dont-use-client-side

March 13, 2025

Problem Description

*Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/37821/ (link) or http://jupiter.challenges.picoctf.org:37821


Tools Used

  • Web inspect
  • Notepad

Solution Steps

  1. Viewing the source code of the web page
    I noticed a JS code that verify the password so there is no need for burp suite. let’s see how the code works.

  2. Understanding the JS code

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
function verify() {
	checkpass = document.getElementById("pass").value;|
	split = 4;
	if (checkpass.substring(0, split) == 'pico') {
		if (checkpass.substring(split*6, split*7) == 'a3c8') {
			if (checkpass.substring(split, split*2) == 'CTF{') {
				if (checkpass.substring(split*4, split*5) == 'ts_p') {
					if (checkpass.substring(split*3, split*4) == 'lien') {
						if (checkpass.substring(split*5, split*6) == 'lz_1') {
							if (checkpass.substring(split*2, split*3) == 'no_c') {
								if (checkpass.substring(split*7, split*8) == '9}') {
									alert("Password Verified")}}}}}}}}
else {
	alert("Incorrect password");}}

It is a simple code that takes the password and check every part of it if it matches spliced part. After I rearranged the sliced parts I got this

if (checkpass.substring(0, split) == ‘’) { if (checkpass.substring(split, split2) == ‘’) { if (checkpass.substring(split2, split3) == ‘’) { if (checkpass.substring(split3, split4) == ‘’) { if (checkpass.substring(split4, split5) == ‘’) { if (checkpass.substring(split5, split6) == ‘’) { if (checkpass.substring(split6, split7) == ‘’) { if (checkpass.substring(split7, split*8) == ‘’) {

picoCTF{T4QI}


Categories: