Sws101_ctf4
Topic : CyberHeroes
Overview
In this challenge, we aimed to uncover a hidden flag within the source code of a login page. This task tested our ability to inspect web pages and understand JavaScript functions to reveal hidden data. The process involved accessing a vulnerable machine, inspecting its login page, and analyzing the source code to find and reverse a hidden string to reveal the flag.
Steps to Uncover the Flag
Step 1: Start the Machine
Deployed the vulnerable machine by pressing the “Start Machine” button provided within the task.
Step 2: Access the Login Page
Navigated to the URL http://<machine-ip>/login.html using the AttackBox.
Step 3: Inspect the Source Code
Opened the developer tools in the browser and inspected the source code of the login page. Found a function named authenticate which is called upon the button click.
Step 4: Analyze the authenticate Function
Located and examined the authenticate function in the source code.
- Code Snippet:
1 2 3 4
function authenticate() { var encodedString = "3d251a0cae7a3c051a1b045c23eb0bdb5edflag{"; var reversedString = ReverseString(encodedString); }
Step 5: Reverse the Encoded String
Identified the use of a ReverseString function which manipulates the encodedString.
- Code Snippet:
1 2 3
function ReverseString(str) { return str.split('').reverse().join(''); }
- Reversed String:
flag{edb0be532c540b1a150c3a7e85d2466e}
Step 6: Reveal the Flag
Reversed the encodedString manually using the ReverseString function logic.
- Flag:
flag{edb0be532c540b1a150c3a7e85d2466e}
Conclusion
This challenge demonstrated a practical application of web page inspection and JavaScript function analysis to uncover hidden information. By following a systematic approach to examine the source code and understanding the JavaScript functions, we successfully revealed the hidden flag.