Rootcon CTF 2019 | Kahl Dereta Write Up

The First Time CTF Experience with Jonelle H. Castañeda and Aeruc Maquilang was Really Good! Hats off to Pwn De Manila for Organizing this awesome Capture the Flag at Rootcon 13.

Kahl Dereta (200)

By visiting the provided IP Address you will see this.

Yep, the Longer you stare the weirder it gets.

I decided to bruteforce the directory using Dirsearch

That “admin.html” is interesting. Lets go Check it!

Super Secret Login Page

You will be greeted by a Login Page asking for Username and Password.
Lets Check the Source Code.

JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to write and execute code.

The code in Line 18 Looks like JSFuck .
i immediately asked google for a JSFuck Decoder xD

The Decoded Code Above Shows the username and password, once the correct credentials are provided the participant will be redirected to a web page.

Alright! We got our Flag!

Congratulations Team G3{God’s Gift to Girls} for winning this year’s ROOTCON 13 CTF! also to the other team’s who did their best!
See You all Next Year!