The Vulnerable Space: CTF Writeup - Flare-On 2017

Wednesday, 18 October 2017

CTF Writeup - Flare-On 2017 - 01: login.html

Name - login.html
Category - Reverse Engineering
Points - 1
Binary - Download here

This year's Flare-On challenge started with a very simple RE(?) challenge, an HTML page which asks for a key.

If we look at the HTML code it becomes apparent that it uses client-side authentication:

    <!DOCTYPE Html />
    <html>
        <head>
            <title>FLARE On 2017</title>
        </head>
        <body>
            
            
            
        </body>
    </html>

The javascript takes our input, operates on it and compares it with the string PyvragFvqrYbtvafNerRnfl@syner-ba.pbz. The algorithm is easy enough to recognize: ROT13. At this point we could either use online solutions such as www.rot13.com or a simple python script such as the one below:


import codecs

print codecs.getencoder("rot-13")("PyvragFvqrYbtvafNerRnfl@syner-ba.pbz")[0]

The key is: ClientSideLoginsAreEasy@flare-on.com

The Vulnerable Space

Wednesday, 18 October 2017

CTF Writeup - Flare-On 2017 - 01: login.html

No comments:

Post a Comment