PicoCTF Web Exploitation [Easy]Easy

Bookmarklet

#tutorial

Challenge Description

Solution and Analysis

To start the challenge first spawn the instance and visit the website it provides, you will get the following page

We get the js code in that page

 javascript:(function() {
            var encryptedFlag = "àÒÆÞ¦È¬ëÙ£ÖÓÚåÛÑ¢ÕÓÓÇ¡¥Ìí";
            var key = "picoctf";
            var decryptedFlag = "";
            for (var i = 0; i < encryptedFlag.length; i++) {
                decryptedFlag += String.fromCharCode((encryptedFlag.charCodeAt(i) - key.charCodeAt(i % key.length) + 256) % 256);
            }
            alert(decryptedFlag);
        })();

To get the flag just copy the code from the function() keyword till the ; and run it in the browser console as shown to get the flag