aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2026-01-01 13:24:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
fa4bfa7e079db741f04033025f80a88494eee5ca
securedorg.github.io/flareon4/challenge1.md
Amanda Rousseau a3aa196a06 fixing path
2017-11-17 15:54:58 -08:00

1.7 KiB
Raw Blame History

layout, permalink, title
layout permalink title
default /flareon4/challenge1/ Challenge 1 login.html

Go Back to All Challenges

Challenge 1: login.html

Here is the contents of login.html

<!DOCTYPE Html />
<html>
    <head>
        <title>FLARE On 2017</title>
    </head>
    <body>
        <input type="text" name="flag" id="flag" value="Enter the flag" />
        <input type="button" id="prompt" value="Click to check the flag" />
        <script type="text/javascript">
            document.getElementById("prompt").onclick = function () {
                var flag = document.getElementById("flag").value;
                var rotFlag = flag.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);});
                if ("PyvragFvqrYbtvafNerRnfl@syner-ba.pbz" == rotFlag) {
                    alert("Correct flag!");
                } else {
                    alert("Incorrect flag, rot again");
                }
            }
        </script>
    </body>
</html>

What gives away the answer is the variable name rotFlag and addition c.charCodeAt(0) + 13. Rotation or ROT is an older and simple technique for hiding readable strings. It's just a simple substitution cipher commonly known as ROT13. ROT13 means the characters will rotate 13 places.

A quick solution is python's codec library for using ROT13.

import codecs
print codecs.encode('PyvragFvqrYbtvafNerRnfl@syner-ba.pbz', 'rot_13')

It's also good to note that all of flare-on challenges end in @flare-on.com this makes it easy to help you guess the output.

Next -> Challenge 2