PicoCTF 2018 - Client Side is Still Bad


Information

Points Category Level
150 Web Exploitation Easy

Challenge

I forgot my password again, but this time there doesn’t seem to be a reset, can you help me? http://2018shell.picoctf.com:8930 (link)

Hint

Client Side really is a bad way to do it.

Solution

Let’s open the link we got, looks like a normal site with a normal login form. So let’s dig in it, right click and choose view source page (Ctrl + U).

We are looking for something that connect to the login… We can see a java-script that has function called “verify”, and the script get variable from an element in the page with the id “pass”, so it’s probably the text box we can see in the page.

the function split the text for each 4 chars and check if each sub-string is correct. Let’s connect the sub-strings and see what we can find

picoCTF{client_is_bad_d0ebbd}

it’s the same form as our flag, enter it in the login form and we can see a popup message that say:

 you got the flag!

Flag

picoCTF{client_is_bad_d0ebbd}