dont-use-client-side

Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/17682/ (link) or http://jupiter.challenges.picoctf.org:17682

Never trust the client

Let's check how secure this portal really is.

Unfortunately the credentials are checked on the Client side which allows us to reverse engineer the password.

Script

function verify() {
    checkpass = document.getElementById("pass").value;
    split = 4;
    if (checkpass.substring(0, split) == 'pico') {
      if (checkpass.substring(split*6, split*7) == '706c') {
        if (checkpass.substring(split, split*2) == 'CTF{') {
         if (checkpass.substring(split*4, split*5) == 'ts_p') {
          if (checkpass.substring(split*3, split*4) == 'lien') {
            if (checkpass.substring(split*5, split*6) == 'lz_b') {
              if (checkpass.substring(split*2, split*3) == 'no_c') {
                if (checkpass.substring(split*7, split*8) == '5}') {
                  alert("Password Verified")
                  }
                }
              }
      
            }
          }
        }
      }
    }
    else {
      alert("Incorrect password");
    }
}

It gets the value of an HTML element with the ID "pass" and stores it in the variable checkpass.

It then defines a variable split with a value of 4.

It checks the checkpass string against several conditions using substring to extract specific parts of the string.

All we have to do is arrange the split password.

Flag

picoCTF{no_clients_plz_b706c5}

Last updated 9 months ago