Home CTFs | 404CTF_2023 | Web | Le Loup et le renard
Post
Cancel

CTFs | 404CTF_2023 | Web | Le Loup et le renard

Posted Jun 5, 2023 Updated Jun 9, 2023
By Bat
1 min read

Le Loup et le renard

image

Secret in the source code ?

This is a basic web challenge. We need to recover the flag by any means. First we arrive on the main page, we click on start and we have a form:

image

Looking at the source code, we can see the credentials in clear text in the Java Script:

image

We connect with the credentials admin:h5cf8gf2s5q7d.

Be careful with cookies

On the second part of the challenge, we have the title Cookies that give us a hint where to look for:

image

As we can see, we have a cookie isAdmin with the value False. We just need to set the value to True and press CTFL+F5 to refresh the page:

image

Handle redirections

Looking again at the source code, we can see a redirection of the GET form:

image

We go to the page /fable/partie-4-flag-final and we got the flag:

image

Note that if you didn’t click on the link from the source code but pasted it in the url, you would have been redirected (this was the challenge). You could have bypassed the redirection by intercepting the request with Burp or by using the cURL command.

So the flag is: 404CTF{N0_frOn1_3nD_auTh3nt1ficAti0n}

CTFs, 404CTF_2023, Web
Web Source Code Comments JS
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents