No longer obsessed with registering VNU subjects – Part 1

First, I would like to correct, this is not an article guiding the illegal exploitation and intrusion of the system. I want to write to share about system analysis techniques for the purpose of exchanging knowledge. Especially useful for web application developers who are concerned about security issues. I am completely not responsible if you exploit with purpose and bad intentions.
After reading this article at least, you will be able to register yourself with a higher probability of success. For those of you who don't care about technical things, just read the Summary and Tips section . If you are developing a web or are concerned about security, there will also be more casestudy to apply to your system.
I see a lot of people who are unable to register or are experiencing difficulties on the subject system on the system. The process of the system is designed very simply, just need: select the subject, click record. DONE =))

However, the reality is not as simple as the process just now, students will surely have to go through many different emotions: fainting then naturally resurrecting, living, naturally die, in general is heart attack :)). Certainly users will experience these common cases:

– System open soon, or later notice
– Do not download the subject, do not allow login
– Choose a subject and be disguised
– Click not to record
– After recording, after a while F5 found that the subject was not registered

When encountering such emotional states, many students wanted to beat the computer = ((Which one wants to register the subject quickly and accurately. The journey to fulfill the dream of registering the subject in an instant start here …

This article will be divided into 3 parts: Introduction to the system, Exploring the system, Strategy to overcome.

I. Introduction of the system

First I would like to introduce the overview of the system.

The VNU registration system is accessed at the main address: http://dangkyhoc.vnu.edu.vn/
dkmh_1
After students log in the school account provided.
If students access the system at the time of registration, there are 2 possible scenarios.
– Show the list of subjects but have not allowed to choose subjects
– No list of subjects is displayed
– Do not display the list but have notice (not yet in the registration period of the subject)
– Register for regular subjects

II. Discover the system

In this article, I will present when the system is in the state: Not until registration time, but the subject has been shown.
Suppose 9 hours the system will open the course registration, but show the list of expected subjects from before (9am earlier)

screen-shot-2016-12-21-at-23-08-16

Curious to see the system resources sent to the client, we get the following js files:

screen-shot-2016-12-21-at-22-20-52
I noticed before and after opening the registration, the server returned some of the same files !!! Doubt too :)). Open the Registration.js file.
screen-shot-2016-12-21-at-22-32-58
Looking horribly, there are some files that have been minify: 3

Download the file and refactor format code:

screen-shot-2016-12-21-at-22-33-28
Seems better, code is easy to read :))

Curious about requests, I will only care about functions related to POST and GET operations on the server. I found 2 functions that called ajaxRequest ()

screen-shot-2016-12-21-at-22-34-41

There is a DSDK () function that looks like the POST operation on the server. Let's look at the next callback in it.
screen-shot-2016-12-21-at-22-36-23
function errorCallback1 we see suspicions here ??? There are variables: $ registrationAvailable

I guess $ registrationAvailable is the bottom line of the problem :))

It is currently 8am, how to test the browser console:

$registrationAvailable = “false” :))

How to correct yourself as true:

$registrationAvailable = true

screen-shot-2016-12-21-at-22-37-32
: / The system is the same ??? It is impossible to produce this variable but it cannot be used. Try creating the web actions. I will transfer the subject to the whole school subject.

Screen Shot 2016-12-21 at 22.39.00.png
If the page has reloaded some content, and the checkbox is checked, the default subscription list can also be removed. The sky is expanding right before the eyes =)) It is 8:15 am now. I can now choose subjects, cancel courses like when the system opens registration. While other students will not be able to log in.

After choosing enough credits, and the fitness you want to study, I will click send. Wait! Where is my record button: (((.

