Loading... 请叫我摸鱼王 #### 第二十一关 地址:https://p.hancel.org/face/110037296.html ![第二十一关](https://qncloud.smalleyes.wang/slackoff/fish_stage_21.png) 同样有段JS ```javascript eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,102,111,114,109,115,91,48,93,46,111,110,115,117,98,109,105,116,32,61,32,102,117,110,99,116,105,111,110,40,41,123,10,32,32,32,32,32,32,32,32,105,102,40,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,39,112,97,115,115,119,100,39,41,46,118,97,108,117,101,32,61,61,32,39,118,117,101,106,115,39,41,123,10,32,32,32,32,32,32,32,32,32,32,32,32,119,105,110,100,111,119,46,108,111,99,97,116,105,111,110,46,104,114,101,102,32,61,32,39,118,117,101,106,115,46,104,116,109,108,39,59,10,32,32,32,32,32,32,32,32,125,101,108,115,101,123,10,32,32,32,32,32,32,32,32,32,32,32,32,97,108,101,114,116,40,39,80,97,115,115,119,111,114,100,32,119,97,115,32,119,114,111,110,103,33,39,41,59,10,32,32,32,32,32,32,32,32,125,10,32,32,32,32,32,32,32,32,114,101,116,117,114,110,32,102,97,108,115,101,59,10,32,32,32,32,125)); ``` 在控制台执行,得到另一段JS,其中得到密码和下一关地址:vuejs ```javascript ƒ (){ if(document.getElementById('passwd').value == 'vuejs'){ window.location.href = 'vuejs.html'; }else{ alert('Password was wrong!'); } return … ``` #### 第二十二关 地址:https://p.hancel.org/face/vuejs.html ![第二十二关](https://qncloud.smalleyes.wang/slackoff/fish_stage_22.png) 页面提示已经告诉我们密码,但是查看源码没有发现什么,那就全局搜索password 可以找到一个cookie:`the password of stage 22 is =21fbd4a1acbdaf6f37e3eb01aebcf181ddcae1f8;` #### 第二十三关 地址:https://p.hancel.org/lang/logo.html ![第二十三关](https://qncloud.smalleyes.wang/slackoff/fish_stage_23.png) 全局搜password搜不到了~那就搜passwd,发现在common.js里有这么一段,那就是密码 ```javascript localStorage.setItem('passwd', 'e92e866852515cc028baea131ed1c160'); ``` PS:这是"undefined"的MD5串~推荐一个MD5解密的网站:https://pmd5.com/,数值类型和常见的字符都能解密,而且很快 #### 第二十四关 地址:https://p.hancel.org/lang/http.html ![第二十四关](https://qncloud.smalleyes.wang/slackoff/fish_stage_24.png) 前面搜索的方法已经不顶用了,根据url的"http"提示,往http协议方面想一下,http协议报文包含啥呢? 没错就在响应头里,找到密码了passwd: 3c3d014ed4f2eb778570a40642277e86 #### 第二十五关 地址:https://p.hancel.org/story/abc.html ![第二十五关](https://qncloud.smalleyes.wang/slackoff/fish_stage_25.png) 根据图片(不是信),网页url"abc",title"letter"的提示,那就把这串数字5 11 14 22 4 17映射成字母, 不想算?还记得java代码怎么快速找出吗? ```java public static void main(String[] args) { char a = 'a'; System.err.print((char) (a + 5)); System.err.print((char) (a + 11)); System.err.print((char) (a + 14)); System.err.print((char) (a + 22)); System.err.print((char) (a + 4)); System.err.print((char) (a + 17)); } ``` 密码是:flower #### 第二十六关 地址:https://p.hancel.org/story/find.html ![第二十六关](https://qncloud.smalleyes.wang/slackoff/fish_stage_26.png) 根据title提示:something in the picture inside,观察图片没什么异常。那就把图片下载下来,看下图片里面有啥(源文件用text打开)。