Home ABCTF-2016 JS Pls
Writeup
Cancel

JS Pls

Challenge Can you figure out the flag from this? Have fun ;)

1
eval(new Buffer('cHJvY2Vzcy5z [..snip..] pdCgpO30pOwo=','base64').toString());

Solution

We base64 decode and find obfuscated javascript

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
process.stdin.resume();
process.stdin.setEncoding('utf8');
console.log('Give me a flag');
process.stdin.on('data', (t) = > {
  t = t.trim();
  if (t.length === + [[ + ! + []] + [! + [] + ! + [] + ! + [] + ! + [] + ! + [] + ! + [] + ! + [] + ! + [] + ! + []]]) {

[..snip..]

     ! + []] + (!![] + []) [ + ! + []]]) [ + ! + [] + [ + []]] + (!![] + []) [ + ! + []]]) [! + [] + ! + [] + [ + []]]](! + [] + ! + [] + [ + ! + []])) {
                console.log('nice job!');
                process.exit();
              }
            }
          }
        }
      }
    }
  }
  console.log('nope!');
  process.exit();
});

looks like jsfuck or hieroglyphy

there exist poisonjs for deobfuscation javascript

deobfuscating yields:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
process.stdin.resume();
process.stdin.setEncoding('utf8');
console.log("Give me a flag");
process.stdin.on('data', function(t) {
   t = t.trim();
   t = t.split('}')[0]+'}';
   console.log(t.length);
   if (t.length == 19) {
    if (t.substr(0, 5) == "ABCTF") {console.log(t[18] == 125);
   if (t[18] == '}' && t[5] == '{') {console.log('2');
    if (t.substr(6, 4) === "node") {console.log('3');
     if (t[10] == t[13] && t[10] == '_') {console.log('4');
      if (t.substr(11, 2) == "is") {console.log('4');
       if (t.substr(14, 4) == "w4Ck"){
             console.log("nice job!");
             process.exit();
         }
       }
     }
    }
   }
  }
 }
 console.log("nope!");
 process.exit();
});

Flag

ABCTF{node_is_w4Ck}