Inception

Censored

Go to website, view code and it seems to be obsfucated js, so i used jsnice on it, pasted the result into a local .js file then continued

Remove this and the other parts added by jsnice to make code look nicer

document.addEventListener("contextmenu", function(event) {
  event.preventDefault();
});

We can rename _0xa965 to wordlist(along with its references) to make it more readable

Now we some jsfuck code, some of you might go and try to run/decode that, but that takes too much time so just slowly run the code in the console 1 by 1 until something errors out

var _0xa965 = ["entries", "", "b", "a", "to", "name", "all", "fill", "MIN_VALUE"];
var depthInTable = a_bunch_of_jsfuck_code_here
var waitBeforeReconnect = ([][_0xa965[0]]() + _0xa965[1])[14];
waitBeforeReconnect = waitBeforeReconnect + (_0xa965[2] + _0xa965[3] + +_0xa965[3] + _0xa965[3])[2];
waitBeforeReconnect = waitBeforeReconnect + (+35)[_0xa965[4] + String[_0xa965[5]]](20)[1];
waitBeforeReconnect = waitBeforeReconnect + (+211)[_0xa965[4] + String[_0xa965[5]]](24)[1];
waitBeforeReconnect = waitBeforeReconnect + (typeof document[_0xa965[6]])[1];
waitBeforeReconnect = waitBeforeReconnect + ([false] + undefined)[10];
waitBeforeReconnect = waitBeforeReconnect + ([][_0xa965[7]] + _0xa965[1])[4];
waitBeforeReconnect = waitBeforeReconnect
var reconnectTimeIncrease = ([] == ![]) + (false == []) + (false == ![]) + (NaN === NaN) + (document[_0xa965[6]] instanceof Object) + (Number[_0xa965[8]] > 0);
waitBeforeReconnect = waitBeforeReconnect + reconnectTimeIncrease;
    depthInTable = depthInTable + waitBeforeReconnect;
depthInTable = depthInTable + waitBeforeReconnect;

If you run this snippet it should return you with a part of the flag, now clean up the code by removing the snippet and replacing it with the values you got

Next we have the eval part of the code, now the eval is only there to distract you, remove the eval and enter a newline after every ; in the code, you will be see _0xd4d0 which is an array containing lots of base64 encoded values along with _0xfd39, DontChange, user and YourAnswer

You can now clean up the code by replacing the smol obsfucated bit with easily readable code, i.e changing user to user='securesite'

Now as for _0xd4d0 we can write a simple python script to decode all values

import base64

d4d0 = base64_encoded_values
decoded = []

for data in d4d0: 
    decoded.append(base64.b64decode(data))
print(decoded)

Run with python3 dec.py > dec.txt and look through the file, from there we can find second part of flag

As for the third part, have a look at the DontChange variable and the for loop. NoobHacker some how managed to contruct this piece of code which gives us the decimal values, convert that to ascii and we have the third part of the flag

var DontChange=[66,-19,-20,36,-38,-65,6,-13,-74,-114];
var user= "securesite";
var _0xfd39=["securesite","length","charCodeAt","You have your answer","log"];
var YourAnswer=[0,0,0,0,0,0,0,0,0,0];
for(var i=0; i< DontChange.length; i++) {
    console.log(user.charCodeAt(i) - DontChange[i] - (i*10));
    // if((DontChange[i]+ YourAnswer[i]+ i* 10)!== user.charCodeAt(i)) {
    //     break
    // };
    if(i == DontChange.length- 1) {
        console.log(_0xfd39[3])
    }
};

Flag

p_ctf{INfjnity5_b3g1n5_w1th_4n_1nc3pt10n}
Home  |  /writeups/pragyanctf-2022/web/ Hugo theme modified from Yukuro's