dont-use-client-side

dont-use-client-side PicoCTF Writeup

Category

Web Exploitation

Hints

Never trust the client

Solution

Here, we are faced with a simple login portal. As the title and hint cheekily warn us, it is a bad idea to store passwords on the client side of websites. By inspecting element or viewing the page source, we can clearly see that there is a script in the site's HTML that breaks down the password into sub strings. When we match the sub strings with the indices given, we get the password which is the flag. 

Flag

picoCTF{no_clients_plz_56a8eb}





See Our Last Blog : Introduction to Capture The Flag

You tube Video Below:

                                          

If you Like This Video , Share and Subscribe my Channel.

Support me by Subscribing and Sharing This Video