The confusion with the x's isn't cuz of the with statement. The parameter х (U+0445 or 1093) isn't the x from the English alphabet. It is a Cyrillic alphabet which only looks like it. And this input variable was never used in the code except for the last eval() which dynamically generated 'х==c(weird_string,h(х))' referring to our input х. THAT was the beauty of the challenge :P
They fooled us all lol. Btw since you didn't mention why the browser crashes, it's cuz the for loop in c() runs for a.length times and a regex doesn't have this property making it an infinite loop and crashing the browser due to memory limits. And by this they fooled us not once but TWICE! xD
This trick to use similar (or equal) looking characters is also a vuln. in Windows. (An Example here: ruclips.net/video/7syW3-zyRO8/видео.html) Kinda wondering, why javascript (and other languages as well) allow non-ansii characters to be used outside of (string) variables.
I love watching these videos. I’m at a stage in life where I kind of understand what is going on, enough to comprehend the logic expressed, but not enough to be able to try this myself.
this some next level thinking and reasoning i am just not ready for. and its scary that there are so many people that can do this and i can barely comprehend it.
Nah figuring out stuff like this takes hours and lots of trial and error, it's all just edited out here and only the final conclusions are presented. Watching a guy do "does this work? nah, how about this?" for 4 hours isn't good entertainment
@@excalibirb9204 No it's because it's insanely dynamic. The opposite of child's play. The programmer has basically no guarantees about the state of the runtime at any specific point in the program, which can make it very hard to debug.
The recent breaches at some big companies were hackers cleverly injecting 15 lines of JS. Mirai I think it was called. So I'd say it's militant enough. Enough for the FBI to have them snitch and employ them.
@@peregrinusoblivione4967 It's still pretty horrific at breaching systems. For that there really is no other reliable way bessides C/C++ and Assembly language
I just want to thank you for not taking a jab at JS. This Video was really interesting. I was torn between trying it myself first and watching your solution but I'm glad to have watched your video instead.
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine
Same here, joined for a few hours and only solved the noob question :p The argument was not an x but a homograph of x as others also mentioned and that took me a bit to figure out. Also I didn't figure out exactly why the browser hanged but it was so annoying, yet I didn't want to spend time on that. I took the same approach for decryption but heard that there was another way based on low redundancy of the internal variables (a and b). I hope I find time and motivation to look into it soon.
Basically to explain 'with' statement, you enter an object to it like: with( ) { // CODE HERE } then, basically when you call anything, it first checks the block scope if the variable exists, then, the window. Else, it tries the properties of the object you put in. So in theory, this should work. with (console) { log("Hello."); }
i is counting from 0 to the length of the cipher text 'a', right? And each character of that cipher text is addressed with a[i]. The other value (the key) that is being XORed uses b[i%b.length]. Length is 4. So b[i%4]. i modulos 4 means, the result will never be larger than 3... so 1%4 = 1 2%4 = 2 3%4 = 3 4%4 = 0 5%4 = 1 6%4 = 2 So this always references b[0], b[1], b[2], b[3], b[0], b[1], ... so it always repeats the key from the start.
This is how XOR Encryption works. If your key is smaller than your message, then the key is repeated. :) Example: xor("message", "key") ; '^' is the character for XOR Encryption in many languages. - m ^ k - e ^ e - s ^ y - s ^ k - a ^ e - g ^ y - e ^ k
Thanks for the quick reply, it helped. This was my first ever CTF and this was the first problem I attempted but was struck on it for the whole 2 days on it. Great explanation video :D
i want to appreciate ur time and dedication towards the efforts by you not related to solving the ctf but the thing not many noticed, which was the ur skills in copying and redrawing the "google capture the flag" logo as your thumbnail XD lol. Seriously how the hell did u do that, which software?
Eu não poderia simplesmente usar um depurador como GDB + engine do google e então ler os dados de "x" na memória em um ponto que ele está descriptografado?
However, there exists other "chars", which are interpreted right away and which can be used to obfuscate code, if you use them as actual non-printable "chars" (copied from the char table) instead of (what they're usually used for) as HML entities. Like the RTL mark. I use that to obfuscate source code (browser view source code, but also some IDEs), and while the code is run as it should, it does fool some RegExes used by bots (It's quite effective in anti spamming). The W3C validator, however, is not fooled, that's its only weakness. It throws an error. From Wikipedia: _"The right-to-left mark (RLM) is a non-printing character used in the computerized typesetting of bi-directional text containing mixed left-to-right scripts (such as English and Cyrillic) and right-to-left scripts (such as Persian, Arabic, Urdu, Syriac and Hebrew). "_
Back in time, using the RTL mark on email addresses was an easy way of obfuscating, because they were "reversed", when going to the email program, while still bots didn't understand it. This doesn't work anymore though, no email program will accept it today.
