Points: 150
Web Exploitation
I forgot my password again, but this time there doesn't seem to be a reset, can you help me? (link)
Client Side really is a bad way to do it.
Inspect element and piece the flag together
function verify() {
checkpass = document.getElementById("pass").value;
split = 4;
if (checkpass.substring(split * 7, split * 8) == '}') {
if (checkpass.substring(split * 6, split * 7) == 'd366') {
if (checkpass.substring(split * 5, split * 6) == 'd_3b') {
if (checkpass.substring(split * 4, split * 5) == 's_ba') {
if (checkpass.substring(split * 3, split * 4) == 'nt_i') {
if (checkpass.substring(split * 2, split * 3) == 'clie') {
if (checkpass.substring(split, split * 2) == 'CTF{') {
if (checkpass.substring(0, split) == 'pico') {
alert("You got the flag!")
}
}
}
}
}
}
}
} else {
alert("Incorrect password");
}
}picoCTF{client_is_bad_3bd366}