2.8 KiB
+++ author = "Maik de Kruif" title = "Novosibirsk - Chemical plant" subtitle = "Beginners Quest 1 - Google CTF" date = 2021-09-22T14:26:25+01:00 description = "A writeup for challenge 1 of the beginners quests of the Google CTF." cover = "img/writeups/google-ctf/2021/beginners-quest/1/cover.png" tags = [ "Google CTF", "Beginners Quest", "ctf", "hacking", "writeup", "web", ] categories = [ "ctf", "writeups", "hacking", ] +++
Story line
You have now investigated the chemical plant. Nothing seemed to be out of the ordinary, even though the workers acted somewhat passive, but that’s not a good enough to track. It seems like you have a new voice mail from the boss: "Hello there, AGENT! It seems like the corporation that owns the plant was informed by an anonymous source that you would arrive, and therefore they were prepared for your visit, but your colleague AGENT X has a lead in Moscow, we’ve already booked you a flight. FIRST CLASS of course. In fact if you look out of the window, you should be able to see a black car arriving now, and it will carry you to the airport. Good luck!"
Link
https://cctv-web.2021.ctfcompetition.com/
Recon
Upon opening the given link, we see a website with a password form.
When opening the source, we find the following javascript:
const checkPassword = () => {
const v = document.getElementById("password").value;
const p = Array.from(v).map((a) => 0xcafe + a.charCodeAt(0));
if (
p[0] === 52037 &&
p[6] === 52081 &&
p[5] === 52063 &&
p[1] === 52077 &&
p[9] === 52077 &&
p[10] === 52080 &&
p[4] === 52046 &&
p[3] === 52066 &&
p[8] === 52085 &&
p[7] === 52081 &&
p[2] === 52077 &&
p[11] === 52066
) {
window.location.replace(v + ".html");
} else {
alert("Wrong password!");
}
};
Solving
Let's start by analysing this script. It starts of by getting the input value, and splitting it in a list. It then uses the map()
function to add 0xCafe
to every character. So "a" would become 97 + 51966 = 52063
(97
is the ASCII value of "a"
, and 51966
is decimal for 0xCafe
).
To find the password, we only have to reverse the values given in the javascript code. To do this, I wrote a little python script:
code = {
0: 52037,
6: 52081,
5: 52063,
1: 52077,
9: 52077,
10: 52080,
4: 52046,
3: 52066,
8: 52085,
7: 52081,
2: 52077,
11: 52066,
}
password = ""
for i in range(max(code.keys()) + 1):
password += chr(code[i] - 0xCafe)
print(password)
This prints the following result: GoodPassword
.
Solution
If we enter the password (GoodPassword
), we get redirected to this page:
{{< figure src="/img/writeups/google-ctf/2021/beginners-quest/1/cctv.png" title="CCTV" >}}
Here we can find the flag in the bottom left: CTF{IJustHopeThisIsNotOnShodan}
.