Skip to main content
  1. Security/

Rootcon CTF 2019 | Kahl Dereta Write Up

·1 min· loading · loading ·
rootcon Capture The Flag
Christian Angel
Author
Christian Angel
meh
The First Time CTF Experience with Jonelle H. Castañeda and Aeruc Maquilang was Really Good! Hats off to Pwn De Manila for Organizing this awesome Capture the Flag at Rootcon 13.

Kahl Dereta (200)

By visiting the provided IP Address you will see this.

Example

Weird

I decided to bruteforce the directory using Dirsearch

Example

That “admin.html” is interesting. Lets go Check it!

Example

Super Secret Login Page

You will be greeted by a Login Page asking for Username and Password, Lets Check the Source Code.

Example

The code in Line 18 Looks like JSFuck, Lets immediately search google for a JSFuck Decoder.

Example

JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to write and execute code.

The decoded code above shows the username and the password, Once the correct credentials are provided we will be redirected to a web page.

Example

Alright! We got our Flag!

Congratulations Team G3{God’s Gift to Girls} for winning this year’s ROOTCON 13 CTF! also to the other team’s who did their best! See You all Next Year!