circusmonkey404's Security Site

Ringzer0 - Java Script - Then obfuscation is more secure Objective:  Get that Flag Solution: Ok so this is another Java Script challenge so the first thing I did was look in the source code for some java script Found it! var _0xc360=["\x76\x61\x6C","\x23\x63\x70\x61\x73\x73","\x61\x6C\x6B\x33","\x30\x32\x6C\x31","\x3F\x70\x3D","\x69\x6E\x64\x65\x78\x4F\x66","\x68\x72\x65\x66","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x27\x65\x72\x72\x6F\x72\x27\x3E\x57\x72\x6F\x6E\x67\x20\x70\x61\x73\x73\x77\x6F\x72\x64\x20\x73\x6F\x72\x72\x79\x2E\x3C\x2F\x64\x69\x76\x3E","\x68\x74\x6D\x6C","\x23\x63\x72\x65\x73\x70\x6F\x6E\x73\x65","\x63\x6C\x69\x63\x6B","\x2E\x63\x5F\x73\x75\x62\x6D\x69\x74"];$(_0xc360[12])[_0xc360[11]](function (){var _0xf382x1=$(_0xc360[1])[_0xc360[0]]();var _0xf382x2=_0xc360[2];if(_0xf382x1==_

Ringzero - Java Script - Client side validation is bad! Objective Get the flag Solution: so the first thing I did here was check the source code to see if  I could find the user/pass validation I found this section <script> // Look's like weak JavaScript auth script :) $(".c_submit").click(function(event) { event.preventDefault() var u = $("#cuser").val(); var p = $("#cpass").val(); if(u == "admin" && p == String.fromCharCode(74,97,118,97,83,99,114,105,112,116,73,115,83,101,99,117,114,101)) { if(document.location.href.indexOf("?p=") == -1) { document.location = document.location.href + "?p=" + p; } } else { $("#cresponse").html("<div class='alert alert-danger'>Wrong password sorry.</div>"); } }); </script> So here is a script that checks to see if the user name is admin and the password equals a c