CTF, Wargame,

CTF Hack.lu: Mini Zombie Business (+100pt) write-up


We got to make some business with our zombie in https://ctf.fluxfingers.net:2076/mini/. There’s a zombie image and at first look we get some data encoded on it.

		<form/name="a"/data-a="Fcabdux ehiktgmaj:nopylqrsvf_wz(&quot;){}.?L="></form>

There is a <script> tag with several unescape functions and after convert it from url-encode and unicode text we get:

{a=document.a.dataset.a;s=a[27] a[5] a[18] a[1] a[12] a[10] a[19] a[18] a[7] a[4] a[2] a[27] a[5] a[23] a[31] a[33] a[34] a[10] a[27] a[31] a[20] a[24] a[19] a[14] a[20] a[12] a[31] a[32] a[38] a[8] a[12] a[25] a[7] a[8]

a[2] a[12] a[7] a[25] a[19] a[14] a[8] a[7] a[36] a[36] a[36] a[37] a[32] a[33] a[39] a[39] a[32];flag=a[0] a[22] a[2] a[13] a[17] a[7] a[12] a[2] a[25] a[12] a[21] a[28] a[9] a[5] a[14] a[2] a[18] a[25] a[28] a[2] a[22] 

a[22] a[28] a[4] a[2] a[21] a[28] a[8] a[24] a[24] a[21] a[28] a[4] a[2] a[21];x=a[12] a[2] a[25] a[12] a[21] a[7] a[3] a[24] a[2] a[10] a[18] 

a[30];arguments[1*0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0x00000001-0x00001].dataset.a=s x 

'\x22)\x61\x6c\x65\x72\x74\x28\x22' flag unescape('\x25\x32\x32\x25\x32\x39\x25\x33\x42\x25\x32\x30\x25\x37\x44\x25\x33\x42')})


So,after a little analysis we get the prompt:

function dafuq(){if(prompt("Lets eat some ...?")=="tasty brainz")alert("Flag: tasty_humans_all_day_erry_day"); };

Answer with «tasty brainz» and get the token  tasty_humans_all_day_erry_day

token:  tasty_humans_all_day_erry_day











No hay contenido relacionado