Version
| By |
Version |
Comment |
| noraj |
1.0 |
Creation |
CTF
Description
Just put in the password for the flag! Link
Solution
- Display source code
CTRL + U
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
| </html>
<html>
<head>
<link rel="stylesheet" href="main.css">
<link href='https://fonts.googleapis.com/css?family=Inconsolata' rel='stylesheet' type='text/css'>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.6/css/materialize.min.css">
</head>
<body>
<div class="row">
<div class="col l6 push-l3">
<center><h3 class="white-text">Web 1</h3><br><h3 class="white-text">Simple</h3></center>
</div>
</div>
<div style="margin-top: 20%" class="row">
<div class="col l4 push-l4">
<form action="." method="post">
<h5 class="white-text">Password: </h5>
<input type="password" name="password" required>
<input id="submit" type="submit" value="Submit">
</form>
</div>
</div>
<div class="row">
<div class="col l4 push-l4" id="response-wrong">
</div>
</div>
</body>
<script type="text/javascript" src="fade.js"></script>
</html>
|
- We get a string in comment that look like a hard-to-guess password
7xfsnj65gsklsjsdkj
- Try this password and the flag will appear
- ... but shortly because of the js:
fade.js
1
2
3
| $(document).ready(function(){
$("#response").fadeOut(2000);
});
|
- Block it with NoScript or be quick!
- Flag:
ABCTF{insp3ct3d_dat_3l3m3nt}