dont-use-client-side

• Description: Can you break into this super secure portal?
• Difficulty: Easy

---

🔎 Solution

The webpage presents a password input field that displays the message Incorrect Password when an invalid value is entered.

Upon inspecting the page's source code, we find a small embedded script. This script defines a function named verify()- which validates whether the input string matches a specific pattern.

<script type="text/javascript">
  function verify() {
    checkpass = document.getElementById("pass").value;
    split = 4;
    if (checkpass.substring(0, split) == 'pico') {
      if (checkpass.substring(split*6, split*7) == 'a3c8') {
        if (checkpass.substring(split, split*2) == 'CTF{') {
         if (checkpass.substring(split*4, split*5) == 'ts_p') {
          if (checkpass.substring(split*3, split*4) == 'lien') {
            if (checkpass.substring(split*5, split*6) == 'lz_1') {
              if (checkpass.substring(split*2, split*3) == 'no_c') {
                if (checkpass.substring(split*7, split*8) == '9}') {
                  alert("Password Verified")
                  }
                }
              }
      
            }
          }
        }
      }
    }
    else {
      alert("Incorrect password");
    }
    
  }
</script>

Analyzing the script reveals that it divides the input into 8 chunks of 4 characters each (using a split value of 4), and checks them in a scrambled order: -It first ensures the string begins with pico and that the next 4 characters are "CTF{".

• The remaining chunks are verified in non-sequential order against values like "no_c", "lien", "ts_p", "lz_1", "a3c8", and "9}".

By rearranging these validated segments into their correct sequence, we reconstruct the full flag.

🚩Flag

picoCTF{no_clients_plz_1a3c89}