JavaScript
Challenge 1: Client side validation is
bad
It require username and password to
get the flag!
Will have a look on the source
code!
There is a JavaScript code on it!
Using the code above, we can identify
that the username is admin. But the password has some numerical character with
a function. Just Google it!
Go to
w3scools.com link since we can try our own script on it.
Change the script as you need.
(Change the fromCharCode function input)
Then Run it and click on Try.
You can see the output as JavaScriptIsSecure. That is the
password!
Enter the credentials and get the
Flag!
Username:
admin
Password:
JavaScriptIsSecure
JavaScript
Challenge 2: Hashing is more secure
It
require only the password.
Will have a look on the source
code!
It hashes the
password using SHA1 and compares
with another hash value. It should be a known hash value on SHA1. Let’s Google
it!
Go to the first link
hashkiller.co.uk/sha1-descrypter.aspx and decrypt the given hash. 
Yes! It’s a known
hash value and we found the password as adminz
JavaScript
Challenge 3: Then obfuscation is more
secure
It
require only the password.
Will have a look on the source
code!
It should be a hex
value. Hence Google it!
Go to the first
link https://www.rapidtables.com/convert/number/hex-to-ascii.html
and copy and paste the array value.
Now we have to
separate the values of each index on the array. To do that, just remove the
first index value on the array and convert it again. If you have a look on the
output now, val is removed. Hence, value of first index should be val. Just
find first few values on the array.
Now substitute the
values for the variables and array values.
Now it shows that
password should be the concatenation of 02l1
and alk3.
Hence, the password should be 02l1alk3
Hence, the password should be 02l1alk3
