24th October 2021
Write-up Advent of CTF challenge 3

Write-Up Advent of CTF 3

Overview

The NOVI University Of Applied Sciences is offering an Advent CTF challenge for December 2020. The CTF is created by our community member of the Hackdewereld.nl and Chief Lecturer for Cyber Security at the NOVI University, Arjen Wiersma. If you want to participate in these CTF challenges, you can create an account on the website https://www.adventofctf.com/.

Challenge 3

  • Description: For this challenge you will, again, need to bypass the login mechanism.
  • 300 points

As always, I visited the URL of the challenge: https://03.adventofctf.com, and again I’m landing on a web page with a login form. Not so surprising because the challenge description already talked about bypassing the login.

Advent of CTF Challenge 3
https://03.adventofctf.com

The is (again) a message visible, that I do not try too hard. As I know, in that case, you have to read the source code. So, let’s read the source code.

Advent of CTF Challenge 3 source code
Source Code

In the source code, I see a reference to a Javascript file, named login.js. I checked this file, and the contents show how the username and password combination for the authentication.

function checkPass()
{
    var username = document.getElementById('username').value;
    var password = document.getElementById('password').value;

    var novi = '-NOVI';

    if (password == btoa(username + novi)) {
        window.setTimeout(function() {
            window.location.assign('inde' + 'x.php?username='+ username +'&password=' + password);
        }, 500);
    }
}

The username is being read from the HTML element with the ID username. This means that there is no database lookup and I can use every username I want. The second part shows that the password is a combination of the username and the -NOVI string. This string is being stored in the variable novi. This combination needs to be passed to the password field as a base64 encoded password. Because btoa means that the value needs to be encoded. So, for successful authentication. My username and password are as follows:

username = username
password = dXNlcm5hbWUtTk9WSQ== (username-NOVI)

I used CyberChef to encode the password to a base64 string.

Advent of CTF 3 javascript
Encode the password to a base64 encoded string

Now, I can use this username and password combination to authenticate on the login form. After the authentication I’m able to read the flag: NOVI{[email protected]}.

Advent of CTF Challenge 3 flag

Thanks for reading!

T13nn3s

I'm a cybersecurity enthusiast! I'm working as an IT Security Engineer for a company in The Netherlands. I love writing scripts and doing research and pentesting. As a big fan of Hack The Box, I share my write-ups on this blog. I'm blogging because I like to summarize my thoughts and share them with you.

View all posts by T13nn3s →

Leave a Reply

Your email address will not be published. Required fields are marked *