Author: Lucian Nitescu
Contest: NeverLAN CTF 2019



75 points


The challenge started with the following simple "console" page:

As a first step, I decided to take a look at the source code of the accessed web page. view-source:

As you can see we have 2 different javascript functions. The what() function, which handles the password confirmation and the getThat(strg) function which handles the redirect to our "authenticated" page. In this case, we have two different approaches:

Here it is how I obtained the flag for this challenge:

The flag is: flag{console_controls_js}