivErrPage", "密码错误,请重新登录。");
}
else{
SetDivValue("DivErrPage", "用户名或密码错误,请重新登录。");
}
}
else
{
document.getElementById('loginfail').style.display = 'none';
}
}
↑154-247行:[通过汉字判断大概就是]普通用户的登录过程,页面信息[window.location]判断输出是否有违规登录,统计错误失败次数,并且每次登录错误都会有页面的锁定时间。
function SuperUserLogin()
{
if(window.location.href.toUpperCase().indexOf("CU.HTML")>0)
{
if(('JSCU' == CfgFtWord.toUpperCase()))
{
document.getElementById("btnsubmitform").style.display = "none";
document.getElementById("regdeviceform").style.display = "block";
document.getElementById("adminphoto").style.cursor = "default";
document.getElementById("adminphoto").style.display = "block";
CurrUserMode = "Admin";
document.getElementById('adminphoto').onclick=function(){};
document.getElementById('txt_Password').focus();
}
else{
document.getElementById("btnsubmitform").style.display = "block";
isJLCU();
}
document.getElementById("welcom").style.display = "none";
document.getElementById("adminuser").style.display = "block";
document.getElementById("normalphoto").style.display = "none";
document.getElementById("adminphoto").style.marginLeft = "480px";
document.getElementById("adminphoto").style.marginTop = "95px";
document.getElementById("loginfail").style.display = "none";
if (IsMaintWan == 1)
{
document.getElementById("adminuser").style.display = "none";
document.getElementById("normaluser").style.display = "block";
}
CurrUserMode = "Admin";
}
}
↑248-281行:[通过汉字判断大概就是]超级用户的登录过程,设置登录页面样式,链接广域网~找了一下网图,登录上以后大概是这个界面~
function SetCookie(name, value)
{
var expires = (SetCookie.arguments.length > 2 ? SetCookie.arguments[2] : null);
var domain = (SetCookie.arguments.length > 4 ? SetCookie.arguments[4] : null);
var secure = (SetCookie.arguments.length > 5 ? SetCookie.arguments[5] : false);
var expiresStr = "";
if (expires != null) {
var expdate = new Date();
expdate.setDate(expdate.getTime() + (expires * 1000));
expiresStr = "expires=" + expdate.toGMTString() + ";";
}
document.cookie = name + "=" + escape (value) + ";" + expiresStr + "path=/;"
+ (domain == null ? "" : "domain=" + domain + ";")
+ (secure == true ? "secure" : "");
}
↑283-298行:设置cookie(expire到期时间、domain域、secure安全传输),用户名~
function SubmitForm() {
var appName = navigator.appName;
var version = navigator.appVersion;
if (appName == "Microsoft Internet Explorer")
{
var versionNumber = version.split(" ")[3];
if (parseInt(versionNumber.split(";")[0]) <= 6)
{
alert("不支持IE6.0及以下版本。");
return false;
}
}
↑300-312行:提交表单:app名称、版本;检查浏览器信息不能低于IE6.0~
if(CurrUserMode == "Admin")
{
var Username = "";
if (IsMaintWan == 1)
{
Password = document.getElementById('txt_normalPassword');
}
else
{
Password = document.getElementById('txt_Password');
}
if (Password.value == "") {
alert("密码不能为空。");
Password.focus();
return false;
}
↑314-330行:超级用户登录用户名与密码检查~
var cnt;
$.ajax({
type : "POST",
async : false,
cache : false,
url : '/asp/GetRandCount.asp',
success : function(data) {
cnt = data;
}
});
var Form = new webSubmitForm();
var cookie2 = "Cookie=body:" + "Language:" + Language + ":" + "id=-1;path=/";
if (IsMaintWan == 1)
{
Form.addParameter('UserName', document.getElementById('txt_normalUsername').value);
}
else
{
Form.addParameter('UserName', superUserInfo[0].name);
}
Form.addParameter('PassWord', base64encode(Password.value));
}
else if (CurrUserMode == "Normal")
{
var Username = document.getElementById('txt_normalUsername');
var Password = document.getElementById('txt_normalPassword');
if('JSCU' == CfgFtWord.toUpperCase())
{
Username.value="user";
}
if (Username.value == "") {
alert("用户名不能为空。");
Username.focus();
return false;
}
if (Password.value == "") {
alert("密码不能为空。");
Password.focus();
return false;
}
var cnt;
$.ajax({
type : "POST",
async : false,
cache : false,
url : '/asp/GetRandCount.asp',
success : function(data) {
cnt = data;
}
});
var Form = new webSubmitForm();
