3. kirby
Resources + Hints
Hint: We can also hide information in images. This is called STEGANOGRAPHY
zhofrph wr OhaPDFV! krsh brx zloo ohduq pdqb frro qhz wklqjv! wkh iodj lv z3Of0ph_wr_O3ap4fv
Hint: Have you heard of ciphers?
Hqfr gn DejANIM, oe xcik waptsey ufd mabta ms. Fvr lfsg ug nsifgggiolms
Hint: More ciphers exist than just Caesar's Cipher.
Hint: We can also hide information in images. This is called STEGANOGRAPHY
Hint: What is the client versus the server?
Using the browser dev tools, you can inspect the page source and scripts that run when certain events occur (like when a user submits a form). Unfortunately, you cannot inspect or use the dev tools on chromebook, so we've provided the relevant source code below:
const ADMIN_USERNAME = "admin1234";
let PASSWORD = "welcome_" + "T0" + "_LexMACS"
function checkInput() {
// Get the value of the input
const username = document.getElementById("username").value;
const password = document.getElementById("password").value;
// Check if the given credentials are correct
if (username === ADMIN_USERNAME && password === PASSWORD) {
alert("Login successful! Here is the flag{redacted}");
} else {
alert("Invalid credentials!");
}
}
Hints: Regex looks like gibberish.
Below is the source code for this login system. Exploit it!
function matchesPattern(str) {
const pattern = /^\d{2}[a-z]{2}\d{2}codetiger$/;
return pattern.test(str);
}
function checkPassword() {
const password = document.getElementById('password').value;
if (matchesPattern(password)) {
alert("logged in successfully! SOLVED")
} else {
alert("wrong!")
}
}def str_xor(secret, key):
new_key = key
i = 0
while len(new_key) < len(secret):
new_key = new_key + key[i]
i = (i + 1) % len(key)
return "".join([chr(ord(secret_c) ^ ord(new_Key_c)) for (scret_c,new_kEy_c) in zip(secret,new_key)])
flag_enc = chr(0x0E)+chr(0x5F)+chr(0x11)+chr(0x4E)+chr(0x06)+chr(0x10)+chr(0x4F)+chr(0x46)
flag = str_xor(key='encoding')
if flag is "":
prnt('??? uhhhh bruh lol')
else:
print('wow!!!! you got the flag!!! i wonder what it is?? ' + flag)Hint: Do you know Python? How do you debug an error message?
import { Database } from 'bun:sqlite';
import express, { Request, Response } from 'express';
const app = express();
const PORT = 5000;
const http = require('http').createServer(app);
const db = new Database('db.sqlite', { readonly: true });
// db.query('create table IF NOT EXISTS users(username VARCHAR(128) PRIMARY KEY, password VARCHAR(128));').run();
// db.query("INSERT into users (username, password) values ('admin', 'REDACTED');").run();
app.get('/', (req: Request, res: Response) => {
res.send('hello world');
});
app.get('/password', (req: Request, res: Response) => {
const { username, password } = req.query;
console.log(username, password);
try {
let result = db.query(`SELECT * from users where username='${username}' AND password='${password}'`).values();
if (result.length == 1) {
return res.json({ success: true });
}
} catch (err) {
console.log(err);
}
res.json({ success: false });
});
http.listen(PORT, () => {
console.log('listening at http://localhost:' + PORT);
});Hint: This is a common basic web app exploitation. Look up SQLi and read about basic ways to exploit it.
Hint: Ron Rivest, Adi Shamir and Leonard Adleman
