Information#
Version#
By | Version | Comment |
---|---|---|
noraj | 1.0 | Creation |
CTF#
- Name : WhiteHat Challenge 02
- Website : wargame.whitehat.vn
- Type : Online
- Format : Jeopardy
- CTF Time : link
Description#
Have you ever code JavaScript? Find flag in Website: web01.wargame.whitehat.vn.
Submit WhiteHat{sha1(flag)}
Example: flag = Hello World
sha1("Hello World") = 0a4d55a8d778e5022fab701977c5d840bbc486d0
You must submit: WhiteHat{0a4d55a8d778e5022fab701977c5d840bbc486d0}
(all hash charactera in lowercase)
Solution#
Let's check the JavaScript at: http://web01.wargame.whitehat.vn/hello.js
1 | function sayHello() { |
showFlag
can be evaluated (with the browser javascript console) to:
1 | var enco=''; |
And the if statement can be evaluated from:
1 | "="+String.fromCharCode(enco_(240))+String.fromCharCode(enco_(220))+String.fromCharCode(enco_(232))+String.fromCharCode(enco_(192))+String.fromCharCode(enco_(226))+String.fromCharCode(enco_(200))+String.fromCharCode(enco_(204))+String.fromCharCode(enco_(222-2))+String.fromCharCode(enco_(198))+"~~~~~~"+String.fromCharCode(enco2)+String.fromCharCode(enco3) |
to:
1 | =youaregod~~~~~~~! |
Because of alert("Password is "+ck.replace("=",""));
we just need to remove the =
.
Now we can generate the flag:
1 | $ printf "WhiteHat{%s}" $(printf %s 'youaregod~~~~~~~!' | sha1sum | awk '{ print $1 }') |