Recently Updated
JS Pls
Challenge Can you figure out the flag from this? Have fun ;)
1
eval(new Buffer('cHJvY2Vzcy5z [..snip..] pdCgpO30pOwo=','base64').toString());
Solution
We base64 decode and find obfuscated javascript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
process.stdin.resume();
process.stdin.setEncoding('utf8');
console.log('Give me a flag');
process.stdin.on('data', (t) = > {
t = t.trim();
if (t.length === + [[ + ! + []] + [! + [] + ! + [] + ! + [] + ! + [] + ! + [] + ! + [] + ! + [] + ! + [] + ! + []]]) {
[..snip..]
! + []] + (!![] + []) [ + ! + []]]) [ + ! + [] + [ + []]] + (!![] + []) [ + ! + []]]) [! + [] + ! + [] + [ + []]]](! + [] + ! + [] + [ + ! + []])) {
console.log('nice job!');
process.exit();
}
}
}
}
}
}
}
console.log('nope!');
process.exit();
});
looks like jsfuck or hieroglyphy
there exist poisonjs for deobfuscation javascript
deobfuscating yields:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
process.stdin.resume();
process.stdin.setEncoding('utf8');
console.log("Give me a flag");
process.stdin.on('data', function(t) {
t = t.trim();
t = t.split('}')[0]+'}';
console.log(t.length);
if (t.length == 19) {
if (t.substr(0, 5) == "ABCTF") {console.log(t[18] == 125);
if (t[18] == '}' && t[5] == '{') {console.log('2');
if (t.substr(6, 4) === "node") {console.log('3');
if (t[10] == t[13] && t[10] == '_') {console.log('4');
if (t.substr(11, 2) == "is") {console.log('4');
if (t.substr(14, 4) == "w4Ck"){
console.log("nice job!");
process.exit();
}
}
}
}
}
}
}
console.log("nope!");
process.exit();
});
Flag
ABCTF{node_is_w4Ck}