Local Authority
April 27, 2025Problem Description
Can you get the flag? Go to this website and see what you can discover.
- Target: http://saturn.picoctf.net:58822/
- Goal: extract a flag
- Initial Observations: A simple login page let’s see what does it hide
Tools Used
- Burp Suite
- Web Inspect
Solution Steps
Let’s random data then see what we get
I triedssss, 1234and gotLog In Failed
Let’s see the request in Burp Suite and learn how the credentials is dealt with
Intercept the request then pass it to the repeater. You can see one Java script file calledsecure.js
and the script that checks the username and password and validates the credentials1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43filterPassed = true; for (let i =0; i < string.length; i++){ cc = string.charCodeAt(i); if ( (cc >= 48 && cc <= 57) || (cc >= 65 && cc <= 90) || (cc >= 97 && cc <= 122) ) { filterPassed = true; } else { return false; } } return true; } window.username = "ssss"; window.password = "1234"; usernameFilterPassed = filter(window.username); passwordFilterPassed = filter(window.password); if ( usernameFilterPassed && passwordFilterPassed ) { loggedIn = checkPassword(window.username, window.password); if(loggedIn) { document.getElementById('msg').innerHTML = "Log In Successful"; document.getElementById('adminFormHash').value = "2196812e91c29df34f5e217cfd639881"; document.getElementById('hiddenAdminForm').submit(); } else { document.getElementById('msg').innerHTML = "Log In Failed"; } } else { document.getElementById('msg').innerHTML = "Illegal character in username or password." }
| |