Information#
Version#
By | Version | Comment |
---|---|---|
noraj | 1.0 | Creation |
CTF#
- Name : ABCTF 2016
- Website : http://abctf.xyz/
- Type : Online
- Format : Jeopardy - Student
- CTF Time : link
Description#
Can you somehow get the flag from [this][this] website? [this]:http://yrmyzscnvh.abctf.xyz/web2/
Solution#
- Display source code
CTRL + U
<html>
<head>
<link rel="stylesheet" href="main.css">
<link href='https://fonts.googleapis.com/css?family=Inconsolata' rel='stylesheet' type='text/css'>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.6/css/materialize.min.css">
</head>
<body>
<div class="row">
<div class="col l6 push-l3">
<center><h3 class="white-text">Web 2</h3><br></center>
</div>
</div>
<div style="margin-top: 20%" class="row">
<div class="col l4 push-l4">
<form action="." method="post">
<h5 class="white-text">Password: </h5>
<input type="password" name="password" required>
<input id="submit" type="submit" value="Submit">
</form>
</div>
</div>
<div class="row">
<div class="col l4 push-l4" id="response-wrong">
</div>
</div>
</body>
<!-- c3RvcHRoYXRqcw== -->
<script type="text/javascript" src="fade.js"></script>
</html>
- We can see a base64 string
c3RvcHRoYXRqcw==
echo -n "c3RvcHRoYXRqcw==" | base64 -d && echo ""
stopthatjs
- So use
stopthatjs
as password and then you seeHAAAAaaaaaaaa!
and the flag displayed very very shortly - Yes because there is this fade script: fade.js
$(document).ready(function(){
$("#response-wrong").fadeOut(1500);
setTimeout( function()
{
$('#response').text('HAAAAaaaaaaaa!')
$('#response').fadeOut(1500);
}, 20);
});
- So block it, for example with NoScript =>
ABCTF{no(d3)_js_is_s3cur3_dasjkhadbkjfbjfdjbfsdajfasdl}