PicoCTF Writeup – dont-use-client-side

# Information:

 

CTF Name: PicoCTF

CTF Challenge: dont-use-client-side

Challenge Category: Web Exploitation

Challenge Points: 200

PicoCTF 2019.

# Challenge Description:

Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/17682/ or http://jupiter.challenges.picoctf.org:17682

Hint: Never trust the client

# Writeup 

In this challenge, we are given a link. Upon clicking on it this is the page that appears:  

It seems that we have to insert some kind of password to access the site and probably to get the flag. I decided to inspect the source code, it could have something relevant!   To do so I pressed F12. These were the contents of the index page:  

It seems we have a function called verify that checks if the inserted password is correct. By reading the function line by line we can get the password, so let’s go!

1- First we get the value inserted by the user into the variable checkpass, line 11

2- After this, we assign 4 to the variable split. line 12

3- The first if statement verifies if the first 4 positions of the given password are “pico”, if so it moves on to the next if statement, line 13

4- The second if verifies if the value in the interval between positions 24 to 28 (-1) is 706c, if it is true it moves to the next if. line 14.

5- The third if compares the interval between positions 4 to 8 (-1) to CTF{, if it is true it moves to the next if. line 15.

6- And so on, the process is very similar to all of the if statements. 

While we read this entire function we can reconstruct the password as follows, in step 3 we have the first 4 positions: pico. In step 5 we have the next four positions: CTF{. You know where this is going…  

And the flag is:  

Show flag
picoCTF{no_clients_plz_b706c5}

Thank you very much for reading!

Cheers,

MRegra


Share this post:

Popular posts

One Reply to “PicoCTF Writeup – dont-use-client-side”

  1. Good day! I could have sworn I’ve visited this web
    site before but after going through some of the articles I realized it’s new to me.

    Anyhow, I’m certainly happy I discovered it and I’ll be bookmarking
    it and checking back frequently!

Leave a Reply

Your email address will not be published. Required fields are marked *