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine
Great video! Are there any similiar websites where you can practice JS by solving similiar tasks (I still feel I’m not ready to join CTF) ? Any recommendations are welcome.
Just wanted to let you know the point where you messed up is 14:05 . We are beginners here and don't know much, you didn't show the part at 14:05 which was the main thing from my pov.
I never got to solve this challenge because I got the length of the hash wrong. But the argument x is not x but a unicode that looks like x, that is why the scoping looks weird :)
I think the guys over at JS Safe should really have used a sha256 hash. Then there’s no need for all the anti debugging and it’s also unbreakable (given the current state of technology). Very fun challenge though!
At first I though you could just use "CTF{" xor the input string to figure out the 4 bytes, but then remembered that that part of the input is ignored.
Love you videos, i'm gradually learning more and more thanks to you ! Your explainations helps me understand the mindset behind these CTF, hopefully with more knowledge and time i'll be able to clear some CTF one day :) Cheers !
He has a video on this. Go watch his web hacking video series. also overthewire.org has very easy ctf games that teach you the basics. Code Academy is the best site out there. Learn basic HTML, then some JS, then choose between either Python or Ruby to go full into. Basic SQL helps. But the best thing you can do is learn the theory behind it all and learn how computers think.
im new to this so forgive me if this is ignorant but if you know that the password is the flag why can't you just simply console.log the password variable?
I tried to do this challenge myself, the part with the regexp object was the part I got stuck. About the with statement: `var test = {a: () => console.log("Hello local")}; var a = () => console.log("Hello world"); with (test) a();` outputs "Hello local" as it uses properties in the with statement as first lookup table instead of global scope.
You should, if you're planning for big layout sheet. CSS in HTML should be only used, if it's not bloating up the file. (The Answer of the GET Request of the Browser would be very long, even if not needed. The browser always requests the css and js seperatly)
I am going to study ICT soon and I want to work in the cybersecurity. What do you guys recommend me to learn? I guess python right? Or what else? Could someone give me some answers? Thank you, Root KN from The Netherlands
If you want to do cybersecurity, python might not be the best language to learn tbh. Actually, if this is your first language, it would be even worse. Even though python is simple to learn, it makes you develop bad habits a lot if you don't know what you're doing. Plus, it does so much things in the background for you that you might end up not really understand how everything works deeply. C might be a little too harsh and cold for a beginner, but C++ or Java are great for that. They're both still low/mid level (not meaning they're easy or bad, but that they're closer to the computer) while being understandable and very complete. Bonus, if you know Java, or C or C++, you can learn any language pretty easily because many are just derivatives of C/C++/Java
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine
I'm an outsider looking in. I tried to figure it out, but as far as I can tell "x" provides the password in hidden and obscured fashion. That of course being the main difficulty. Me having little knowledge of JS I know I would be incapable of solving for "x" assuming my assessment here is correct.
Using greek letter "look a likes" or other alphabeths as substitutes for roman letters is a well known technique for spamming purposes. Disquss had this problem for a period of time, probably because they used some reg ex operations to search for "spammy" words in english, while they wanted to allow for any language (and therefore alphabeth) to be used at the same time. Look up the UTF-8 table and see for yourself how many letters of other alphabeths are look-a-likes to roman letters. This is the hebrew letter HET: ח And this is the english n They're not the same, but they look the same. So, JS allows for non ASCII chars in function names, not sure why, but this is used to obfuscate the source code here. Digging deeper into how languages work, and recognizing, that LTR (Left to Right) is only the standard in english speaking world, you can further obfuscate the code by using *non-printable RTL mark,* which is used in for example arabic. Not sure how it works with JS, but HTML it works, I have placed a few RTL marks in my code strategically. The source code gets completely screwed up and unreadable, as it is shown reversed, but it's run and it works.
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine
The password isn't stored anywhere in the file. It has to be reverse engineered based on the encryption key and the encryption algorithm provided, but the file is full of a lot of pitfalls that can make that very difficult.
If you are a noob then there is no way you'll ever understand what's going on. You need some experience to even scratch the surface. Better try HackerRank and other similar sites for easier challenges that progressively get harder.
Oh this problem, took me so long for me to realize why adding console.log kept changing output:/ ah should've used the web debugger instead of spamming console.logs, took me i don't even know how many hours (btw try dm coll it's quite easy once you found the correct line of code)
The confusion with the x's isn't cuz of the with statement. The parameter х (U+0445 or 1093) isn't the x from the English alphabet. It is a Cyrillic alphabet which only looks like it. And this input variable was never used in the code except for the last eval() which dynamically generated 'х==c(weird_string,h(х))' referring to our input х. THAT was the beauty of the challenge :P
yeah I was fooled!
They fooled us all lol. Btw since you didn't mention why the browser crashes, it's cuz the for loop in c() runs for a.length times and a regex doesn't have this property making it an infinite loop and crashing the browser due to memory limits. And by this they fooled us not once but TWICE! xD
AHHHHHHHHH. that also explains why they wrote i!=a.length and not i
This trick to use similar (or equal) looking characters is also a vuln. in Windows. (An Example here: ruclips.net/video/7syW3-zyRO8/видео.html)
Kinda wondering, why javascript (and other languages as well) allow non-ansii characters to be used outside of (string) variables.
Oh wow such a interesting challenge, thanks for the insight
Thanks so much for the shoutout, Live Overflow! Hopefully we can do more together sometime soon. :)
hey dude, dont change avatar, people cant find you ...
Lol..10,000 followers back in the day. Good job on the almost 200,000k
@@matthewlandry1352 You have seen his face? lol he looks totally different i was socked.
whenever i feel like im getting the hang of coding i just watch one of these videos so i realize i know nothing again
sigh
I think I was the only one
he's going so fast so it's hard to understand
@@dubelan totally, especially when you are used to watch video on youtube in *1.5time X)
lmao
I love watching these videos. I’m at a stage in life where I kind of understand what is going on, enough to comprehend the logic expressed, but not enough to be able to try this myself.
this some next level thinking and reasoning i am just not ready for. and its scary that there are so many people that can do this and i can barely comprehend it.
Totally agree with you.
Just impressive
lol, so much for 3 years of CS uni
Relax. If I encounter anything even half as complex as this in a codebase I just rip it out and replace it. Fuck trying to debug horrors like this.
It's just learning a new language. Takes practice, but if there's other people that can speak it, so can you.
Nah figuring out stuff like this takes hours and lots of trial and error, it's all just edited out here and only the final conclusions are presented. Watching a guy do "does this work? nah, how about this?" for 4 hours isn't good entertainment
When C++ programmers look at Javascript code:
*wtf*
** googles some stuff **
*wtf intensifies*
tm man facts 😂
I don't get it. Is it cuz js is child's play to them?
@@excalibirb9204 No it's because it's insanely dynamic. The opposite of child's play. The programmer has basically no guarantees about the state of the runtime at any specific point in the program, which can make it very hard to debug.
True asf
@@excalibirb9204 No, the joke is that javascript can be really fuckin confusing
Wow, if you say you're a total noob I don't know what I am
He is not, just very humble...
Thanks, I guess. But it was in fact one of the easiest challenges during this CTF based on the number of solves ;)
Same lol
Maybe you just took the long way around.
mx xone me too
1:30 I don't think "JS" and "military grade" are compatible with each other
The recent breaches at some big companies were hackers cleverly injecting 15 lines of JS. Mirai I think it was called. So I'd say it's militant enough. Enough for the FBI to have them snitch and employ them.
Depends on perspective.
Military grade for the person who did NOT write that garbage.
aes-js in node.js
@@peregrinusoblivione4967 It's still pretty horrific at breaching systems. For that there really is no other reliable way bessides C/C++ and Assembly language
Btw, two "x" are in different encoding.
IDE saves the day :D
This felt like one of those de-obfuscation of pop-under videos. I loved those!
Benjamin Brady agreed we need more like those
I feel incredibly stupid.
This is impressive..who created this is just a genius
I just want to thank you for not taking a jab at JS. This Video was really interesting. I was torn between trying it myself first and watching your solution but I'm glad to have watched your video instead.
Been lurking your chan for months. Started Beginners quest on this google-ctf now. Never done this before.. Thanks for hooking me up!
lol
mean while I'm coding hello world with some hacker music in the background .
