flare-on 8

Flare-On 8 - credchecker

Paweł Łukasik

1 min read
Flare-On 8 - credchecker

The first task in this year competition. It is a single HTML file. Inside we can find a simple check for credentials.

function checkCreds() {
	if (username.value == "Admin" && atob(password.value) == "goldenticket") 
	{
		var key = atob(encoded_key);
		var flag = "";
		for (let i = 0; i < key.length; i++)
		{
			flag += String.fromCharCode(key.charCodeAt(i) ^ password.value.charCodeAt(i % password.value.length))
		}
		document.getElementById("banner").style.display = "none";
		document.getElementById("formdiv").style.display = "none";
		document.getElementById("message").style.display = "none";
		document.getElementById("final_flag").innerText = flag;
		document.getElementById("winner").style.display = "block";
	}
	else
	{
		document.getElementById("message").style.display = "block";
	}

We can see that the function checks if the entered username is "Admin" and the password should be equal to "goldenticket", but first it should be decoded with base64 decode - so the correct input is Z29sZGVudGlja2V0. If we provide those, we take the value of encoded_key (which is P1xNFigYIh0BGAofD1o5RSlXeRU2JiQQSSgCRAJdOw==), decode it with base 64, and the result is xor-ed, char by char, with the password input (taken before base64 decode). We can use CyberChef to do the decoding for us

And we get the flag: enter_the_funhousr@flare-on.com.