Featured image of post Rootcon CTF 2019 | Kahl Dereta Write Up
Capture the Flag

Rootcon CTF 2019 | Kahl Dereta Write Up

The First Time CTF Experience with Jonelle H. Castañeda and Aeruc Maquilang was Really Good! Hats off to Pwn De Manila for Organizing this awesome Capture the Flag at Rootcon 13.

Kahl Dereta (200)

By visiting the provided IP Address you will see this.

Kalderetaaa 2

So weird

I decided to bruteforce the directory using Dirsearch

Kalderetaaa 3

That “admin.html” is interesting. Lets go Check it!

Kalderetaaa 4

Super Secret Login Page

You will be greeted by a Login Page asking for Username and Password, Lets Check the Source Code.

Kalderetaaa 5

The code in Line 18 Looks like JSFuck, Lets immediately search google for a JSFuck Decoder.

Kalderetaaa 6

JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to write and execute code.

The decoded code above shows the username and the password, Once the correct credentials are provided we will be redirected to a web page.

Kalderetaaa 7

Alright! We got our Flag!

Congratulations Team G3{God’s Gift to Girls} for winning this year’s ROOTCON 13 CTF! also to the other team’s who did their best! See You all Next Year!

© 2022 Ctulhu | Bug Bounty and Security Research
ctulhu.me | Christian Niel Angel
Built with Hugo
Theme Stack designed by Jimmy