Pavan Kumar lol this cracked me up 😂
@@spidercubed9718
title hacking bank details
"Coccolino" 👈 Best music channel on RUclips, perfect for coding/programming/hacking...
Thank me later.
Lolz
I don't have a clue what I've just watched but it was interesting and a pleasure to watch , you are a clever dude .
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit
contact via:::::WHATSAPP>>> wa.me/17472081186
remember a stitch in time saves nine
Same here, joined for a few hours and only solved the noob question :p The argument was not an x but a homograph of x as others also mentioned and that took me a bit to figure out. Also I didn't figure out exactly why the browser hanged but it was so annoying, yet I didn't want to spend time on that. I took the same approach for decryption but heard that there was another way based on low redundancy of the internal variables (a and b). I hope I find time and motivation to look into it soon.
I don't know any programming language but love to watch this ;)
You sir said you were a noob at this, then I should be an insect lol
I simply love this channel. Hits just my level of programming skills
I love you videos and im kinda binge watching them
keep up the good work!
awesome, thanks!
Basically to explain 'with' statement, you enter an object to it like:
with( ) {
// CODE HERE
}
then, basically when you call anything, it first checks the block scope if the variable exists, then, the window. Else, it tries the properties of the object you put in. So in theory, this should work.
with (console) {
log("Hello.");
}
Awesome video! I really enjoy your writeup's video because they are so inspiring, detailed and actually enjoyable to watch!
13:21 'obviously always repeated'
Can someone please help me in understanding why the 4 byte is being repeated in its use in function c?
i is counting from 0 to the length of the cipher text 'a', right? And each character of that cipher text is addressed with a[i].
The other value (the key) that is being XORed uses b[i%b.length]. Length is 4. So b[i%4].
i modulos 4 means, the result will never be larger than 3... so
1%4 = 1
2%4 = 2
3%4 = 3
4%4 = 0
5%4 = 1
6%4 = 2
So this always references b[0], b[1], b[2], b[3], b[0], b[1], ... so it always repeats the key from the start.
This is how XOR Encryption works.
If your key is smaller than your message, then the key is repeated. :)
Example:
xor("message", "key") ; '^' is the character for XOR Encryption in many languages.
- m ^ k
- e ^ e
- s ^ y
- s ^ k
- a ^ e
- g ^ y
- e ^ k
Thanks for the quick reply, it helped. This was my first ever CTF and this was the first problem I attempted but was struck on it for the whole 2 days on it. Great explanation video :D
Thanks for the quick explanation, I'll be reading more about this :D
i want to appreciate ur time and dedication towards the efforts by you not related to solving the ctf but the thing not many noticed, which was the ur skills in copying and redrawing the "google capture the flag" logo as your thumbnail XD lol. Seriously how the hell did u do that, which software?
*The with statement makes it hard for the interpreter to understand how to interpret it* (or something) lmao
Number 1 reading for the next few weeks.
Great video and great challenge too! Spent quite a few hours before beating it!
Eu não poderia simplesmente usar um depurador como GDB + engine do google e então ler os dados de "x" na memória em um ponto que ele está descriptografado?
This was kind of hard to follow but also easy to understand. Where have you been all my life? Shit, I guess I'm hunting for flags now.
Wowwww. You're pretty good at this! Keep it up with the videos
JS: 'with'
MDN: Not even who made this function knows, may be a sentient function
SCP: Hold my containment
The "x" password variable is actually cyrillic small letter (u0445)
However, there exists other "chars", which are interpreted right away and which can be used to obfuscate code, if you use them as actual non-printable "chars" (copied from the char table) instead of (what they're usually used for) as HML entities. Like the RTL mark. I use that to obfuscate source code (browser view source code, but also some IDEs), and while the code is run as it should, it does fool some RegExes used by bots (It's quite effective in anti spamming). The W3C validator, however, is not fooled, that's its only weakness. It throws an error.
From Wikipedia:
_"The right-to-left mark (RLM) is a non-printing character used in the computerized typesetting of bi-directional text containing mixed left-to-right scripts (such as English and Cyrillic) and right-to-left scripts (such as Persian, Arabic, Urdu, Syriac and Hebrew). "_
Back in time, using the RTL mark on email addresses was an easy way of obfuscating, because they were "reversed", when going to the email program, while still bots didn't understand it. This doesn't work anymore though, no email program will accept it today.
i srsly dont understand shit about this but its really cool man keep up the good work
This is highly entertaining to watch
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit
contact via:::::WHATSAPP>>> wa.me/17472081186
remember a stitch in time saves nine
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit
contact via:::::WHATSAPP>>> wa.me/17472081186
remember a stitch in time saves nine
John Hammond is such cool guy!
