📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points		Out of 500 total
⭐ Difficulty	🟢 Easy	Personal Rating: 1/10
👤 Author	Alex Fulton/Danny	Profile
🎮 Solves	70.438	solve rate
📅 Date	30-01-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/17682/ (link) or http://jupiter.challenges.picoctf.org:17682

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

At first glance, there was nothing interesting, so I decided to inspect the code using ChromeDevTools:

As we can see, this is a challenge designed as a password checker. There is a verify function that checks if the correct flag is entered. Reconstructing the flag isn’t difficult. Let’s move on to the exploit.

🎯 Solution Path

Exploitation Steps

Initial setup

Once I understood how the function worked, it took parts of the flag, split into chunks of four characters, and combined them using an index, applying an offset of 4 defined by the variable split.

Exploitation

I simply took the position defined by split*number and composed the flag piece by piece. After trying to validate it, I received a valid response, and as a result, I knew that the flag was correct.

Flag capture

🛠️ Exploitation Process

Approach

The exploit extracts the flag pieces using a regex from the response of a GET request, and then assembles it using the same logic applied in the JavaScript script.

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit

💡 Key Learnings

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📊 Final Statistics

Created: 30-01-2025 • Last Modified: 30-01-2025 *Author: mH4ck3r0n3 • Team: *