Henry's Notebook
Many strange things
搜索
菜单
导航
首页
最近更改
随机页面
帮助
Henry's Home
个人资料
个人资料
创建账户
登录
消息
目前您没有通知。请访问您的
讨论页
以查看过去消息。
页面工具
内容页面
讨论
查看源代码
历史
首页
»
页面s
查看“CEB”的源代码
←
CEB
页面上次由
HenryHu
编辑于10年前
因为以下原因,您没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:emailconfirmed
您可以查看与复制此页面的源代码。
== Objects == * cebiesign <pre> <object id="cebiesign" name="cebiesign" classid="clsid:f3e92562-1b4d-4bfa-b2d4-e9bcabe3b5a8" codebase="js/cebiesign.ocx#version=2,0,0,4" border="0"> </object> </pre> * powercommit <pre> <object id="powercommit" codebase="js/PowerEnter.CAB#version=1,0,0,72" classid="clsid:BEEE2807-1709-4184-A05D-1B2DE01EE4CF" style="width:0px;height:0px" height="0" width="0"> <param name="width" value="0"> <param name="height" value="0"> <param name="frameName" value="mainFrame"> </object> </pre> * powerpassword <pre> <object id="powerpassword" codebase="js/PowerEnter.CAB#version=1,0,0,72" classid="clsid:614E58F9-74D0-4D7B-90E3-64A0F2AA73B4" style="width:186pxpx;height:23pxpx" height="23px" width="186px"> <param name="width" value="186px"> <param name="height" value="23px"> <param name="maxLength" value="20"> <param name="minLength" value="0"> <param name="maskChar" value="*"> <param name="backColor" value="#FFFFFF"> <param name="textColor" value="#000000"> <param name="borderColor" value="#7f9db9"> <param name="accepts" value="*"> <param name="msgBox" value="false"> <param name="fieldName" value="Password"> </object> </pre> == Commit Code == <source lang="javascript"> var blob ="BgIAAACkAABSU0ExAAQAAAEAAQAfFsbhRXwKJMLpsGExRSNaUxLZhaHvMp9ZJEgO2sa30lj6jc2BkNrF/35TKQuLphYVYwDLADdbRj23ChSzVWVmQwAs9CXrqR3tcYavKGsRBEeHEFctULIt6QFn/1Gz6F11k61K8G9yMXy9AGgN+pHum2X3EODpRJBFH9/w1VC+1w=="; function doLogin() { var ran = "<random value>"; if(ran != null && ran !="") { var random = parseFloat(ran)+1; document.form1.ran.value = random; } else { document.form1.ran.value = 0; } var powercommit = document.getElementById("powercommit"); var powerpassword = document.getElementById("powerpassword"); powercommit.reset(); powerpassword.publicKeyBlob(blob); powerpassword.commit("powercommit"); powercommit.submit("form1"); } </source> == Form Params == <source lang="html5"> <form name="form1" action="perlogin1.do" method="post"> <input type="hidden" name="_viewReferer" value="login/login01" /> <input type="hidden" name="_locale" value="zh_CN" /> <input type="hidden" name="version" value="20140529" /> <input type="hidden" name="Password" /> <input type="hidden" name="ran" value="063319703" /> <input type="hidden" name="TransName" value="" /> <input type="hidden" name="Plain" value="" /> <input type="hidden" name="Signature" value="" /> <input type="hidden" name="MerName" value="" /> <input type="hidden" name="TransType" value="" /> <input type="hidden" name="OperationNo" value="" /> <input type="hidden" name="MerDCFlag" value="" /> <input type="hidden" name="checkloginflag" value="" /> <input type="hidden" name="_tokenName" value="1jjihb5u" /> <div class="box"> <!