Bookmarklet
Name: Bookmarklet Description: Why search for the flag when I can make a bookmarklet to print it for me? Browse here, and find the flag! Author: Jeffery John Tags: Easy, Web Exploitation, picoCTF 2024, obfuscation, browser_webshell_solvable, browser Challenge from: picoCTF 2024 Hints: 1. A bookmarklet is a bookmark that runs JavaScript instead of loading a webpage. 2. What happens when you click a bookmarklet? 3. Web browsers have other ways to run JavaScript too.
Theory
According to the description, to get the flag we have to run a bookmarklet in the page address they just gave us. A bookmarklet is basically a kind of bookmark, but instead of taking you to a website, it runs a small JavaScript code in your browser on the page you're already on. You click it like a normal bookmark, but instead of loading a new site, it runs that code right there on the current page. For example, let's say that you're on a website with really small text, so a bookmarklet could make all the text bigger when you click it, without needing to install anything, it just does it. So let's go to the site and see what this bookmarklet is about.
Solution
So we'll open the website:
Oh, well, yeah the code for the bookmarklet is there, so because the code is just your usual JavaScript, you can just paste it in the JS console in the DevTools, you really don't need to change anything from this code, it'll work (also don't copy this code it might be outdated, and I replaced the characters in the encrypted flag to be ascii friendly):
javascript:(function() {
var encryptedFlag = "aO?P|E-eU?O?OUaUN?OO?O?AD?U?i";
var key = "picoctf";
var decryptedFlag = "";
for (var i = 0; i < encryptedFlag.length; i++) {
decryptedFlag += String.fromCharCode((encryptedFlag.charCodeAt(i) - key.charCodeAt(i % key.length) + 256) % 256);
}
alert(decryptedFlag);
})();
ALERT:
picoCTF{p@g3_turn3r_1d1ba7e0}
There we go! That's the flag.
I rated this level as "good"! :3
https://play.picoctf.org/practice/challenge/406