末尾有next stage.txtstudio.html #### 第二十七关 地址:https://p.hancel.org/story/studio.html ![第二十七关](https://qncloud.smalleyes.wang/slackoff/fish_stage_27.png) 同第二十六关,即可发现 #### 第二十八关 地址:https://p.hancel.org/story/which.html ![第二十八关](https://qncloud.smalleyes.wang/slackoff/fish_stage_28.png) 根据提示,世界已经不是原来的样子。发现这张地图照片请求了两个不同链接而得,哪个图才是真的呢?那就是找不同了~肉眼只能看到 r h u t四个字母,那到底是啥,没错试了十分钟,终于试出来了 truth(真相) #### 第二十九关 地址:https://p.hancel.org/story/truth.html ![第二十九关](https://qncloud.smalleyes.wang/slackoff/fish_stage_29.png) 似曾相识,二话不说下载下来看,果然有东西,根据格式看,就是个base64格式的了,但是直接解密发现还是乱码? 再根据title提示"????:?????/???",会不会是图片的地址格式? 那就随便在一个html代码里添加如下标签 ```html <img src="data:image/jpg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/4QAiRXhpZgAATU0AKgAAAAgAAQESAAMAAAABAAEAAAAAAAD/7AARRHVja3kAAQAEAAAAHgAA/9sAQwACAQECAQECAgICAgICAgMFAwMDAwMGBAQDBQcGBwcHBgcHCAkLCQgICggHBwoNCgoLDAwMDAcJDg8NDA4LDAwM/9sAQwECAgIDAwMGAwMGDAgHCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM/8AAEQgARgCIAwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A/fyiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivnv46f8FNPgb+zF8YdQ8B+PviJpnhfxRYeGf+ExuLa9s7pYhpfneQLjz/K+z5MoMYi8zzTjpQB9CUV8X3//AAX1/Y/0/wCDuhePJvjVoX/CM+I9Ul0mxm/s2/N1JcReWXD2hg8+MRh4SZJIwMMDnmvXP2k/+CiHwd/ZN/Z40n4q/EDxtbaT8O9emtoNP1uztLrUYbw3ERmgMYtI5ZCHjBIOMYGaAPdKK/HX/gizB+zj48/4K2fHL4n/AAj/AGo/Gnxi8UfEDS7vWrnwle+HtU06HTbL7Vb7pJ7u8REvfJklgit8CIxRsR83JH61eO/Heh/DPwhqHiDxFqmm6JoOj28l3fahqNwlrZ2MaffkkkfAQDPUmgDoKK+IbL/g4m/Yuv8A4kf8IvH8fPDS6kZvJ8+XT7+LTgfvf8fzwC0x2z5ntXsn7Z3/AAUf+DP/AAT08FaD4g+L3jI+E9F8STmz0u7GmX2pC5kEe8jFpDKc4Gc4xzQB71RX4D/8EiP+DkPwpo/7Rn7QmtftPfHTV/8AhHNU1K1i8Ax3Gh311aiyS51BpfLgsbZ/K/dyWf8ArADj17ftF8M/2s/hz8Tf2ZrP4yaT4ptP+FaXmkyazH4gvRJp9r9iTO+eT7QEkjA2H/WAHAoA9Wor4b/4iN/2Kf8AhO/+Ef8A+F6+H/7S87yPN/sbU/sHmdf+P37L9nx7+Zj3rqP+CvnjLSfiB/wRt+P+vaHqFrq2iar8PNRu7C/s545rW9je1OySN16jpzQB9eUV+X3/AAbefGLw3+z9/wAG/Pgfxl4y1a08P+FfDs+vXmp312cR28a6rdc/5719u/sgftyfDP8Ab0+Gs3jL4UeIL7xN4ZhuJLMajLod/p8M0qffEf2qGLzMcZ8vIFAHslFfI37Q/wDwXG/ZR/Za+KL+BvG3xo8N6T4nt5jZ3NpaWl1qP2CUY/dzvbwypbn2lI4r6T+F3xW8M/GvwLpfifwfr2leJPDetQCex1PTLlLm0uI/VJEOD/8AWoA6aiiigAr8RP8Agp18APCv7UX/AAdkfs0+CfHOkW3iDwvqfw6+13On3iCa2vBbf8JFeRxuhHzx+ZAMj8Pav27r4D+Nf/BMPx/8SP8Agvd8Hf2o7HVPCcHgH4deEpfD9/YT3VyNWnuJLbWYcwR+T5PlZ1GHrKDlW49QD8lvgF+wt8L9b/Zu/wCCoHjS88F6Deah8NdW1nRvCKXFhHLD4bjiub1l+yjny5FCQgEYwAPU1+vn/BIj4H+B/wBpL/gin+zzofxC8HeFPHGiw+F7WYaf4g0e21Gz8xDIiP5UqOmR2PWvHvg//wAEVfip4G/Zp/bs8F3Wu/D6XUv2nNe1XVPC00WoXXlWMV1Jc+WL7/Rsxn94D+6EvcV2WsfsLftgfAz/AIJe/Av4S/s/fE/4Z+BviZ4At47LxNql9B9r029t0jk/dwedp9wSfMIOTFF0680AfIv/AAR3+Hug/CP/AIOpP2qvDfhjQdI8M+HtI8FahDYaVpVrFaWdhH9v0L5Y4YhsjHfAx1r9Cf8Aguf+xF4y/wCCg/8AwTg8Z/DLwDfWcfifUri0vbe2u5vJivvs1zHOYC/bpwTxkCvze+FX/BCn/gpN8FP2svGHx08OfHz4BaX8VvHtnJZ67rZ82Zr6F5IJJB9nfRWt48m2g/1cQ+77mv1D+N37OHx++MH/AAT48I+DdO+Mln4H+O+n2GlSax4x03TxcWt/fRRhb0iApEPKnPmkfuxjI/djoAD8W/hd+0h8OP8Agnd8MvCPwn/bS/4Jz+HdDs7GCPRZPiJp3hm0kutWkjA/eee6f6VL5eZZJIr0nPSPpX7y/wDCq/gn+3x8DvBOtax4O8D/ABR8DX9jBrPhz/hIdEt9WgWKaH93JGlyjhCYzjgD07V+XXxb/wCCKf8AwUI/4KEaDb+Bf2mP2o/hff8Aw1+0xXlzbeHtEjmupZI5Mg7I9OsenqZce1frf+zz8CdH/Zl+A3hD4d+G/tEfh/wXpNto2n+cfNlMUMexd5+gFAH4a/8ABs1+yL8Jfj3+1b+2Vpfjr4Y/D/xppPhfxJYQaLZ+IPD1pqUOko93rOY7eOZHEXyxKP3fZR6Cv16/bC1D4GfsZ/sD+LovH2g6D4d+Buj6RLpuoaDp2nC0szaznyfscNvbhMec8mML1Lduo/OnxF/wQS/a3/Y6/az+I3xC/Y7+PXgfwZpHxWv5r7VbDxPZ5mtg0rTRwc2V9HJseWf96PKOCBjrX2V8f/8AgnZ48/by/wCCSv8Awov47+PNJuPihrOnwvq/irRbVDZtqUF19phkSAQ248o+WocCOInnFAH4/wD7WX7aHwv/AGi/2N/Gy/CX/gl3daR8P9Q0K6XTPilD4bjs5NFCRHOoPPb6ZKg8jrze9OpFfTn7BWrXWq/8GdHxB+13FxcNZeEvFlvF5v8AyxiF3c/ux7f41c+GP/BDT9uTXP2a5vgX8Qv2rPB+j/BPStGl0rS9G8M2e66voBHII7W4uGsoJ47fPkiQGSYGMkYr6N/Zd/4JEfEn4Kf8ED/F37Leq6v4IuPHuvaRrdjbX9ndXP8AZIkvZZHjMkj26TceZz+6JoA/D/4HfFrxF8a/2e/2P/2e/jJrV18Lf2XPEWuapf3PiCyuDKviST+1Z9/n9ovIlxD/AHYftX2mQHjH9HP7dlzbfsGf8EkfihP8KbK08Kw/DfwLeHw2lmv7qw8u2Plun0z19RXy/wDDr/g30bxd/wAEONF/Zg+Kl/4Vm8eeGrjUdU0bxJpBmvLXSL6a6uJ4JEMscMhj8uUROMDIz14r2j/gmZ+xb8b/AIYfsN6x8Df2qNS+H3xG0WPT38P6Ze6LqN3eS3ulSwmH7HdfabWHJQcJJycYHbJAPw7/AOCW/wAWLfwH+yHcwXX/AATQ8WftQS+LL65nuviFNplzqH23MnlmO0kGk3P2fy8YPlT5MoJPPA/Rz/g0q+HPxi+Bfwr+Nng34jfDb4hfDXwnBrmn6x4VsvFmlXenzO1zFcR3UcJuI4/M2C2s8nH8XrWN4L/4Ifft0f8ABPW7vvC/7Jn7U3hOw+F99dyXlvpnjLT1M9gz9QI/7PvYyTgZlj8nJGfLGa/Qz/gnN+zj8aP2dvhl4gtfjl8Zv+Fy+Mdc1X+0YtQXTV06HTLfyYkFvHGnycSRk8IOp/AA+k7Y5gX5WXtgtuI/HJopYGZogWx3xg5yO3YdqKAH0UUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB/9k" alt="图片Base64编码" style="max-width:90%; max-height:2000px;"style=""> ``` 果然密码就出来了啦:mistake #### 第三十关 地址:https://p.hancel.org/story/style.html ![第三十关](https://qncloud.smalleyes.wang/slackoff/fish_stage_30.png) 看到这个url,就知道密码是在哪儿了~直接查看common.css文件,找到 ```css .passwd:after{margin:4px -55px;position:absolute;z-index:-1;}.passwd:after{content:'change'} ``` 填入密码: change 结束 第31-40关答案 <div class="preview"> <div class="post-inser post box-shadow-wrap-normal"> <a href="https://www.smalleyes.wang/index.php/archives/12/" target="_blank" class="post_inser_a no-external-link no-underline-link"> <div class="inner-image bg" style="background-image: url(https://qncloud.smalleyes.wang/slackoff/fish_stage_12.png);background-size: cover;"></div> <div class="inner-content" > <p class="inser-title">摸鱼大闯关-答案(11-20关)(涉嫌剧透,谨慎观看)</p> <div class="inster-summary text-muted"> 继续我们的摸鱼之旅~第十一关地址:https://p.hancel.org/helloworld/EFFACED.... </div> </div> </a> <!-- .inner-content #####--> </div> <!-- .post-inser ####--> </div> © Allow specification reprint Support Appreciate the author AliPayWeChat Like 2 If you think my article is useful to you, please feel free to appreciate
2 comments
全局搜索用的是什么方式,是软件还是其他???
浏览器开发者后台CRTL+F