Post

Namcon 2023 - Glasses

Glasses

Glasses is a warm-up challenge for the Nahamcon 2023 CTF by @JohnHammon#6871. It’s web based challenge and great for beginners.

Glasses Problem

After launching the webpage, we are greeted with a normal looking shipping site. Links do go where or appear to do anything.

Glasses Homepage

However, if we right click, we are given a javascript error alert.

Glasses Not Allowed

If we curl or wget the webpage, we can see the javascript function that is preventing this. Which is only blocking right mouse clicks. Rest of the html looks obfuscated.

Glasses HTML from Curl

This gives us many options, we can disable javascript in the browser. We might be able to use a multiple button mouse or other unique inputs. Or, we can select the dropdown in settings to access developer tools.

Glasses Inspect HTML

Buried in the html does appear to be a flag. After removing the styling, we get most of the flag. Replace the half symbol with curl braces, we have our flag.

Glasses flag

Another fun warm-up challenge and an easy 50 points. I liked the blocking of wget, curl and right clicking for html access. Made you think of other tools to access this data. Moving on to the next challenge.

Sources:

This post is licensed under CC BY 4.0 by the author.