CYBERTALENTS CTF : “This is Sparta” write up.

This story is about the challenge named “This is Sparta” on CYBERTALENTS.

So Let’s dive straight into the challenge. So visiting the page looks like :

Challenge Page

Hint doesn’t help much. So as always let’s take a look at the source code of the web page.

Source Code of the challenge web page

As you can see that there is some suspicious code inside <script> tags.

So let’s analyse these encoded lines. On searching for the format that they are encoded in for example \x76 or \x61 etc. I found a web tool http://ddecode.com/hexdecoder that can decode our code and give us some useful one so that we can understand it.

The code that we want to analyse is :

“var _0xae5b=[“\x76\x61\x6C\x75\x65”,”\x75\x73\x65\x72",”\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64",”\x70\x61\x73\x73",”\x43\x79\x62\x65\x72\x2d\x54\x61\x6c\x65\x6e\x74",”\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x43\x6F\x6E\x67\x72\x61\x74\x7A\x20\x0A\x0A”,”\x77\x72\x6F\x6E\x67\x20\x50\x61\x73\x73\x77\x6F\x72\x64"];function check(){var _0xeb80x2=document[_0xae5b[2]](_0xae5b[1])[_0xae5b[0]];var _0xeb80x3=document[_0xae5b[2]](_0xae5b[3])[_0xae5b[0]];if(_0xeb80x2==_0xae5b[4]&&_0xeb80x3==_0xae5b[4]){alert(_0xae5b[5]);} else {alert(_0xae5b[6]);}}”

Decoded Results

So we found the code that was encoded under the <script> tag.

Let’s analyse what the code says.

Decoded results of that code:

“var _0xae5b=[“value” , ”user” , ”getElementById” , ”pass” , ”Cyber-Talent” , ” Congratz“ , ”wrong Password”];

function check() { var _0xeb80x2=document[_0xae5b[2]](_0xae5b[1])[_0xae5b[0]];var _0xeb80x3=document[_0xae5b[2]](_0xae5b[3])[_0xae5b[0]];if(_0xeb80x2==_0xae5b[4]&&_0xeb80x3==_0xae5b[4]){alert(_0xae5b[5]);} else {alert(_0xae5b[6]);}}”

Decoded Results Explanation

var _0xeb80x2=document[_0xae5b[2]](_0xae5b[1])[_0xae5b[0]];

If we further decode this code says “_0xeb80x2” variable stands for :

“document[getElementById](user)[value]”

if we see the source code then, it corresponds to the username input tag

so _0xeb80x2 = username.

Similarly analyse the others. Lets come to the main conclusion.

We have an array with 7 elements, and I have explained in the above diagram that focus on the if condition, is the “if conditions” turns out true it displays “Congratz”. So it might give us something important or may we we can get logged in. So for the if condition to be true we can see in the above diagram we have to input our username and password both to “Cyber-Talent” and hit enter.

flag popup window

As you can see on entering the credentials as mentioned and explained above we got the flag in a pop up alert dialog box.

Thank you for reading this story.

Follow me for more updates and stories on CyberSecurity.

Avinash Pratap Singh

LinkedIn , Twitter

My Instagram Page for regular updates: hackersdad_

Thank you. See you next time.