Javascript - Obfuscation 1
Solution
Let’s visit the site’s source code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<html>
<head>
<title>Obfuscation JS</title>
<script type="text/javascript">
/* <![CDATA[ */
pass = '%63%70%61%73%62%69%65%6e%64%75%72%70%61%73%73%77%6f%72%64';
h = window.prompt('Entrez le mot de passe / Enter password');
if(h == unescape(pass)) {
alert('Password accepté, vous pouvez valider le challenge avec ce mot de passe.\nYou an validate the challenge using this pass.');
} else {
alert('Mauvais mot de passe / wrong password');
}
/* ]]> */
</script>
</head>
<body><link rel='stylesheet' property='stylesheet' id='s' type='text/css' href='/template/s.css' media='all' /><iframe id='iframe' src='https://www.root-me.org/?page=externe_header'></iframe>
</body>
</html>
Run
1
unescape(%63%70%61%73%62%69%65%6e%64%75%72%70%61%73%73%77%6f%72%64)
We will have a string:
1
cpasbiendurpassword
They said:
1
You an validate the challenge using this pass.
The flag is:
1
cpasbiendurpassword
This post is licensed under CC BY 4.0 by the author.