Great to see a writeup on this once since I participated :)
can you upload a video when a ctf starts? I always miss them
Ritoban Roy Chowdhury thanks
Ritoban Roy ... Thanks!
Great video!
Are there any similiar websites where you can practice JS by solving similiar tasks (I still feel I’m not ready to join CTF) ?
Any recommendations are welcome.
Great question. I'm looking for a good website too.
So where I can find this website with crackmes?
How do you know when to give up and just learn a new feature and how do you know when to just carry on trying things
Just wanted to let you know the point where you messed up is 14:05 . We are beginners here and don't know much, you didn't show the part at 14:05 which was the main thing from my pov.
This one was so much fun!
I didn't understand a shit, but I loved it! I subscribed!
How do you open the source code for the html
CTRL + U
on which websites you can play ctfs without a team? looks like you have to be really into it to compete with something on ctftime.org...
I never got to solve this challenge because I got the length of the hash wrong. But the argument x is not x but a unicode that looks like x, that is why the scoping looks weird :)
I somehow didn't realize pure RE capture the flag existed until you scrolled past the challenge list
This was cool, I found it interesting that you probably even do not need to debug to pass this challenge lol
How? By opening the source in an IDE \ notepad ++ in the right configuration to notice that the x is different?
Hey, can you suggest me an IRC with teams from the current ongoing Google CTF, I would like to chat with likeminded! :)
I think the guys over at JS Safe should really have used a sha256 hash. Then there’s no need for all the anti debugging and it’s also unbreakable (given the current state of technology). Very fun challenge though!
At first I though you could just use "CTF{" xor the input string to figure out the 4 bytes, but then remembered that that part of the input is ignored.
The git link is dead
Love you videos, i'm gradually learning more and more thanks to you ! Your explainations helps me understand the mindset behind these CTF, hopefully with more knowledge and time i'll be able to clear some CTF one day :) Cheers !
Where can I learn all this stuff
Where do you start ?
.
I wanna know that too
He has a video on this. Go watch his web hacking video series. also overthewire.org has very easy ctf games that teach you the basics. Code Academy is the best site out there. Learn basic HTML, then some JS, then choose between either Python or Ruby to go full into. Basic SQL helps. But the best thing you can do is learn the theory behind it all and learn how computers think.
Also be prepared to learn hundreds of Acronyms and be able to quickly memorize long strings of numbers.
They used two different x. You know like the old greek semicolon vs semicolon joke. Whit some fonts you can even see the difference: x(х)
Awesome content as always. Cheers m8!
Time travel - 90+ solves earlier, then 60th :) nice video
thank you so much for another amazing video
I have maths exam today at 9:30 Am and I'm sitting here watching this video at 1:30 am for nothing .
These naming conventions hurt my head
h(s) looks like an Adler-32 checksum
A few hrs ago I was watching a solution in NetHack. how did I end up here?
im new to this so forgive me if this is ignorant but if you know that the password is the flag why can't you just simply console.log the password variable?
Hashing the code, that is great!
I knew this video is coming :D
I'm watching from Brazil, Congratulations on the content :D
I tried to do this challenge myself, the part with the regexp object was the part I got stuck.
About the with statement:
`var test = {a: () => console.log("Hello local")}; var a = () => console.log("Hello world"); with (test) a();`
outputs "Hello local" as it uses properties in the with statement as first lookup table instead of global scope.
Man... my mind is blown... holy smokes...
What is "foo" I've seen it used a lot as a kind of temporary/test variable
placeholder name
first part of 'bar' ;) google wikipedia to find out more :)
2:10 lol you can put css code in an html file...? i always thought you have to make a html and a css file for each leanguage.
sry for my english
You should, if you're planning for big layout sheet. CSS in HTML should be only used, if it's not bloating up the file. (The Answer of the GET Request of the Browser would be very long, even if not needed. The browser always requests the css and js seperatly)
tomaschku Oh ok.
thanks for explaining it to me :)
You can put anything in a single html file. But it is good practice to separate them but not always.
Well it's not pretty, but yes: just put it in a element.
Its cleaner if you do.
