dont-use-client-side
Can you break into this super secure portal?
https://jupiter.challenges.picoctf.org/problem/17682/
(link) or http://jupiter.challenges.picoctf.org:17682

Let's check how secure this portal really is.

Unfortunately the credentials are checked on the Client side which allows us to reverse engineer the password.
Script
function verify() {
checkpass = document.getElementById("pass").value;
split = 4;
if (checkpass.substring(0, split) == 'pico') {
if (checkpass.substring(split*6, split*7) == '706c') {
if (checkpass.substring(split, split*2) == 'CTF{') {
if (checkpass.substring(split*4, split*5) == 'ts_p') {
if (checkpass.substring(split*3, split*4) == 'lien') {
if (checkpass.substring(split*5, split*6) == 'lz_b') {
if (checkpass.substring(split*2, split*3) == 'no_c') {
if (checkpass.substring(split*7, split*8) == '5}') {
alert("Password Verified")
}
}
}
}
}
}
}
}
else {
alert("Incorrect password");
}
}
It gets the value of an HTML element with the ID "pass" and stores it in the variable checkpass
.
It then defines a variable split
with a value of 4.
It checks the checkpass
string against several conditions using substring
to extract specific parts of the string.
All we have to do is arrange the split password.
Flag
picoCTF{no_clients_plz_b706c5}
Last updated
Was this helpful?