

dont-use-client-side

Challenge

Can you break into this super secure portal? https://2019shell1.picoctf.com/problem/12280/ (link) or http://2019shell1.picoctf.com:12280

Solution

If you browse to the page and check the source, you'll see the following and will be able to just piece it back together.

    if (checkpass.substring(0, split) == 'pico') {
      if (checkpass.substring(split*6, split*7) == '7743') {
        if (checkpass.substring(split, split*2) == 'CTF{') {
         if (checkpass.substring(split*4, split*5) == 'ts_p') {
          if (checkpass.substring(split*3, split*4) == 'lien') {
            if (checkpass.substring(split*5, split*6) == 'lz_5') {
              if (checkpass.substring(split*2, split*3) == 'no_c') {
                if (checkpass.substring(split*7, split*8) == '1}') {
                  alert("Password Verified")

picoCTF{no_clients_plz_577431}