Ancient History
I must have been sleep hacking or something, I don't remember visiting all of these sites... http://mercury.picoctf.net:45211/ (try a couple different browsers if it's not working right)
- 1.Visiting the website just shows "Hello World!", but viewing the source shows a lot of obfuscated JavaScript.
- 2.The browser history shows that the JavaScript performs some redirects where the URL parameter is a single character of the flag.
- 3.The issue is that visits to a page with the same character as the parameter are collapsed on the history page of modern browsers. So, let's try deobfuscating the code using JSNice.
- 4.Interestingly, the actual changes to the history (
window.history.pushState
) are made in the clear. Therefore, the obscuration is a meaningless distraction. - 5.Let's search the page HTML using a regular expression
urlpath:.\/index\.html\?.
and then combine the last character of all matches using a Python script.
picoCTF{th4ts_k1nd4_n34t_0b0a1adf}
Last modified 6mo ago