adding challenge1

flareon4/challenge1.md

@@ -6,4 +6,45 @@ title: Challenge 1 login.html
 
 [Go Back to All Challenges](https://securedorg.github.io/flareon4)
 
-# Challenge 1: login.html #
+# Challenge 1: login.html #
+
+
+Here is the contents of **login.html**
+
+```
+<!DOCTYPE Html />
+<html>
+    <head>
+        <title>FLARE On 2017</title>
+    </head>
+    <body>
+        <input type="text" name="flag" id="flag" value="Enter the flag" />
+        <input type="button" id="prompt" value="Click to check the flag" />
+        <script type="text/javascript">
+            document.getElementById("prompt").onclick = function () {
+                var flag = document.getElementById("flag").value;
+                var rotFlag = flag.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);});
+                if ("PyvragFvqrYbtvafNerRnfl@syner-ba.pbz" == rotFlag) {
+                    alert("Correct flag!");
+                } else {
+                    alert("Incorrect flag, rot again");
+                }
+            }
+        </script>
+    </body>
+</html>
+```
+
+What gives away the answer is the variable name `rotFlag` and addition `c.charCodeAt(0) + 13`. Rotation or ROT is an older and simple technique for hiding readable strings. It's just a simple substitution cipher commonly known as ROT13. ROT13 means the characters will rotate 13 places.
+
+A quick solution is python's codec library for using ROT13.
+
+```
+import codecs
+print codecs.encode('PyvragFvqrYbtvafNerRnfl@syner-ba.pbz', 'rot_13')
+```
+
+It's also good to note that all of flare-on challenges end in **@flare-on.com** this makes it easy to help you guess the output.
+
+
+[Next -> Challenge 2](https://securedorg.github.io/flareon4/challenge2)

flareon4/flareon4.md

@@ -13,29 +13,29 @@ I wanted to make sure I participated this year since I would be coaching my inte
 
 ## Challenges ##
 
-### Challenge 1) [login.html](#) ### 
+### Challenge 1) [login.html](https://securedorg.github.io/flareon4/challenge1) ### 
 
-### Challenge 2) [IgniteMe.exe](#) ### 
+### Challenge 2) [IgniteMe.exe](https://securedorg.github.io/flareon4/challenge2) ### 
 
-### Challenge 3) [greek_to_me.exe](#) ### 
+### Challenge 3) [greek_to_me.exe](https://securedorg.github.io/flareon4/challenge3) ### 
 
-### Challenge 4) [notepad.exe](#) ### 
+### Challenge 4) [notepad.exe](https://securedorg.github.io/flareon4/challenge4) ### 
 
-### Challenge 5) [pewpewboat.exe](#) ### 
+### Challenge 5) [pewpewboat.exe](https://securedorg.github.io/flareon4/challenge5) ### 
 
-### Challenge 6) [payload.dll](#) ### 
+### Challenge 6) [payload.dll](https://securedorg.github.io/flareon4/challenge6) ### 
 
-### Challenge 7) [zsud.exe](#) ### 
+### Challenge 7) [zsud.exe](https://securedorg.github.io/flareon4/challenge7) ### 
 
-### Challenge 8) [flair.apk](#) ### 
+### Challenge 8) [flair.apk](https://securedorg.github.io/flareon4/challenge8) ### 
 
-### Challenge 9) [remorse.ino.hex](#) ### 
+### Challenge 9) [remorse.ino.hex](https://securedorg.github.io/flareon4/challenge9) ### 
 
-### Challenge 10) [shell.php](#) ### 
+### Challenge 10) [shell.php](https://securedorg.github.io/flareon4/challenge10) ### 
 
-### Challenge 11) [covfefe.exe](#) ### 
+### Challenge 11) [covfefe.exe](https://securedorg.github.io/flareon4/challenge11) ### 
 
-### Challenge 12) [missing](#) ### 
+### Challenge 12) [missing](https://securedorg.github.io/flareon4/challenge12) ###