2 min read ctf

[CTF] WU - Hidden ?

CTF InterCampus Ynov 2024

Difficulty Level : Easy

Challenge Category : Web

Description :

A simple, harmless page? Perhaps it is. But sometimes, what's hidden in plain sight contains well-kept secrets.

Solution Steps

Step 1: Inspect the Webpage

  • Visit the provided webpage URL.
  • Use browser DevTools to view the page’s source code.
  • Locate a referenced JavaScript file, script.js.

Step 2: Analyze the Obfuscated JavaScript

The script.js file contains the following obfuscated code:

;(function () {
  const _0x110920 =
    '73-79-68-74-126-103-54-51-101-105-120-56-102-55-119-52-113-106-98-52-118-98-105-121-113-128'
  console.log('The flag is hidden in plain sight!')
  const _0x3d696d = _0x110920
    .split('-')
    .map((_0x5468b0) => _0x5468b0.charCodeAt(0) + 3)
    .join('-')
  console.log('Encoded flag:', _0x3d696d)
  function _0x5d82c4(_0x1c9f02) {
    return _0x1c9f02
      .split('-')
      .map((_0x5468b0) => String.fromCharCode(_0x5468b0 - 3))
      .join('')
  }
  function _0x4ffc52() {
    console.log('The real flag is: FLAG{th1s_1s_4_f4k3_h1nt}')
  }
})()

Key Observations:

  • _0x110920 contains a string of numbers separated by hyphens (-), hinting at encoded data.
  • The actual flag is manipulated and can be decoded using a simple transformation.

Step 3: Simplify the Code

To decode the flag, simplify the code to focus only on the decoding logic. The cleaned-up version looks like this:

;(function () {
  const _0x110920 =
    '73-79-68-74-126-103-54-51-101-105-120-56-102-55-119-52-113-106-98-52-118-98-105-121-113-128'
  console.log('The flag is hidden in plain sight!')
  const _0x3d696d = _0x110920
      .split('-')
      .map((_0x5468b0) => String.fromCharCode(_0x5468b0 - 3))
      .join('')
  console.log(_0x3d696d)
})()

Explanation:

  1. _0x110920.split('-') splits the encoded string into an array of numbers.
  2. .map((_0x5468b0) => String.fromCharCode(_0x5468b0 - 3)) converts each number (minus 3) into its ASCII character equivalent.
  3. .join('') combines the decoded characters into the flag.

Step 4: Execute the Simplified Code

  1. Open the browser’s DevTools Console (Ctrl+Shift+I -> Console tab).
  2. Paste the simplified JavaScript code.
  3. Press Enter to execute the code.

Step 5: Output and Result

The console outputs the hidden flag:

FLAG{d30bfu5c4t1ng_1s_fvn}

Published by:

OxyHack Staff

You might also like...

13
Mar

[CTF GEMA] Cookie

1 min read
13
Mar

[CTF GEMA] 11

1 min read
13
Mar

[CTF GEMA] Android OS

1 min read
13
Mar

[CTF GEMA] TSTM3

6 min read
13
Mar

[CTF GEMA] Try Harder

3 min read