Cyber Talents Practice Challenges Write Up

Cyber Talents Practice Challenges Write Up

Over the past few months I have enjoyed playing around Cyber Talents

This is the first of upcoming write up posts for the challenges I’ve solved

Web Security: Admin has the power

Challenge link: http://35.193.45.56/adminpower/

I opened the link, at the first glance it seemed like the challenge is some kind of authentication bypass

after checking the source code I noticed the following 😀

I used the the credentials from the source code to login and I got the following message

I used the network tab in the Developer tools in Firefox to check the request/response headers and found that the cookie now has role=support

I tried to change it to admin and send the request again and voila

flag: hiadminyouhavethepower

Web Security: This is Sparta

Challenge link: http://35.193.45.56/sparta/

checking the source code I found this script

var _0xae5b=["\x76\x61\x6C\x75\x65","\x75\x73\x65\x72","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x70\x61\x73\x73","\x43\x79\x62\x65\x72\x2d\x54\x61\x6c\x65\x6e\x74","\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x43\x6F\x6E\x67\x72\x61\x74\x7A\x20\x0A\x0A","\x77\x72\x6F\x6E\x67\x20\x50\x61\x73\x73\x77\x6F\x72\x64"];function check(){var _0xeb80x2=document[_0xae5b[2]](_0xae5b[1])[_0xae5b[0]];var _0xeb80x3=document[_0xae5b[2]](_0xae5b[3])[_0xae5b[0]];if(_0xeb80x2==_0xae5b[4]&&_0xeb80x3==_0xae5b[4]){alert(_0xae5b[5]);} else {alert(_0xae5b[6]);}}
examining the script I found an array that has 6 hex encoded elements
I used this online tool to decode the script to the following

var _0xae5b=[“value”,”user”,”getElementById”,”pass”,”Cyber-Talent”,” Congratz

“,”wrong Password”];function check(){var _0xeb80x2=document[_0xae5b[2]](_0xae5b[1])[_0xae5b[0]];var _0xeb80x3=document[_0xae5b[2]](_0xae5b[3])[_0xae5b[0]];if(_0xeb80x2==_0xae5b[4]&&_0xeb80x3==_0xae5b[4]){alert(_0xae5b[5]);} else {alert(_0xae5b[6]);}}

Inspecting the code I found that I should use “Cyber-Talent” for both the username and password.

When I tried it I got the following message 😀


FLAG: {J4V4_Scr1Pt_1S_Aw3s0me}