--头部--> <div class=" head"><table cellpadding="0" cellspacing="0" border="0" style="margin:10px 0;"><tr><td align="left" ><img src="images/public/login_2.gif" /></td> </tr> </table> </div> <!--头部结束--> <!--内容--> <div class="content"> <table cellpadding="0" cellspacing="0" border="0"> <tr> <td class="conback" valign="top" > </td> <td class="conback2" valign="top" align="center"> <!--登录区--> <table cellpadding="0" cellspacing="0" border="0" class="login" width="433"> <tr><td valign="top" class="title line01" align="left"><img src="images/public/yhdl.gif" width="120" height="22" /> <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="1" height="1" id="flash" align="middle"> <param name="allowScriptAccess" value="sameDomain"/> <param name="movie" value="/per/bharosa_web/flash/bharosa.swf"/> <param name="quality" value="low"/> <param name="bgcolor" value="#ffffff"/> <param name=FlashVars value="dcUrl=/dc?s=true&"/> <embed src="/per/bharosa_web/flash/bharosa.swf" quality="low" bgcolor="#ffffff" FlashVars="dcUrl=/dc?s=true&" width="1" height="1"name="flash" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash"/> </object> </td></tr> <tr><td height="35" align="center"> </td></tr> <tr><td align="left"> <table cellpadding="0" cellspacing="3" border="0" width="100%"> <tr> <td class="size01 txt02" align="right" width="120">登录名或账号: </td> <td align="left" height="32" width="190"><input name="LoginName" id="skey" value="" class="input_out3" onfocus="this.className='input_on3';this.onmouseout=''" onblur="this.className='input_off3';this.onmouseout=function(){this.className='input_out3'};" type="text" size="16" /></td> <td width="100"> </td> </tr> <tr> <td class="size01 txt02" align="right" width="120">登录密码:<img src="images/public/wen.gif" alt="请输入您设置的8~14位网银登录密码"/></td> <td align="left" height="32"> <script type="text/javascript">writePassObject("powerpassword",{"fieldName":"Password","maxLength":"20","minLength":"0","width":"186px","height":"23px","msgBox":"false","maskChar":"*","borderColor":"#7f9db9"});</script> </td> <td align="left"> <a href="####" class="txt_line txt07" onclick="MM_openBrWindow('pwdHelp.do','个人网上银行常见问题解答','width=640,height=420')">密码输入帮助</a> <img id="image1" src="tokenImage.xx?_timesShowToken=2&ran=063319703" style="display:none"/> </td> </tr> <tr><td colspan="3" height="10"></td></tr> <tr><td colspan="3" align="center"> <img src="images/public/denglu_1.gif" onclick="doLogin();" style="cursor: hand"/> </td></tr> </table> </td></tr> <tr><td height="23"></td></tr> <tr><td class="txt08" align="center"><a href="FP320501.do" class="txt07 txt_line">找回登录名</a> | <a href="FP320301.do" class="txt07 txt_line">忘记登录密码</a> | <a href="FP990101.do?ident=gr&idper=ds" class="txt07 txt_line">我要开通网银</a> </td></tr> </table> <!