> a
b
MATH
I love this content
I am going to study ICT soon and I want to work in the cybersecurity. What do you guys recommend me to learn? I guess python right? Or what else? Could someone give me some answers?
Thank you,
Root KN from The Netherlands
If you want to do cybersecurity, python might not be the best language to learn tbh.
Actually, if this is your first language, it would be even worse.
Even though python is simple to learn, it makes you develop bad habits a lot if you don't know what you're doing. Plus, it does so much things in the background for you that you might end up not really understand how everything works deeply.
C might be a little too harsh and cold for a beginner, but C++ or Java are great for that. They're both still low/mid level (not meaning they're easy or bad, but that they're closer to the computer) while being understandable and very complete.
Bonus, if you know Java, or C or C++, you can learn any language pretty easily because many are just derivatives of C/C++/Java
@@notkamui9749 that's pretty amazing advice! Thank you very much.
@@rootkalinethunter382 No prob ! I hope you the best in your studies !
@@notkamui9749 thanks!
What debugger does he use? It's so neat I need to know Google source code is messy
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit
contact via:::::WHATSAPP>>> wa.me/17472081186
remember a stitch in time saves nine
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit
contact via:::::WHATSAPP>>> wa.me/17472081186
remember a stitch in time saves nine
Text editor?
Hey,
I'm still a n00b but I'd like to try playing CTF, does anyone know if there's anyway to find n00bs like me online and start playing ?
U don't need anyone to play with you can simply start with the beginner CTF by Google that's a decent accessible start
I'm an outsider looking in. I tried to figure it out, but as far as I can tell "x" provides the password in hidden and obscured fashion. That of course being the main difficulty. Me having little knowledge of JS I know I would be incapable of solving for "x" assuming my assessment here is correct.
Using greek letter "look a likes" or other alphabeths as substitutes for roman letters is a well known technique for spamming purposes. Disquss had this problem for a period of time, probably because they used some reg ex operations to search for "spammy" words in english, while they wanted to allow for any language (and therefore alphabeth) to be used at the same time.
Look up the UTF-8 table and see for yourself how many letters of other alphabeths are look-a-likes to roman letters.
This is the hebrew letter HET: ח
And this is the english n
They're not the same, but they look the same.
So, JS allows for non ASCII chars in function names, not sure why, but this is used to obfuscate the source code here.
Digging deeper into how languages work, and recognizing, that LTR (Left to Right) is only the standard in english speaking world, you can further obfuscate the code by using *non-printable RTL mark,* which is used in for example arabic. Not sure how it works with JS, but HTML it works, I have placed a few RTL marks in my code strategically. The source code gets completely screwed up and unreadable, as it is shown reversed, but it's run and it works.
This is so crazy cool 😱
did the other flag also work? :)
You are the best :)
No doubt u r the BEST
0:03 Lol. A photo of John Hammond from when he was a baby hacker.
You could have put a link to the challenges in the description, not just your solution...
Could you next time tell us when CTFs are starting/announced and you're participating so that we can follow along?
JoJoModding Check out ctftime.org
I wish I could analyze out the steps like you do.
'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit
contact via:::::WHATSAPP>>> wa.me/17472081186
remember a stitch in time saves nine
If you have a look at the file for this challenge now its quite different!
Maybe time to redo this one?
*Noob Alert*
Newbie here...where can I go to learn all of this stuff? Is this part of "Ethical Hacking"
Mindblow!
If password = the flag why doesn't you just do like element.innerHtml(password); to make it display what the password string is
The password isn't stored anywhere in the file. It has to be reverse engineered based on the encryption key and the encryption algorithm provided, but the file is full of a lot of pitfalls that can make that very difficult.
12:49 basically nobody in the world knows what it does 🤣🤣🤣
this is like mathmatical composition on xanax
Is Ctf challenges good practise for noobs like me? It seems fun
If you are a noob then there is no way you'll ever understand what's going on.
You need some experience to even scratch the surface.
Better try HackerRank and other similar sites for easier challenges that progressively get harder.
What is CTF?
Oh this problem, took me so long for me to realize why adding console.log kept changing output:/
ah should've used the web debugger instead of spamming console.logs, took me i don't even know how many hours
(btw try dm coll it's quite easy once you found the correct line of code)
Wired CSV is good too :)
Wieso sublime oben gecuttet?😛 Etwa keine Lizenz?😏
Bist du besoffen
didn't get it
When I actually dont understand a single word...
This just looks like my regular code
lol
Awesome !!!!