所以我本周参加了一次夺旗活动,其中一项挑战让我很困惑。
预览:
[] [(![] + [])[+ []] +([![]] + [] [[]])[+!+ [] + [+ []]] +(! [] + [])[!+ [] +!+ []] +(!! [] + [])[+ []] +(!! [] + [])[!+ [] +!+ [] +!+ []] +(!! [] + [])[+!+ []]] [([[(![] + [])[+ []] +([![] ] + [] [[]])[+!+ [] + [+ []]] +(![] + [])[!+ [] +!+ []] +(!! [] + [ ])[+ []] +(!! [] + [])[!+
这是给出的文件,它让我想起了this,在玩了一会儿之后我把它输入到浏览器的JavaScript控制台上,并弹出了一个警告标志。
如果有人可以解释为什么这样做,以及如何创造这样的东西。将其转换为普通的JavaScript也很简单,我想这可能是攻击者在我的浏览器中执行粗略代码的一种方式。
答案 0 :(得分:0)
我提供了一些可能有用的链接
transaltejs(github code)将字符串翻译成此模式
explanetion 1,jsfuck
explanation 2,JavaScript,奇怪的部分
这样做的关键
false => ![]
true => !! []
undefined => [] [[]]
NaN => + [![]]
0 => + []
1 => +!+ []
2 => !+ [] +!+ []
10 => [+!+ [] + [+ []]
Array => []
Number => + []
String => [] + []
布尔值=> ![]
功能=> [] [ “过滤器”]
eval => [] [ “过滤器”] “构造”()
window => [] [ “过滤器”] “构造”()