login

My dog-sitter's brother made this website but I can't get in; can you help? login.mars.picoctf.net

Let's input some credentials and check the Developer Tools > Network tab.

We can see that the Network tab is empty. This means that no request is being sent to any server.

So the credential check must be happening on the client side. Let's check the source code of the site.

We can see that there is an index.js file.

We can format the script using an online Javascript formatter.

Script

(async () => {
  await new Promise((e) => window.addEventListener("load", e)),
    document.querySelector("form").addEventListener("submit", (e) => {
      e.preventDefault();
      const r = {
          u: "input[name=username]",
          p: "input[name=password]",
        },
        t = {};
      for (const e in r)
        t[e] = btoa(document.querySelector(r[e]).value).replace(/=/g, "");
      return "YWRtaW4" !== t.u
        ? alert("Incorrect Username")
        : "cGljb0NURns1M3J2M3JfNTNydjNyXzUzcnYzcl81M3J2M3JfNTNydjNyfQ" !== t.p
        ? alert("Incorrect Password")
        : void alert(`Correct Password! Your flag is ${atob(t.p)}.`);
    });
})();

The script defines two objects r and t, which represent the username and password input fields.

The script then loops through the properties in the r object (username and password) and uses the btoa function to encode the values of the corresponding input fields. The .replace(/=/g, "") part removes the equal signs from the base64-encoded strings.

It then checks if the base64-encoded username (t.u) is equal to YWRtaW4 and the base64-encoded password (t.p) is equal to cGljb0NURns1M3J2M3JfNTNydj3NyfQ.

If they match, it displays an alert with a success message, and if not, it displays an alert with an error message.

Let's use Cyberchef to decode the encoded password.

Flag

picoCTF{53rv3r_53rv3r_53rv3r_53rv3r_53rv3r}