Beginner Web

Hey, my son Timmy made his first website. He said he hid a ‘secret’ message within different parts of the website… can you find them all? I wanna make sure he isn’t saying any swear words online. The flag is broken up into 3 parts. The parts of the flag should be concatenated in the order they are numbered and then surrounded by the standard wrapper. For example: ‘swampCTF + part1 + part2 + part3 + ’ http://chals.swampctf.com:42222/

Solution

From Source:

1
<!--Part 1 of the flag: w3b_"-->

deobfuscated main-34VY7I6V.js

1
import { Component, Inject } from '@angular/core';
2
import { CookieService } from 'ngx-cookie-service';
3
import * as CryptoJS from 'crypto-js';
4
@Component({
5
  selector: 'app-root',
6
  template: `
7
    <p>Is it Tuesday?</p>
8
    <p *ngIf="date.getDay() === 2">Yes</p>
9
    <p *ngIf="date.getDay() !== 2">No</p>
10
  `,
11
  styles: [
12
    `
13
      p {
14
        font-family: Comic Sans MS, cursive, sans-serif;
15
        font-size: 24px;
16
        color: #ff69b4;
17
        text-shadow: 2px 2px 5px yellow;
18
        background: repeating-linear-gradient(45deg, #0ff, #f0f 10%, #ff0 20%);
19
        padding: 10px;
20
        border: 5px dashed lime;
21
        transform: rotate(-5deg);
22
        animation: wiggle 0.1s infinite alternate;
23
      }
24
      @keyframes wiggle {
25
        0% { transform: rotate(-5deg); }
26
        100% { transform: rotate(5deg); }
27
      }
28
    `
29
  ]
30
})
31
export class AppComponent {
32
  date = new Date();
33
  constructor(private cookieService: CookieService) {
34
    const key = 'flagPart2_3';
35
    const encryptedFlagPart2 = 'U2FsdGVkX1/oCOrv2BF34XQbx7f34cYJ8aA71tr8cl8=';
36
    const encryptedFlagPart3 = 'U2FsdGVkX197aFEtB5VUIBcswkWs4GiFPal6425rsTU=';
37

38
    // Decrypt and set flagPart2 in a cookie
39
    const decryptedFlagPart2 = CryptoJS.AES.decrypt(encryptedFlagPart2, key).toString(CryptoJS.enc.Utf8);
40
    this.cookieService.set('flagPart2', decryptedFlagPart2, {
41
      expires: 7,
42
      path: '/',
43
      secure: true,
44
      sameSite: 'Strict'
45
    });
46

47
    // Decrypt flagPart3 and send it in a fetch request header
48
    const decryptedFlagPart3 = CryptoJS.AES.decrypt(encryptedFlagPart3, key).toString(CryptoJS.enc.Utf8);
49
    const headers = new Headers();
50
    headers.set('flagPart3', decryptedFlagPart3);
51
    fetch('/favicon.ico', { headers });
52
  }
53
}

decrypt the flags

1
const script = document.createElement('script');
2
script.src = 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js';
3
script.onload = function() {
4
    const key = 'flagPart2_3';
5
    const encryptedFlagPart2 = 'U2FsdGVkX1/oCOrv2BF34XQbx7f34cYJ8aA71tr8cl8=';
6
    const encryptedFlagPart3 = 'U2FsdGVkX197aFEtB5VUIBcswkWs4GiFPal6425rsTU=';
7

8
console.log(CryptoJS.AES.decrypt(encryptedFlagPart2, key).toString(CryptoJS.enc.Utf8));
9
    console.log(CryptoJS.AES.decrypt(encryptedFlagPart3, key).toString(CryptoJS.enc.Utf8));
10
};
11
document.head.appendChild(script);

decrypted flags:

1
Encrypted flagPart2: U2FsdGVkX1/oCOrv2BF34XQbx7f34cYJ8aA71tr8cl8=
2

3
    Decrypted: br0w53r5_4r3_
4

5
Encrypted flagPart3: U2FsdGVkX197aFEtB5VUIBcswkWs4GiFPal6425rsTU=
6

7
    Decrypted: c0mpl1c473d

Resulting flag:

swampCTF{w3b_br0w53r5_4r3_c0mpl1c473d}