var cookie2 = "Cookie=body:" + "Language:" + Language + ":" + "id=-1;path=/";
Form.addParameter('UserName', Username.value);
Form.addParameter('PassWord', base64encode(Password.value));
}
Form.addParameter('Language', Language);
document.cookie = cookie2;
Password.disabled = true;
if (CurrUserMode == "Normal")
{
Username.disabled = true;
}
SetCookie("MenuJumpIndex", "0");
Form.addParameter('x.X_HW_Token', cnt);
Form.setAction('/login.cgi');
Form.submit();
return true;
}
↑332-405行:请求远程数据,查询数据库是否有匹配的用户名与密码,同通过检查后提交cookie,开启通用网关接口~
function canceltext()
{
document.getElementById('txt_Password').value = "";
}
↑407-410行:返回的信息清空密码数据~
function IsIEBrower(num) {
var ua = navigator.userAgent.toLowerCase();
var isIE = ua.indexOf("msie")>-1;
var safariVersion;
if(isIE){
safariVersion = ua.match(/msie ([\d.]+)/)[1];
var sa = parseInt(safariVersion);
if(safariVersion <= num ){
alert("您当前使用的IE浏览器版本过低(不支持IE6/7/8),必须升级到IE9及以上版本,以便正常访问WEB页面。");
}
}
}
↑412-423行:读取浏览器信息,IE日常被歧视~
function LoadFrame() {
regdevicebt();
isJLCU('home');
if('JSCU' == CfgFtWord.toUpperCase())
{
if(false == IsUsedCuHtml())
{
ShowUser();
}
else{
SuperUserLogin();
}
}
else
{
document.getElementById("normalphoto").style.display = "block";
ShowUser();
SuperUserLogin();
}
document.getElementById('PwdPain').style.background = "url('/images/userinfoosgi.gif')";
document.getElementById('PwdPain1').style.background = "url('/images/userinfoosgi.gif')";
document.getElementById('AccountPain').style.background = "url('/images/usernum.gif')";
clearInterval(locklefttimerhandle);
var UserLeveladmin = '1';
if (CfgFtWord.toUpperCase() != 'UNICOMBRIDGE')
{
if (CfgFtWordArea.toUpperCase() != 'NOCHOOSE' && CfgFtWordArea.toUpperCase() != 'CHOOSE' && CfgFtWordArea.toUpperCase() != '')
{
document.getElementById('ChooseInfo').innerHTML = CfgFtChineseArea;//首页显示当前省份
}
}
if ((LoginTimes != null) && (LoginTimes != '') && (LoginTimes > 0)) {
document.getElementById('loginfail').style.display = '';
setErrorStatus();
}
if( "1" == FailStat || (ModeCheckTimes >= errloginlockNum))
{
document.getElementById('loginfail').style.display = '';
setErrorStatus();
}
document.getElementById('txt_Password').focus();
init();
if ((UserLeveladmin == '0'))
{
alert("当前用户不允许登录。");
return false;
}
}
↑425-479行:显示登录框架:判断登录用户的类型,检查登录错误信息~
function init() {
if (document.addEventListener) {
document.addEventListener("keypress", onHandleKeyDown, false);
} else {
document.onkeypress = onHandleKeyDown;
}
}
function onHandleKeyDown(event) {
var e = event || window.event;
var code = e.charCode || e.keyCode;
if (code == 13) {
SubmitForm();
}
}
function onChangeLanguage(language) {
Language = language;
if (( LoginTimes != null && LoginTimes != '' && LoginTimes > 0 ) || (ModeCheckTimes >= errloginlockNum) )
{
setErrorStatus();
}
}
function getRegStatus()
{
$.ajax({
type : "POST",
async : false,
cache : false,
url : "asp/GetRegStatusInfo.asp",
success : function(data) {
stResultInfos = eval(data);
}
});
}
function JumpToReg()
{
getRegStatus();
var Infos = stResultInfos[0];
if ((((parseInt(Infos.Status) == 0) && (parseInt(Infos.Result) == 1)) ) )
{
window.location="/loidgregsuccess.asp";
}
else
{
window.location="/loidreg.asp";
}
}
↑481-531行:设置事件监听器、键盘监听器、会话语言、检查登录信息,或许设备信息,跳转到成功登录页面~
function setRxPowerHtml()
{
if (0 != isSupportOptic)
{
if(opticInfo == null)
{
document.write('接收光功率:未知');
document.write('发送光功率:未知');
}
else
{
document.write('接收光功率:'+opticInfo.revOpticPower +' dBm');
document.write('发送光功率:'+opticInfo.transOpticPower +' dBm');
}
}
document.write('');
var lanDiv = getElementById('main_Lan');
var lanHtml = '灯名称   ';
for (var i = 0; iLAN' + (i+1) + '  ' + '';
}
lanHtml += ' 状态 ';
for (var i = 0; i';
}
else
{
lanHtml += ' ';
}
}
lanHtml += '
';
lanDiv.innerHTML = '';
lanDiv.innerHTML = lanHtml;
}
↑533-585行:不太能看得懂,应该是普通用户登录设置光模块界面~
