Wednesday, 18 October 2017

CTF Writeup - Flare-On 2017 - 01: login.html


  • Name - login.html
  • Category - Reverse Engineering
  • Points - 1
  • Binary - Download here

This year's Flare-On challenge started with a very simple RE(?) challenge, an HTML page which asks for a key.


If we look at the HTML code it becomes apparent that it uses client-side authentication:
    <!DOCTYPE Html />
    <html>
        <head>
            <title>FLARE On 2017</title>
        </head>
        <body>
            
            
            
        </body>
    </html>

The javascript takes our input, operates on it and compares it with the string PyvragFvqrYbtvafNerRnfl@syner-ba.pbz. The algorithm is easy enough to recognize: ROT13. At this point we could either use online solutions such as www.rot13.com or a simple python script such as the one below:

import codecs

print codecs.getencoder("rot-13")("PyvragFvqrYbtvafNerRnfl@syner-ba.pbz")[0]


The key is: ClientSideLoginsAreEasy@flare-on.com

No comments:

Post a comment