Raw Record Source

{
  "$type": "site.standard.document",
  "canonicalUrl": "https:/finxol.eu/posts/writeup-404ctf-web-fiche-js",
  "description": "Write-up for the web challenge \"Fiché JS\" @ 404CTF 2022",
  "path": "/posts/writeup-404ctf-web-fiche-js",
  "publishedAt": "2022-06-04T00:00:00.000Z",
  "site": "at://did:plc:hpmpe3pzpdtxbmvhlwrevhju/site.standard.publication/3mndozltfas27",
  "tags": [
    "writeup",
    "404ctf"
  ],
  "textContent": "404CTF\n\nThe 404CTF is a CTF organized by the Direction Générale de la Sécurité Extérieure (DGSE), Télécom SudParis and\nits association Hackademint.\nThis 2022 edition marked the double anniversary of \"the 80th anniversary of the BCRA, the secret service of the Free France and\nthe 40th anniversary of its heir, the DGSE\".\n\nDescription\n\n_This is a translation of the original description in French._\n\nAfter several months of digging into Hallebarde's past, we found an old file hosting platform that they used up until 2010.\nThat's 12 years ago now!\nSecurity practices have changed radically since then and what seemed unbreakable then may not be so at all anymore.\n\nYour move: find a way to bypass the existing protection system and recover the files still hosted on this site!\n\nAuthor : Artamis\n\nSolution\n\nAt first, we only find a page containing a number pad.\n\nFrom there, we can open our browser's developer console in order to find what is hidden behind this numpad.\n\nIn the \"Debugger\" tab, we immediately notice a javascript file named index.js.\nAfter a quick read, we realise that this is the part that controls the number pad.\n\nThere are several places that can be used to validate an entry code.\nAround line 129, there is an alternative that reacts to a key press on the keyboard.\n\nThe keyCode 13 corresponds to the enter key.\nWe can therefore set a breakpoint here by clicking on line number 129 to examine the behaviour of the confirmPin() function.\nOnce the breakpoint is set, we can simulate a validation by pressing the enter key.\n\nThe execution then halts correctly just before the confirmPin() function is called.\nWe can then do F11, or _Step Into_, which brings us to what looks like a small file.\n\nThe code check is just a simple comparison, but it is not the code that we are interested in here.\nIndeed, if the code is correct, we are redirected to a supposedly hidden page.\n\nIt is indeed on this mystery page that we find the flag, as well as the list of all the agents of Hallebarde.",
  "title": "404CTF Write-Up Fiché JS"
}