--登录区结束--> </td> </tr> </table> </form> </source> == Sample Form == * username = 11111111 * password = 22222222 <source lang="xml"> <entry method="POST" url="https://www.cebbank.com/per/perlogin1.do"> <timestart>2014-06-19T06:00:43.594Z</timestart> <timeend>2014-06-19T06:00:44.064Z</timeend> <duration>0.470 s</duration> <processname>C:\Program Files\Internet Explorer\iexplore.exe</processname> <result>200 OK</result> <size>0</size> <stage>REQUEST_CLOSE</stage> <mimetype>text/html</mimetype> <redirecturl/> <requestCamefromCache>False</requestCamefromCache> <responseCamefromCache>False</responseCamefromCache> <requestobjectname>/per/perlogin1.do</requestobjectname> <winet_sr_result>True</winet_sr_result> <winet_sr_errormessage/> <bodySize>9333</bodySize> <Web_PageID>0</Web_PageID> <PageTitle/> <Socket_SendSize>0</Socket_SendSize> <Socket_RecvSize>0</Socket_RecvSize> <Starred>False</Starred> <Comment/> <headers> <requestheaders> <header>POST /per/perlogin1.do HTTP/1.1</header> <header>Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, */*</header> <header>Referer: https://www.cebbank.com/per/prePerlogin.do?_locale=zh_CN</header> <header>Accept-Language: en-us</header> <header>User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)</header> <header>Content-Type: application/x-www-form-urlencoded</header> <header>Accept-Encoding: gzip, deflate</header> <header>Host: www.cebbank.com</header> <header>Connection: Keep-Alive</header> <header>Cache-Control: no-cache</header> <header>Cookie: WT_FPC=id=2b3fd12fcdda9131eb91403212946597:lv=1403212951284:ss=1403212946597; cebmemberbranchcode=3550; cebmemberbranchname=%u5317%u4EAC%u5206%u884C; PERJSESSIONID=t6m9Tv0cW5s9jN7JhXFLBhvsbwnG9h4gLn0pyqKgDp97tnNPxdpC!-2124310495; BIGipServerpool_eb_8005=2366482624.17695.0000</header> <header>Content-Length: 388</header> </requestheaders> <responseheaders> <header>HTTP/1.1 200 OK</header> <header>Server: Sun-Java-System-Web-Server/7.0</header> <header>Date: Thu, 19 Jun 2014 10:01:06 GMT</header> <header>Cache-Control: no-cache</header> <header>Date: Thu, 19 Jun 2014 09:59:58 GMT</header> <header>Pragma: No-cache</header> <header>Content-type: text/html; charset=gbk</header> <header>Expires: Thu, 01 Jan 1970 00:00:00 GMT</header> <header>Content-Language: zh-CN</header> <header>X-Powered-By: Servlet/2.5 JSP/2.1</header> <header>Connection: Keep-alive</header> <header>Via: 1.1 AN-0001544151441131</header> <header>Content-Length: 9333</header> </responseheaders> </headers> <content> <contentLength>9333</contentLength> <mimetype>text/html</mimetype> </content> <cookies> <sent> <cookie name=" WT_FPC">id=2b3fd12fcdda9131eb91403212946597:lv=1403212951284:ss=1403212946597</cookie> <cookie name=" cebmemberbranchcode">3550</cookie> <cookie name=" cebmemberbranchname">±±¾©·ÖÐÐ</cookie> <cookie name=" PERJSESSIONID">t6m9Tv0cW5s9jN7JhXFLBhvsbwnG9h4gLn0pyqKgDp97tnNPxdpC!