Image of NeverLAN CTF 2019

Description:

Solution Author:

Lucian Nitescu, as part of jmp 0xc0ffee team.

Solution:

The challenge started with the following simple "console" page:

As a first step, I decided to take a look at the source code of the accessed web page. view-source:https://challenges.neverlanctf.com:1120/console.html

As you can see we have 2 different javascript functions. The what() function, which handles the password confirmation and the getThat(strg) function which handles the redirect to our "authenticated" page. In this case, we have two different approaches:

  • We access directly the 1/key.php page
  • We call the getThat(strg) function with the value 'Y'

Here it is how I obtained the flag for this challenge:

The flag is: flag{console_controls_js}