Friday, November 14, 2014

PicoCTF 2014: Javascrypt

I've been working my way through the challenges up at PicoCTF and thought I'd do a write up on a few of them.  This one is the Javascrypt Challenge worth 40 points.

Here was the challenge:

 Tyrin Robotics Lab uses a special web site to encode their secret messages. Can you determine the value of the secret key?

The hint was:

You may want to learn how to use you browser's JavaScript console.

Naturally I completely missed the hint and did it the hard way my first time around.

The below is the page:



Viewing the source I saw the below:



Completely bypassing the console I decided because I like to do things the hard way I would reconfigure the javascript code to run in C:



This game me a value of 621 making the value answer "flag_621".

For those of you who like to do things the easy way if  you enter:

alert(key)

into the Console it will cause an alert with the value of the key to pop up when you enter a value to encrypt.





No comments:

Post a Comment