หน้าเว็บ

วันเสาร์ที่ 8 พฤศจิกายน พ.ศ. 2557

picoCTF 2014: Javascrypt (Web Exploitation) Write-up

Solve:
Tyrin Robotics Lab uses a special web site to encode their secret messages. Can you determine the value of the secret key?
Hint:
You may want to learn how to use you browser's JavaScript console.
Solution:
          Because this problem is Web Exploitation, First step I just view-source with Google Chrome (Inspect Element) to find something maybe interest, I found javascript generateKey() function.


Next step, I want to see value in key variable because It is a flag (some variables are random, I think.), I go to http://jsfiddle.net/ and paste generateKey() function in Javascript tab. Add alert(key); under key variable and click "Run".


alert(key) !!!

Flag: flag_3633 (Flag maybe random)

2 ความคิดเห็น: