Web Exploitation
dont-use-client-side
from the title of the challenge, I could know that the exploit is most likely on the client side, which is the web page of the challenge.
After open the web page provided in the description, it’s a simple login form asking for a credential. Since it’s a web page, I open dev tool in Chrome to look at the source.
And then, I discoverd the following JS code. The js is to valid the string input from the form. and valid the string by spliting the string. So just append the string together would be the flag I need(at the order of the splitting).
function verify() {
checkpass = document.getElementById("pass").value;
split = 4;
if (checkpass.substring(0, split) == 'pico') {
if (checkpass.substring(split*6, split*7) == '723c') {
if (checkpass.substring(split, split*2) == 'CTF{') {
if (checkpass.substring(split*4, split*5) == 'ts_p') {
if (checkpass.substring(split*3, split*4) == 'lien') {
if (checkpass.substring(split*5, split*6) == 'lz_7') {
if (checkpass.substring(split*2, split*3) == 'no_c') {
if (checkpass.substring(split*7, split*8) == 'e}') {
alert("Password Verified")
}
}
}
}
}
}
}
}
else {
alert("Incorrect password");
}
}
the flag is picoCTF{no_clients_plz_7723ce}
(the reassemble of the flag could be done by a simple program, but it’s just very short string, I just glued it together by hand).
继续阅读 →