Tags: client web login 

Rating:

# *Client Side is Still Bad*

## Information
| Points |Category | Level|
|--|--|--|
| 150 | Web Exploitation |Easy |

## Challenge
> I forgot my password again, but this time there doesn't seem to be a reset, can you help me? `http://2018shell.picoctf.com:8930` ([link](http://2018shell.picoctf.com:8930))
### Hint

> Client Side really is a bad way to do it.
## Solution

Let's open the link we got, looks like a normal site with a normal login form.
So let's dig in it, right click and choose view source page (Ctrl + U).

We are looking for something that connect to the login...
We can see a java-script that has function called "verify", and the script get variable
from an element in the page with the id "pass", so it's probably the text box we can see in the page.

the function split the text for each 4 chars and check if each sub-string is correct.
Let's connect the sub-strings and see what we can find
> picoCTF{client_is_bad_d0ebbd}

it's the same form as our flag, enter it in the login form and we can see a popup message that say:

you got the flag!

## Flag
> `picoCTF{client_is_bad_d0ebbd}`

Original writeup (https://github.com/zomry1/picoCTF_2018_Writeup/tree/master/Web%20Exploitation/Client%20Side%20is%20Still%20Bad).