PicoCTF Writeup – dont-use-client-side
# Information:
CTF Name: PicoCTF
CTF Challenge: dont-use-client-side
Challenge Category: Web Exploitation
Challenge Points: 200
PicoCTF 2019.
# Challenge Description:
Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/17682/ or http://jupiter.challenges.picoctf.org:17682
Hint: Never trust the client
# Writeup
In this challenge, we are given a link. Upon clicking on it this is the page that appears:
It seems that we have to insert some kind of password to access the site and probably to get the flag. I decided to inspect the source code, it could have something relevant! To do so I pressed F12. These were the contents of the index page:
It seems we have a function called verify that checks if the inserted password is correct. By reading the function line by line we can get the password, so let’s go!
1- First we get the value inserted by the user into the variable checkpass, line 11.
2- After this, we assign 4 to the variable split. line 12.
3- The first if statement verifies if the first 4 positions of the given password are “pico”, if so it moves on to the next if statement, line 13.
4- The second if verifies if the value in the interval between positions 24 to 28 (-1) is 706c, if it is true it moves to the next if. line 14.
5- The third if compares the interval between positions 4 to 8 (-1) to CTF{, if it is true it moves to the next if. line 15.
6- And so on, the process is very similar to all of the if statements.
While we read this entire function we can reconstruct the password as follows, in step 3 we have the first 4 positions: pico. In step 5 we have the next four positions: CTF{. You know where this is going…
And the flag is:
Thank you very much for reading!
Cheers,
MRegra
Good day! I could have sworn I’ve visited this web
site before but after going through some of the articles I realized it’s new to me.
Anyhow, I’m certainly happy I discovered it and I’ll be bookmarking
it and checking back frequently!