[原创]小黑冰第十个CM-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

最新回复 (26) ◀ 1 2
samisgod 雪币： 239 活跃值： (20) 能力值： ( LV9，RANK：170 ) 在线值：发帖 18 回帖 276 粉丝 0 关注私信	samisgod 4 26 楼简单贴下算法，好久没玩E了写的不好请拍砖 0040CA16 55 push ebp 0040CA17 8BEC mov ebp, esp 0040CA19 81EC 38000000 sub esp, 38 0040CA1F 6A FF push -1 0040CA21 6A 08 push 8 0040CA23 68 03000116 push 16010003 0040CA28 68 01000152 push 52010001 0040CA2D E8 74090000 call 0040D3A6 ; 取用户名 0040CA32 83C4 10 add esp, 10 ; 设为55555 0040CA35 8945 FC mov dword ptr [ebp-4], eax 0040CA38 68 04000080 push 80000004 0040CA3D 6A 00 push 0 0040CA3F 8B45 FC mov eax, dword ptr [ebp-4] 0040CA42 85C0 test eax, eax 0040CA44 75 05 jnz short 0040CA4B 0040CA46 B8 CBC04000 mov eax, 0040C0CB 0040CA4B 50 push eax 0040CA4C 68 01000000 push 1 0040CA51 BB 64010000 mov ebx, 164 0040CA56 E8 3F090000 call 0040D39A ; 用户名转Float型，如用户名不为数字将返回0值 0040CA5B 83C4 10 add esp, 10 0040CA5E 8945 F4 mov dword ptr [ebp-C], eax 0040CA61 8955 F8 mov dword ptr [ebp-8], edx 0040CA64 8B5D FC mov ebx, dword ptr [ebp-4] 0040CA67 85DB test ebx, ebx 0040CA69 74 09 je short 0040CA74 0040CA6B 53 push ebx 0040CA6C E8 2F090000 call 0040D3A0 0040CA71 83C4 04 add esp, 4 0040CA74 68 01030080 push 80000301 0040CA79 6A 00 push 0 0040CA7B 68 05F47901 push 179F405 ; 24769541 0040CA80 68 01000000 push 1 0040CA85 BB 64010000 mov ebx, 164 0040CA8A E8 0B090000 call 0040D39A ; 常量24769541转Float 0040CA8F 83C4 10 add esp, 10 0040CA92 8945 EC mov dword ptr [ebp-14], eax 0040CA95 8955 F0 mov dword ptr [ebp-10], edx 0040CA98 68 01030080 push 80000301 0040CA9D 6A 00 push 0 0040CA9F 68 D4060000 push 6D4 ; 1748 0040CAA4 68 01000000 push 1 0040CAA9 BB 64010000 mov ebx, 164 0040CAAE E8 E7080000 call 0040D39A ; 常量1748转Float型 0040CAB3 83C4 10 add esp, 10 0040CAB6 8945 E4 mov dword ptr [ebp-1C], eax 0040CAB9 8955 E8 mov dword ptr [ebp-18], edx 0040CABC DD45 F4 fld qword ptr [ebp-C] ; 用户名Float值(55555) 0040CABF DC45 EC fadd qword ptr [ebp-14] ; +24769541 0040CAC2 DC45 E4 fadd qword ptr [ebp-1C] ; +1748 0040CAC5 DD5D DC fstp qword ptr [ebp-24] ; =24826844 0040CAC8 68 01060080 push 80000601 0040CACD FF75 E0 push dword ptr [ebp-20] 0040CAD0 FF75 DC push dword ptr [ebp-24] 0040CAD3 68 01000000 push 1 0040CAD8 BB 68010000 mov ebx, 168 0040CADD E8 B8080000 call 0040D39A ; 24826844转Str 0040CAE2 83C4 10 add esp, 10 0040CAE5 8945 D8 mov dword ptr [ebp-28], eax 0040CAE8 6A FF push -1 0040CAEA 6A 08 push 8 0040CAEC 68 02000116 push 16010002 0040CAF1 68 01000152 push 52010001 0040CAF6 E8 AB080000 call 0040D3A6 ; 取机器码 0040CAFB 83C4 10 add esp, 10 ; 设1347726889 0040CAFE 8945 D4 mov dword ptr [ebp-2C], eax 0040CB01 FF75 D4 push dword ptr [ebp-2C] 0040CB04 FF75 D8 push dword ptr [ebp-28] 0040CB07 B9 02000000 mov ecx, 2 0040CB0C E8 0CFEFFFF call 0040C91D ; 24826844与机器码进行字符串连接即为密码 0040CB11 83C4 08 add esp, 8 0040CB14 8945 D0 mov dword ptr [ebp-30], eax 0040CB17 8B5D D8 mov ebx, dword ptr [ebp-28] 0040CB1A 85DB test ebx, ebx 0040CB1C 74 09 je short 0040CB27 0040CB1E 53 