Skip to main content
  1. Security/

Rootcon CTF 2019 | Kahl Dereta Write Up

·1 min· loading · loading ·
rootcon Capture The Flag
Christian Angel
Christian Angel
The First Time CTF Experience with Jonelle H. Castañeda and Aeruc Maquilang was Really Good! Hats off to Pwn De Manila for Organizing this awesome Capture the Flag at Rootcon 13.

Kahl Dereta (200)

By visiting the provided IP Address you will see this.



I decided to bruteforce the directory using Dirsearch


That “admin.html” is interesting. Lets go Check it!


Super Secret Login Page

You will be greeted by a Login Page asking for Username and Password, Lets Check the Source Code.


The code in Line 18 Looks like JSFuck, Lets immediately search google for a JSFuck Decoder.


JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to write and execute code.

The decoded code above shows the username and the password, Once the correct credentials are provided we will be redirected to a web page.


Alright! We got our Flag!

Congratulations Team G3{God’s Gift to Girls} for winning this year’s ROOTCON 13 CTF! also to the other team’s who did their best! See You all Next Year!