Thursday, October 25, 2012

Hack.Lu CTF: Big Zombie Business Writeup

This challenge was another password prompt protected by obfuscated javascript. Click the images for an enlarged version.

1. Entering the site, we see a lovely picture of Charlie Sheen and are prompted for another password:

2. Let's check the source:

3. Once again, that looks a little long and obscure for my taste so I ran it with JavaScript Deobfuscator. Looking around for a while, I finally stumbled on a function that looks helpful:

4. Lets plug these two lines into firebug's javascript console and get our flag.

-- d1r3w0lf

No comments:

Post a Comment