Where did the system open but shows the record button: sexy:

screen-shot-2016-12-21-at-22-40-12

Can not give up, continue to search …
Continue rereading the js file in Registration.js , there is a function to care about here
screen-shot-2016-12-21-at-22-41-48

The function will run when clicking on the "confirm-registration" class. Find out what that class is.

screen-shot-2016-12-21-at-22-43-37

It turns out that html source does not exist where the class .confirm-registration is. Only when it is 9 o'clock does the card appear : / Try creating an arbitrary button and inserting class into html source

Try creating any button and insert class into html source

hackme

Screen Shot 2016-12-21 at 23.03.48.png

Now I click the "hackme" button to see

screen-shot-2016-12-21-at-22-48-19

Oh :)) a request has been sent. Try reading the response information:

first
Not until registration time @@@. Thus, it can be said that the way to register before the door is opened, because the system has checked on the server ?

Looking back, we have harvested a very valuable one, that is Unopened, but we have prepared everything, from default cancellation, fitness registration, satisfactory subjects without anyone. insert foot register. Leave a battlefield alone, choose a subject easier on facebook :)). And so the registration process will be more convenient. At the exact time of registration 9 o'clock, press the newly created HACKME button above. The summary is simple and you can apply this:

Step 1: Before starting the registration time about 15-20p: enter the console activation variable $ registrationAvailable = true
Step 2: Edit or create any button and name the class "confim-registration".
Step 3: Change the mode to the whole school subject to reload the data
Step 4: Operation to register to choose a normal subject
Step 5: Wait until the registration time, click the Button just created.

Not yet

Obviously with this tactic we have not hacked the system illegally, we only skillfully prepare "things", and when we enter the battle, press the record button to finish.

DRILL !!!

While this time all students are eager to F5, scramble each fitness slot, you have completed from 9pm. Glad and post the photo to show off the subject. However, life was not so convenient, after 15 minutes, the registration result was reset from the beginning !!!. I lost all the subjects I registered, and the gym also flew ? This action is really giving people a heart attack ?

images

Something suspicious here : / Probably on the management side there is a reset mode of the registration results. So there are many students who register for good physical education and rest assured to go to sleep and wake up completely :)) this is due to this Reset function =)))

wishihadsomethingilikedwasgoodatand_f743a223c2219be19945fc6534c2616e

Calm down, now I will send requests from history a few minutes ago.

screen-shot-2016-12-21-at-22-55-00

Oh, the system recorded success. :)) (This part I would like to skip because it is quite long, if I have time I will talk in detail in Part 2, there are many techniques to apply the registration easier)

In summary, after applying the record, please remember to pay attention, successful registration, do not rush to celebrate but leave to play, it is likely that the school will reset, crying at that time =))

TIPS

In addition to the 5 steps above, there are some tips I want to share to register more easily:
– Use Firefox instead of Coc Coc, chrome, clear cache, or open anonymously.
– The system is distributed on many IPs, not just domain names http://dangkyhoc.vnu.edu.vn/
When lagging, you can go to either or both of the following pages:
http://dangkyhoc.vnu.edu.vn/
http://112.137.128.121/
– Should act calmly, not able to work :))
– You must regularly visit http://dangkyhoc.vnu.edu.vn/ to not expire the session. Just open the tab http://dangkyhoc.vnu.edu.vn/ sometimes press F5.
– When you successfully record, do not rush to celebrate, continue to follow http://dangkyhoc.vnu.edu.vn/xem-va-…
When you lose a subject, the reason the school resets the results, you must register again from the beginning
– The simplest way is to ask the guy who UET to register for him :))
In fact, in the system Register the subject there are many things that we can explore, study, from the system deployed to disperse many servers, mechanisms to send and receive requests …

In this part 1, I just talked briefly about how to implement the system. If I have time I will talk in more detail the way I perform resent request in part 2. Besides, I will suggest supporting the action pane above :)). See you later.

===

Today, commemorating the date of buying the first guitar back to play, is also the first time the blog post should be written. ?

guitar

Wish you all have a happy birthday with a happy feeling and like you :))

Thank you for taking the time to read this article =))

Love :))

ITZone via tuantmsite

Share the news now