Version
By |
Version |
Comment |
noraj |
1.0 |
Creation |
CTF
Description
Can you somehow get the flag from [this][this] website?
[this]:http://yrmyzscnvh.abctf.xyz/web2/
Solution
- Display source code
CTRL + U
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
| <html> <head> <link rel="stylesheet" href="main.css"> <link href='https://fonts.googleapis.com/css?family=Inconsolata' rel='stylesheet' type='text/css'> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.6/css/materialize.min.css">
</head>
<body> <div class="row"> <div class="col l6 push-l3"> <center><h3 class="white-text">Web 2</h3><br></center> </div> </div> <div style="margin-top: 20%" class="row"> <div class="col l4 push-l4"> <form action="." method="post"> <h5 class="white-text">Password: </h5> <input type="password" name="password" required> <input id="submit" type="submit" value="Submit"> </form> </div> </div>
<div class="row"> <div class="col l4 push-l4" id="response-wrong"> </div> </div>
</body>
<script type="text/javascript" src="fade.js"></script>
</html>
|
- We can see a base64 string
c3RvcHRoYXRqcw==
1 2
| echo -n "c3RvcHRoYXRqcw==" | base64 -d && echo "" stopthatjs
|
- So use
stopthatjs
as password and then you see HAAAAaaaaaaaa!
and the flag displayed very very shortly
- Yes because there is this fade script:
fade.js
1 2 3 4 5 6 7 8 9 10
| $(document).ready(function(){ $("#response-wrong").fadeOut(1500);
setTimeout( function() { $('#response').text('HAAAAaaaaaaaa!') $('#response').fadeOut(1500); }, 20);
});
|
- So block it, for example with NoScript =>
ABCTF{no(d3)_js_is_s3cur3_dasjkhadbkjfbjfdjbfsdajfasdl}