This is my first write-up on one of the Advent of CTF challenges. The goal in this challenge was to bypass authentication to obtain the flag. The Advent of CTF is a capture the flag event that features a new challenge every day until Christmas on the 25th of December. So let’s get started!
We are presented with the following login form. Upon investigating the source code we don’t see anything useful. The next step was to try random credentials to see if we got redirected, we didn’t. After that I tried some basic SQLi but it almost seemed as if the page was static, I immediately thought of maybe some JavaScript function blocking us from logging in. Let’s open up the in-browser debugger.
Upon inspecting the debugger we are then presented with this JavaScript login function. A quick explanation of the function: First of all the function takes the input that’s given in the username and password fields and saves it in the username and password variables. Then we see a variable called novi that’s equal to the string “-NOVI”.
After the declaration of some variables we are presented with a conditional statement that checks if the password that’s been entered is equal to the username and the novi variable. But we notice that the username and novi variable get passed to the btoa JavaScript function. The btoa JavaScript function basically encodes a string to Base64 format. If this conditional statement checks out we’re then being redirected to another page. This is our way in.
Since the username value didn’t matter we just entered admin for extra 1337. We then encoded the password to the username value that we entered and the value of the novi variable, and then entered it into the password field and clicked submit. Fingers crossed!
And there it is, we have bypassed authentication and can now obtain the flag to get our points. Onto the next challenge!
