- Name - login.html
- Category - Reverse Engineering
- Points - 1
- Binary - Download here
This year's Flare-On challenge started with a very simple RE(?) challenge, an HTML page which asks for a key.
If we look at the HTML code it becomes apparent that it uses client-side authentication:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <!DOCTYPE Html /><html> <head> <title>FLARE On 2017</title> </head> <body> <input type="text" name="flag" id="flag" value="Enter the flag"> <input type="button" id="prompt" value="Click to check the flag"> <script type="text/javascript"> document.getElementById("prompt").onclick = function () { var flag = document.getElementById("flag").value; var rotFlag = flag.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);}); if ("PyvragFvqrYbtvafNerRnfl@syner-ba.pbz" == rotFlag) { alert("Correct flag!"); } else { alert("Incorrect flag, rot again"); } } </script> </body></html> |
The javascript takes our input, operates on it and compares it with the string PyvragFvqrYbtvafNerRnfl@syner-ba.pbz. The algorithm is easy enough to recognize: ROT13. At this point we could either use online solutions such as www.rot13.com or a simple python script such as the one below:
1 2 3 | import codecsprint codecs.getencoder("rot-13")("PyvragFvqrYbtvafNerRnfl@syner-ba.pbz")[0] |
The key is: ClientSideLoginsAreEasy@flare-on.com
No comments:
Post a Comment