2

I have come across this code in a web page from a CTF game:

function conexion() {
  var Password = "unescape(String.fromCharCode%2880%2C%20108%2C%2097%2C%20110%29):KZQWYZLOMNUWC===":

    for (i = 0; i < Password.length; i++) {
      if (Password[i].indexOf(code1) == 0) {
        var TheSplit = Password[i].split(":");
        var code1 = TheSplit[0];
        var code2 = TheSplit[1];
      }
    }
}

After working a little bit, I have deobfuscated the Password line and obtained:

unescape(String.fromCharCode(80, 108, 97, 110)):KZQWYZLOMNUWC===

which was also translated to Password = "Plan:KZQWYZLOMNUWC===";.

My first reading of the code is that code1 = Plan and code2 = KZQWYZLOMNUWC.

But this is not the correct answer. I’m also not sure how the === operates here.

May you please give me some insights?

Sebastian Simon
  • 18,263
  • 7
  • 55
  • 75
John Javascript
  • 29
  • 2
  • 1
    We need to know what `code1` is initially. Currently, this code would just do nothing (if the syntax error is fixed). – Sebastian Simon May 27 '18 at 07:12
  • Here is the context for you to understand (the code that I have posted is login.js) [link] (view-source:http://34.247.69.86/lacasadepapel/episodio1/puerta.php) [/link] – John Javascript May 27 '18 at 07:16
  • 1
    Well that function is commented, so it won’t ever do anything. The code also makes no sense. `Password` is a string, `Password[i]` would be a single character. Splitting on `:` on a single character is pretty meaningless. – Sebastian Simon May 27 '18 at 08:05
  • Thanks. You're right. It does not make sense. It's a string, not an array. I guess it's just s decoy. I will address the game differently. Thanks for clarify my doubts! – John Javascript May 27 '18 at 15:06

0 Answers0