dont-use-client-side
Name: dont-use-client-side Description: Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/29835/ (link) or http://jupiter.challenges.picoctf.org:29835 Author: Alex Fulton/Danny Tags: Easy, Web Exploitation, picoCTF 2019 Challenge from: picoCTF 2019 Hints: 1. Never trust the client
Theory
According to the description, to get the flag we have to find some way of breaking a password portal or something like that, so we'll look through the code of the site with view source (accessible through Ctrl+U) and see if that gives us a hint about how to get the flag or whatever.
Solution
So we'll open the website:
Looks like it's a password checker of some sort, let's go to the view source by pressing Ctrl+U or right click, to see if gives us a clue like I mentioned in theory:
Alright, that's interesting how the password for is being checked, the input gets split every 4 characters and then is all checked every group of 4 characters in a weird order. So let's grab all these and use the multiplicators they have to put them in the correct order:
checkpass.substring(0, split) == 'pico'
checkpass.substring(split, split*2) == 'CTF{'
checkpass.substring(split*2, split*3) == 'no_c'
checkpass.substring(split*3, split*4) == 'lien'
checkpass.substring(split*4, split*5) == 'ts_p'
checkpass.substring(split*5, split*6) == 'lz_7'
checkpass.substring(split*6, split*7) == '723c'
checkpass.substring(split*7, split*8) == 'e}'
Let's clean up the parts of the code we don't need:
pico
CTF{
no_c
lien
ts_p
lz_7
723c
e}
If we join all of these we get the flag, and we can check it with the password checker in the website, so that we can see if it's really correct:
So yeah, the flag is:
picoCTF{no_clients_plz_7723ce}
There we go! That's the flag.
I rated this level as "good"! :3
https://play.picoctf.org/practice/challenge/66