-2124310495</cookie> <cookie name=" BIGipServerpool_eb_8005">2366482624.17695.0000</cookie> </sent> <received/> </cookies> <cache> <BeforeRequest> <UrlInCache>False</UrlInCache> </BeforeRequest> <AfterRequest> <UrlInCache>False</UrlInCache> </AfterRequest> </cache> <QueryString/> <PostData> <mimetype>application/x-www-form-urlencoded</mimetype> <size>388</size> <params> <param name="_viewReferer">login/login01</param> <param name="_locale">zh_CN</param> <param name="version">20140529</param> <param name="Password">XQn0aqYKjJeFutYuXaooFuDF7cAU7jAYd4lpIff/qaZOd1gElxbw/ChRmY1mipjeUlpO0lO8FHO13VaeEyaQf54np25wFo6X2t0LlAKKpruupbDHEWas3pVuajAXsuUqsyqSeDqNlsXpckRWdFBopnzoKuggcgkaMLXsyJtGLU8=</param> <param name="ran">55924190</param> <param name="TransName"/> <param name="Plain"/> <param name="Signature"/> <param name="MerName"/> <param name="TransType"/> <param name="OperationNo"/> <param name="MerDCFlag"/> <param name="checkloginflag"/> <param name="_tokenName">z90qww5h</param> <param name="LoginName">11111111</param> </params> </entry> </source> == API Calls == CryptImportKey(blob) CryptEncrypt(NULL, 8) -> 128 (128 bytes required) CryptEncrypt(password, 8) -> encrypted pw encrypted pw: 0x03310BD0 D3 5F 47 03 22 A3 0D FA 0C DC 3D BE 06 43 E8 06 ._G.".....=..C.. 0x03310BE0 AF 4D E3 85 80 04 6F 38 46 80 AC F7 E5 79 23 6C .M....o8F....y#l 0x03310BF0 87 E0 D9 81 2B E7 EC 2B AE B7 BB 19 9B A4 13 68 ....+..+.......h 0x03310C00 E9 2B B3 64 80 DE E4 66 66 10 BF D5 56 2A 4E BC .+.d...ff...V*N. 0x03310C10 56 E4 47 66 7E 16 D7 DB 66 B7 05 43 BC AF D6 95 V.Gf~...f..C.... 0x03310C20 AA AD 37 31 0D DE E7 37 7E 71 D2 43 CE 65 1B EB ..71...7~q.C.e.. 0x03310C30 A4 03 03 D7 77 C7 7B A7 41 EA 51 B4 65 70 AD 08 ....w.{.A.Q.ep.. 0x03310C40 63 B3 63 21 84 05 37 F8 6D 2E 74 3C 1A 6A E0 C8 c.c!..7.m.t<.j.. 0x03332BA0 EC 3D A5 ED 3E B1 D7 59 60 9D 36 BA AC CB 22 EA .=..>..Y`.6...". 0x03332BB0 87 15 9A BB 73 D4 39 82 DB 07 3D 66 E7 28 E5 BF ....s.9...=f.(.. 0x03332BC0 6B 2E 0F C9 5E 23 9D 34 DC D2 D7 F3 99 20 A5 1E k...^#.4..... .. 0x03332BD0 56 41 97 F9 38 94 60 A4 7B 36 90 CF 78 99 EA 87 VA..8.`.{6..x... 0x03332BE0 4F 7E 3E 61 68 D8 C4 8E FD ED D3 DF FD 82 38 A1 O~>ah.........8. 0x03332BF0 0B 18 29 14 41 D6 FC C5 3C 3B 6A D1 61 97 17 57 ..).A...<;j.a..W 0x03332C00 E2 D2 F9 0E 11 57 4A AB 16 60 0F 3C 2D 4F DD 07 .....WJ..`.<-O.. 0x03332C10 2B 57 5A 49 3C D2 F4 DF F8 A0 E1 2D 4A DB BF 25 +WZI<......-J..% CryptCreateHash() CryptHashData(key1, 21) key1: 0x035092F8 63 73 69 69 5F 70 6F 77 65 72 65 6E 74 65 72 5F csii_powerenter_ 0x03509308 6A 61 73 6F 6E jason CryptEncrypt(key2, 16) -> encrypted key2 key2: 0x009AAC78 79 4B 52 6E 49 4E 7A 76 72 65 39 72 65 51 3D 3D yKRnINzvre9reQ== 0x0330FD70 30 66 6B 2B 63 39 7A 47 37 50 5A 48 59 41 3D 3D 0fk+c9zG7PZHYA== decoded key2: 00000000 c8 a4 67 20 dc ef ad ef 6b 79 |..g ....ky| 00000000 d1 f9 3e 73 dc c6 ec f6 47 60 |..>s....G`| encrypted key2: 0x009AAC78 D2 5B D6 88 DA F1 04 C6 97 0B 46 48 5F 07 84 D6 .[........FH_... 0x0330FD70 9B 76 EF CD F0 86 04 F7 D2 3E 25 72 63 17 84 D6 .v.......>%rc... CryptHashData(key1, 21) submit pw: Jb/bSi3hoPjf9NI8SVpXKwfdTy08D2AWq0pXEQ750uJXF5dh0Wo7PMX81kEUKRgLoTiC/d/T7f2OxNhoYT5+T4fqmXjPkDZ7pGCUOPmXQVYepSCZ89fS3DSdI17JDy5rv+Uo52Y9B9uCOdRzu5oVh+oiy6y6Np1gWdexPu2lPew= ran: 75915681 token: k1ssjcn1
返回至
CEB
。