Another day, another challenge.
Today’s blog post, we’re going to solve the master challenge of level one of the PicoCTF challenge called, “Lazy Dev”.
Let’s get started.
Clicking on the challenge we see the following:
Hmm… we need to log into the application even though the login logic has not been implemented.
Clicking on the link we see:
Going back to the challenge and look at the hints we see:
Going back to the website and doing a right click, view page source we see:
Clicking this file (client.js) we see:
Looking at the first function validate(pword) we notice it’s not implemented. It’s always going to return false, with the comment – todo: implement me
Let’s view the development tools by pressing F12 on our keyboard, and then pressing F5 to refresh the page.
When we do this, we see:
Clicking on the sources we see the files that were loaded from the web page.
Looking at line 26 we see that we’re calling the make_ajax_req. Inside this function we see in line 15 checks the state change. If the state changes we’ll get the password.
How can we change the state when the login has not been implemented?
Let’s see if we can call the make_ajax_req function directly from the console.
First, let’s add a break point to line 15 in the make_ajax_req function.
Next we’ll add the following to the console:
Pressing Enter we go to the break point.
Stepping through the code multiple time we noticed that we execute line 15 of the make_ajax_req function.
Once it’s done we see there’s text that’s inputted inside the browser.
Looking at the browser we see:
We have the flag!!
Entering the flag we’ve acquired 50 points, and unlocked level 2!