function AdminuserSubmit()
{
if(window.location.href.toUpperCase().indexOf("CU.HTML")>0)
{
return false;
}
window.location="/CU.HTML";
if(('JSCU' == CfgFtWord.toUpperCase()))
{
document.getElementById("btnsubmitform").style.display = "none";
document.getElementById("regdeviceform").style.display = "block";
return;
}
else{
document.getElementById("btnsubmitform").style.display = "block";
isJLCU();
}
document.getElementById("welcom").style.display = "none";
document.getElementById("adminuser").style.display = "block";
document.getElementById("normalphoto").style.display = "none";
document.getElementById("adminphoto").style.marginLeft = "480px";
document.getElementById("adminphoto").style.marginTop = "95px";
document.getElementById("loginfail").style.display = "none";
CurrUserMode = "Admin";
document.getElementById('adminphoto').onclick=function(){};
if (IsMaintWan == 1)
{
document.getElementById("adminuser").style.display = "none";
document.getElementById("normaluser").style.display = "block";
}
}
function AdminuserSubmit1()
{
if(('JSCU' == CfgFtWord.toUpperCase()))
{
return;
}
document.getElementById("btnsubmitform").style.display = "block";
document.getElementById("welcom").style.display = "none";
document.getElementById("normaluser").style.display = "block";
document.getElementById("adminphoto").style.display = "none";
document.getElementById("regdeviceform").style.display = "none";
document.getElementById("normalphoto").style.marginLeft = "480px";
document.getElementById("normalphoto").style.marginTop = "95px";
document.getElementById("loginfail").style.display = "none";
CurrUserMode = "Normal";
document.getElementById('txt_normalUsername').focus();
}
function ShowUser()
{
if (BJUNICOM == "1")
{
document.getElementById("normalphoto").style.marginLeft = "480px";
document.getElementById("normalphoto").style.display = "block";
document.getElementById("welcom").style.display = "block";
document.getElementById("regdeviceform").style.display = "none";
}
else if('JSCU' == CfgFtWord.toUpperCase())
{
document.getElementById("adminphoto").style.display = "none";
document.getElementById("normalphoto").style.cursor = "default";
document.getElementById("normalphoto").style.marginLeft = "480px";
document.getElementById("normalphoto").style.display = "block";
document.getElementById("welcom").style.display = "none";
document.getElementById("regdeviceform").style.display = "none";
document.getElementById("normaluser").style.display = "block";
document.getElementById("AccountPain").style.display = "none";
document.getElementById("normalphoto").style.display = "block";
document.getElementById("normalphoto").src = "/images/normaluser_js.gif";
document.getElementById('txt_normalPassword').focus();
CurrUserMode = "Normal";
}
else
{
document.getElementById("adminphoto").style.display = "block";
document.getElementById("normalphoto").style.display = "block";
document.getElementById("welcom").style.display = "block";
}
}
function regdevicebt()
{
var regdevlines = "";
if (window.location.href.toUpperCase().indexOf("CU.HTML") > 0)
{
getRegStatus();
var Infos = stResultInfos[0];
if ((((parseInt(Infos.Status) == 0) && (parseInt(Infos.Result) == 1)) ) )
{
if ('LNCU' == CfgFtWord.toUpperCase())
{
regdevlines = '';
}
else
{
regdevlines = '';
}
}
else
{
regdevlines = '';
}
}
else
{
if (('BJCU' != CfgFtWord.toUpperCase()) && ('BJUNICOM' != CfgFtWord.toUpperCase()))
{
regdevlines = '';
}
}
document.getElementById("regdeviceform").innerHTML = regdevlines;
}
if (IsMaintWan == 1)
{
var starIdx = window.location.href.indexOf('://');
var subAddr = window.location.href.substr(starIdx+3);
var newIp = subAddr.substring(0, subAddr.indexOf('/'));
var http = 'http://' + newIp;
}
else
{
var http = 'http://' + br0Ip;
}
 
↑585-777行:超级用户的登录与检查方式,与前面是完全一致的~
大概是这样,功底不足写得比较草率,欢迎留言沟通与讨论~(●'◡'●)