WPICTF 2020
Description: Writeups of stuff that I solved for WPICTF
danger-Live-and-Malicious-Code
Question
Like the title says, this challenge is dangerous and contains live malware.
The malicious code:
var a = ['ps:','cte','5df','se_','toS','ing','tri','sub','lac','ryt','d}.','cod','pro','_no','ran','ing','dom','str','ete','rep'];function abc(def) {
popupWindow = window.open( def,'popUpWindow','height=666,width=666,left=666,top=666') }(function(c, d) {var e = function(f) {while (--f) {c['push'](c['shift']());}};e(++d);}(a, 0xa8));var b = function(c, d) {c = c - 0x0;var e = a[c];return e;};var c = 'htt' + b('0xc') + '//t' + b('0x1') + b('0xe') + 'xc-' + 'rWP' + 'I';var d = '{Oh' + b('0x5') + b('0xf') + b('0x4') + b('0x3') + b('0x7') + '_d';var e = b('0xa') + b('0xd') + b('0x2') + 'net' + '/';var f = Math[b('0x6') +
b('0x8')]()[b('0x10') + b('0x12') + 'ng'](0x6)[b('0x13') + b('0x9') + b('0x11')](0x2, 0xf) + Math['ran' + 'dom']()[b('0x10') + b('0x12') + 'ng'](0x10)[b('0x13') + b('0x9') + b('0x11')](0x2, 0xf);var g = Math['ran' + 'dom']()[b('0x10') +
b('0x12') + 'ng'](0x24)[b('0x13') + b('0x9') + b('0x11')](0x2, 0xf) + Math[b('0x6') + b('0x8')]()['toS' + b('0x12') + 'ng'](0x24)[b('0x13') + b('0x9') + b('0x11')](0x2, 0xf);/*location[b('0xb') + b('0x0') + 'e'](c + d + e + '?' + f + '=' + g);*/for(var i=1;i===i;i++){abc(self.location,'_blank');}
What I did:
So I had to first of all, beautify the code, so that I could make any sense out of it.
That’s what I did. Beautified code:
var a = ['ps:', 'cte', '5df', 'se_', 'toS', 'ing', 'tri', 'sub', 'lac', 'ryt', 'd}.', 'cod', 'pro', '_no', 'ran', 'ing', 'dom', 'str', 'ete', 'rep'];
function abc(def) {
popupWindow = window.open(def, 'popUpWindow', 'height=666,width=666,left=666,top=666')
}(function(c, d) {
var e = function(f) {
while (--f) {
c['push'](c['shift']());
}
};
e(++d);
}(a, 0xa8));
var b = function(c, d) {
c = c - 0x0;
var e = a[c];
return e;
};
var c = 'htt' + b('0xc') + '//t' + b('0x1') + b('0xe') + 'xc-' + 'rWP' + 'I';
var d = '{Oh' + b('0x5') + b('0xf') + b('0x4') + b('0x3') + b('0x7') + '_d';
var e = b('0xa') + b('0xd') + b('0x2') + 'net' + '/';
var f = Math[b('0x6') + b('0x8')]()[b('0x10') + b('0x12') + 'ng'](0x6)[b('0x13') + b('0x9') + b('0x11')](0x2, 0xf) + Math['ran' + 'dom']()[b('0x10') + b('0x12') + 'ng'](0x10)[b('0x13') + b('0x9') + b('0x11')](0x2, 0xf);
var g = Math['ran' + 'dom']()[b('0x10') + b('0x12') + 'ng'](0x24)[b('0x13') + b('0x9') + b('0x11')](0x2, 0xf) + Math[b('0x6') + b('0x8')]()['toS' + b('0x12') + 'ng'](0x24)[b('0x13') + b('0x9') + b('0x11')](0x2, 0xf); /*location[b('0xb') + b('0x0') + 'e'](c + d + e + '?' + f + '=' + g);*/
for (var i = 1; i === i; i++) {
abc(self.location, '_blank');
}
Now, you don’t really need to know what’s happening behind the scenes, but you can just change the function abc to just console.log all the variables. The flag is split between c,d, and e, so that’s all you need. Just changing the code to console.log variables and changing the for loop, so that it doesn’t run forever, you can get the flag.
FLAG
WPI{Oh_nose_procoding_detected}