Skip to content

Latest commit

 

History

History
44 lines (37 loc) · 1.07 KB

File metadata and controls

44 lines (37 loc) · 1.07 KB

Client Side is Still Bad

Points: 150

Category

Web Exploitation

Question

I forgot my password again, but this time there doesn't seem to be a reset, can you help me? (link)

Hint

Client Side really is a bad way to do it.

Solution

Inspect element and piece the flag together

function verify() {
	checkpass = document.getElementById("pass").value;
	split = 4;
	if (checkpass.substring(split * 7, split * 8) == '}') {
		if (checkpass.substring(split * 6, split * 7) == 'd366') {
			if (checkpass.substring(split * 5, split * 6) == 'd_3b') {
				if (checkpass.substring(split * 4, split * 5) == 's_ba') {
					if (checkpass.substring(split * 3, split * 4) == 'nt_i') {
						if (checkpass.substring(split * 2, split * 3) == 'clie') {
							if (checkpass.substring(split, split * 2) == 'CTF{') {
								if (checkpass.substring(0, split) == 'pico') {
									alert("You got the flag!")
								}
							}
						}

					}
				}
			}
		}
	} else {
		alert("Incorrect password");
	}
}

Flag

picoCTF{client_is_bad_3bd366}