Monday, May 12, 2014

Hacktrick 2014 - KHALEESI - Web Write-up

On this challenge we were given a page with khaleesi on it :D the exact page source code:

And the image of course :D :

As you can see from the source code we were given an obfuscated javascript code. First we decoded the first array and come up with those strings:
0 Yea I know I'm so hot and that can be cause lack of attention<3
1 log
2 Oh my dragons! My beautiful dragons...
3 abcdef1234567890
4 flag
5 U2FsdGVkX1/d+AKV6nrvKw0mwepr2/LIeS0sW4EveGKEv4cinrxne8MiSUEozt3DAYt25i1u7m4=
6 setItem
7 use strict
8 Missing secret!
9 secret
10 stringify
11 encrypt
12 TripleDES
13 decrypt
14 enc
15 parse
16 prototype
17 getItem
18 localStorage
19 remove
20 removeItem
21 -
22 split
23 substring
24 hash
25 Flag:
26 get
Then we followed the code till the end, through the end you shall see some if checks and an alert using the 25th element of array which is flag! so we met the conditions necessary in the if statements and make the link like this:

and there comes the flag:

No comments:

Post a Comment