dont-use-client-side
Problem Description
*Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/37821/ (
link
) or
http://jupiter.challenges.picoctf.org:37821
- Target: https://jupiter.challenges.picoctf.org/problem/37821/
- Goal: extract a flag
- Initial Observations: Seems like I will use Burp suite
Tools Used
- Web inspect
- Notepad
Solution Steps
-
Viewing the source code of the web page
I noticed a JS code that verify the password so there is no need for burp suite. let’s see how the code works. -
Understanding the JS code
function verify() {
checkpass = document.getElementById("pass").value;|
split = 4;
if (checkpass.substring(0, split) == 'pico') {
if (checkpass.substring(split*6, split*7) == 'a3c8') {
if (checkpass.substring(split, split*2) == 'CTF{') {
if (checkpass.substring(split*4, split*5) == 'ts_p') {
if (checkpass.substring(split*3, split*4) == 'lien') {
if (checkpass.substring(split*5, split*6) == 'lz_1') {
if (checkpass.substring(split*2, split*3) == 'no_c') {
if (checkpass.substring(split*7, split*8) == '9}') {
alert("Password Verified")}}}}}}}}
else {
alert("Incorrect password");}}It is a simple code that takes the password and check every part of it if it matches spliced part. After I rearranged the sliced parts I got this
if (checkpass.substring(0, split) == ‘’) { if (checkpass.substring(split, split2) == ‘’) { if (checkpass.substring(split2, split3) == ‘’) { if (checkpass.substring(split3, split4) == ‘’) { if (checkpass.substring(split4, split5) == ‘’) { if (checkpass.substring(split5, split6) == ‘’) { if (checkpass.substring(split6, split7) == ‘’) { if (checkpass.substring(split7, split*8) == ‘’) {
picoCTF{T4QI}