Image of NeverLAN CTF 2019


Solution Author:

Lucian Nitescu, as part of jmp 0xc0ffee team.


In this challenge, we were prompted with a basic login form.

As a first step, I decided to take a look at the source code of the accessed web page. On the source code of the page, I discovered multiple ajax request that can be directly accessed by any user.

Retrieving all user accounts for the application:

Retrieving the base 64 encoded password for the Dr. Whom user account:

Decoding the base64 string:

The flag is: flag{D0n't_7rus7_JS}