dont-use-client-side
March 13, 2025Problem Description
*Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/37821/
(link) or http://jupiter.challenges.picoctf.org:37821
- Target: https://jupiter.challenges.picoctf.org/problem/37821/
- Goal: extract a flag
- Initial Observations: Seems like I will use Burp suite
Tools Used
- Web inspect
- Notepad
Solution Steps
Viewing the source code of the web page
I noticed a JS code that verify the password so there is no need for burp suite. let’s see how the code works.Understanding the JS code
|
|
It is a simple code that takes the password and check every part of it if it matches spliced part. After I rearranged the sliced parts I got this
if (checkpass.substring(0, split) == ‘’) { if (checkpass.substring(split, split2) == ‘’) { if (checkpass.substring(split2, split3) == ‘’) { if (checkpass.substring(split3, split4) == ‘’) { if (checkpass.substring(split4, split5) == ‘’) { if (checkpass.substring(split5, split6) == ‘’) { if (checkpass.substring(split6, split7) == ‘’) { if (checkpass.substring(split7, split*8) == ‘’) {
picoCTF{T4QI}