push ebx 0040CB1F E8 7C080000 call 0040D3A0 0040CB24 83C4 04 add esp, 4 0040CB27 8B5D D4 mov ebx, dword ptr [ebp-2C] 0040CB2A 85DB test ebx, ebx 0040CB2C 74 09 je short 0040CB37 0040CB2E 53 push ebx 0040CB2F E8 6C080000 call 0040D3A0 0040CB34 83C4 04 add esp, 4 0040CB37 6A FF push -1 0040CB39 6A 08 push 8 0040CB3B 68 04000116 push 16010004 0040CB40 68 01000152 push 52010001 0040CB45 E8 5C080000 call 0040D3A6 ; 取输入的密码 0040CB4A 83C4 10 add esp, 10 0040CB4D 8945 CC mov dword ptr [ebp-34], eax 0040CB50 8B45 D0 mov eax, dword ptr [ebp-30] 0040CB53 50 push eax 0040CB54 FF75 CC push dword ptr [ebp-34] 0040CB57 E8 1DFEFFFF call 0040C979 ; 比较 0040CB5C 83C4 08 add esp, 8 ; (返回值放入eax) 0040CB5F 83F8 00 cmp eax, 0 ; 比较eax是否为0(是则正确) 0040CB62 B8 00000000 mov eax, 0 0040CB67 0F94C0 sete al 0040CB6A 8945 C8 mov dword ptr [ebp-38], eax 0040CB6D 8B5D CC mov ebx, dword ptr [ebp-34] 0040CB70 85DB test ebx, ebx 0040CB72 74 09 je short 0040CB7D 0040CB74 53 push ebx 0040CB75 E8 26080000 call 0040D3A0 0040CB7A 83C4 04 add esp, 4 0040CB7D 8B5D D0 mov ebx, dword ptr [ebp-30] 0040CB80 85DB test ebx, ebx 0040CB82 74 09 je short 0040CB8D 0040CB84 53 push ebx 0040CB85 E8 16080000 call 0040D3A0 0040CB8A 83C4 04 add esp, 4 0040CB8D 837D C8 00 cmp dword ptr [ebp-38], 0 0040CB91 0F84 35000000 je 0040CBCC 0040CB97 6A 00 push 0 0040CB99 6A 00 push 0 2008-12-23 10:32 0
shuiwang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 3 粉丝 0 关注私信	shuiwang 27 楼明码比较这个好破 2008-12-30 21:16 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (26) ◀ 1 2
samisgod 雪币： 239 活跃值： (20) 能力值： ( LV9，RANK：170 ) 在线值：发帖 18 回帖 276 粉丝 0 关注私信	samisgod 4 26 楼简单贴下算法，好久没玩E了写的不好请拍砖 0040CA16 55 push ebp 0040CA17 8BEC mov ebp, esp 0040CA19 81EC 38000000 sub esp, 38 0040CA1F 6A FF push -1 0040CA21 6A 08 push 8 0040CA23 68 03000116 push 16010003 0040CA28 68 01000152 push 52010001 0040CA2D E8 74090000 call 0040D3A6 ; 取用户名 0040CA32 83C4 10 add esp, 10 ; 设为55555 0040CA35 8945 FC mov dword ptr [ebp-4], eax 0040CA38 68 04000080 push 80000004 0040CA3D 6A 00 push 0 0040CA3F 8B45 FC mov eax, dword ptr [ebp-4] 0040CA42 85C0 test eax, eax 0040CA44 75 05 jnz short 0040CA4B 0040CA46 B8 CBC04000 mov eax, 0040C0CB 0040CA4B 50 push eax 0040CA4C 68 01000000 push 1 0040CA51 BB 64010000 mov ebx, 164 0040CA56 E8 3F090000 call 0040D39A ; 用户名转Float型，如用户名不为数字将返回0值 0040CA5B 83C4 10 add esp, 10 0040CA5E 8945 F4 mov dword ptr [ebp-C], eax 0040CA61 8955 F8 mov dword ptr [ebp-8], edx 0040CA64 8B5D FC mov ebx, dword ptr [ebp-4] 0040CA67 85DB test ebx, ebx 0040CA69 74 09 je short 0040CA74 0040CA6B 53 push ebx 0040CA6C E8 2F090000 call 0040D3A0 0040CA71 83C4 04 add esp, 4 0040CA74 68 01030080 push 80000301 0040CA79 6A 00 push 0 0040CA7B 68 05F47901 push 179F405 ; 24769541 0040CA80 68 01000000 push 1 0040CA85 BB 64010000 mov ebx, 164 0040CA8A E8 0B090000 call 0040D39A ; 常量24769541转Float 0040CA8F 83C4 10 add esp, 10 0040CA92 8945 EC mov dword ptr [ebp-14], eax 0040CA95 8955 F0 mov dword ptr [ebp-10], edx 0040CA98 68 01030080 push 80000301 0040CA9D 6A 00 push 0 0040CA9F 68 D4060000 push 6D4 ; 1748 0040CAA4 68 01000000 push 1 0040CAA9 BB 64010000 mov ebx, 164 0040CAAE E8 E7080000 call 0040D39A ; 常量1748转Float型 0040CAB3 83C4 10 add esp, 10 0040CAB6 8945 E4 mov dword ptr [ebp-1C], eax 0040CAB9 8955 E8 mov dword ptr [ebp-18], edx 0040CABC DD45 F4 fld qword ptr [ebp-C] ; 用户名Float值(55555) 0040CABF DC45 EC fadd qword ptr [ebp-14] ; +24769541 0040CAC2 DC45 E4 fadd qword ptr [ebp-1C] ; +1748 0040CAC5 DD5D DC fstp qword ptr [ebp-24] ; =24826844 0040CAC8 68 01060080 push 80000601 0040CACD FF75 E0 push dword ptr [ebp-20] 0040CAD0 FF75 DC push dword ptr [ebp-24] 0040CAD3 68 01000000 push 1 0040CAD8 BB 68010000 mov ebx, 168 0040CADD E8 B8080000 call 0040D39A ; 24826844转Str 0040CAE2 83C4 10 add esp, 10 0040CAE5 8945 D8 mov dword ptr [ebp-28], eax 0040CAE8 6A FF push -1 0040CAEA 6A 08 push 8 0040CAEC 68 02000116 push 16010002 0040CAF1 68 01000152 push 52010001 0040CAF6 E8 AB080000 call 0040D3A6 ; 取机器码 0040CAFB 83C4 10 add esp, 10 ; 设1347726889 0040CAFE 8945 D4 mov dword ptr [ebp-2C], eax 0040CB01 FF75 D4 push dword ptr [ebp-2C] 0040CB04 FF75 D8 push dword ptr [ebp-28] 0040CB07 B9 02000000 mov ecx, 2 0040CB0C E8 0CFEFFFF call 0040C91D ; 24826844与机器码进行字符串连接即为密码 0040CB11 83C4 08 add esp, 8 0040CB14 8945 D0 mov dword ptr [ebp-30], eax 0040CB17 8B5D D8 mov ebx, dword ptr [ebp-28] 0040CB1A 85DB test ebx, ebx 0040CB1C 74 09 je short 0040CB27 0040CB1E 53 push ebx 0040CB1F E8 7C080000 call 0040D3A0 0040CB24 83C4 04 add esp, 4 0040CB27 8B5D D4 mov ebx, dword ptr [ebp-2C] 0040CB2A 85DB test ebx, ebx 0040CB2C 74 09 je short 0040CB37 0040CB2E 53 push ebx 0040CB2F E8 6C080000 call 0040D3A0 0040CB34 83C4 04 add esp, 4 0040CB37 6A FF push -1 0040CB39 6A 08 push 8 0040CB3B 68 04000116 push 16010004 0040CB40 68 01000152 push 52010001 0040CB45 E8 5C080000 call 0040D3A6 ; 取输入的密码 0040CB4A 83C4 10 add esp, 10 0040CB4D 8945 CC mov dword ptr [ebp-34], eax 0040CB50 8B45 D0 mov eax, dword ptr [ebp-30] 0040CB53 50 push eax 0040CB54 FF75 CC push dword ptr [ebp-34] 0040CB57 E8 1DFEFFFF call 0040C979 ; 比较 0040CB5C 83C4 08 add esp, 8 ; (返回值放入eax) 0040CB5F 83F8 00 cmp eax, 0 ; 比较eax是否为0(是则正确) 0040CB62 B8 00000000 mov eax, 0 0040CB67 0F94C0 sete al 0040CB6A 8945 C8 mov dword ptr [ebp-38], eax 0040CB6D 8B5D CC mov ebx, dword ptr [ebp-34] 0040CB70 85DB test ebx, ebx 0040CB72 74 09 je short 0040CB7D 0040CB74 53 push ebx 0040CB75 E8 26080000 call 0040D3A0 0040CB7A 83C4 04 add esp, 4 0040CB7D 8B5D D0 mov ebx, dword ptr [ebp-30] 0040CB80 85DB test ebx, ebx 0040CB82 74 09 je short 0040CB8D 0040CB84 53 push ebx 0040CB85 E8 16080000 call 0040D3A0 0040CB8A 83C4 04 add esp, 4 0040CB8D 837D C8 00 cmp dword ptr [ebp-38], 0 0040CB91 0F84 35000000 je 0040CBCC 0040CB97 6A 00 push 0 0040CB99 6A 00 push 0 2008-12-23 10:32 0
shuiwang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 3 粉丝 0 关注私信	shuiwang 27 楼明码比较这个好破 2008-12-30 21:16 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复