2025极客大挑战Web方向
声明 第一次参加极客大挑战CTF比赛,web方向总共解决了六道题目(6/20),我是菜鸟🫠 阿基里斯追乌龟 #JavaScript 题目描述:在古希腊,英雄阿基里斯和一只乌龟赛跑。阿基里斯的速度是乌龟的十倍。比赛开始时,乌龟在阿基里斯前面100米。芝诺悖论认为,当阿基里斯追到乌龟的出发点时,乌龟已经又向前爬了一段距离。当阿基里斯再追到那个位置时,乌龟又向前爬了。如此无限循环,阿基里斯似乎永远也追不上乌龟。他真的追不上吗? 大概查看网页信息,只要让阿基里斯的位置比乌龟的位置远即可得到 flag,但是根据题目的 JavaScript 代码,不可能一直点击追赶按键,其实只要用浏览器进行前端调试即可 ... const payload = { achilles_distance: achillesPos, tortoise_distance: tortoisePos, }; fetch('/chase', { // 在这里打断点,在 fetch 发起请求前修改 Payload 对象 method: 'POST', // 使 achillesPos > tortoisePos headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ "data": encryptData(payload) }), }) ... 修改后继续执行脚本即可得到 flag,对代码感兴趣的可以去详细了解一下原理,下面附上源代码 function encryptData(obj) { const jsonString = JSON.stringify(obj); return btoa(unescape(encodeURIComponent(jsonString))); } function decryptData(encodedString) { const jsonString = decodeURIComponent(escape(atob(encodedString))); return JSON.parse(jsonString); } document.addEventListener('DOMContentLoaded', () => { const chaseBtn = document.getElementById('chase-btn'); const achillesDistanceSpan = document.getElementById('achilles-distance'); const tortoiseDistanceSpan = document.getElementById('tortoise-distance'); const resultDiv = document.getElementById('result'); let achillesPos = 0; let tortoisePos = 10000000000; // Initial head start for the tortoise achillesDistanceSpan.textContent = achillesPos.toFixed(2); tortoiseDistanceSpan.textContent = tortoisePos.toFixed(2); chaseBtn.addEventListener('click', () => { // Achilles moves to the tortoise's current position const achillesMoveDistance = tortoisePos - achillesPos; achillesPos = tortoisePos; // The tortoise moves 1/10th of the distance Achilles just covered const tortoiseMoveDistance = achillesMoveDistance / 10; tortoisePos += tortoiseMoveDistance; achillesDistanceSpan.textContent = achillesPos.toFixed(2); tortoiseDistanceSpan.textContent = tortoisePos.toFixed(2); const payload = { achilles_distance: achillesPos, tortoise_distance: tortoisePos, }; fetch('/chase', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ "data": encryptData(payload) }), }) .then(response => response.json()) .then(encryptedResponse => { if (encryptedResponse.data) { const data = decryptData(encryptedResponse.data); if (data.flag) { // Use 'pre-wrap' to respect newlines in the fake flag message resultDiv.style.whiteSpace = 'pre-wrap'; resultDiv.textContent = `你追上它了!\n${data.flag}`; chaseBtn.disabled = true; } else if (data.message) { resultDiv.textContent = data.message; } } else { console.error('Error:', encryptedResponse.error); resultDiv.textContent = `发生错误: ${encryptedResponse.error}`; } }) .catch(error => { console.error('Error:', error); resultDiv.textContent = '发生错误。'; }); }); }); Vibe SEO #目录扫描 #Linux ...