picoCTF2018 – Web – Client side is still bad Objective : I forgot my password again, but this time there doesn't seem to be a reset, can you help me? http://2018shell.picoctf.com:8249 (link [1] ) Solution : Looked at the HTML code and found this interesting bit function verify() { checkpass = document.getElementById("pass").value; split = 4; if (checkpass.substring(split*7, split*8) == '}') { if (checkpass.substring(split*6, split*7) == '17e9') { if (checkpass.substring(split*5, split*6) == 'd_91') { if (checkpass.substring(split*4, split*5) == 's_ba') { if (checkpass.substring(split*3, split*4) == 'nt_i') { if (checkpass.substring(split*2, split*3) == 'clie') { if (checkpass.substring(split, split*2) == 'CTF{') { if (checkpass.substring(0,split) == 'pico')
@circusmonkey404 on the twitters; DM for contact