50 points
Category: Web Exploitation
Tags: #webexploitation #javascript #bookmarklet
Why search for the flag when I can make a bookmarklet to print it for me? Browse here, and find the flag!
Opening the link in a browser (in this case Firefox) and clicking in the text box labelled "Here's a bookmarklet for you to try:", copies the following bookmarklet javascript to the clipboard:
javascript:(function() {
var encryptedFlag = "àÒÆަȬëÙ£Ö�ÓÚåÛÑ¢ÕÓÉÕËÆÒÇÚËí";
var key = "picoctf";
var decryptedFlag = "";
for (var i = 0; i < encryptedFlag.length; i++) {
decryptedFlag += String.fromCharCode((encryptedFlag.charCodeAt(i) - key.charCodeAt(i % key.length) + 256) % 256);
}
alert(decryptedFlag);
})();
Creating a placeholder bookmark from any webpage, then editing the newly created bookmark URL, pasting in the above code from the clipboard.
Clicking the bookmark presents an alert with the decoded flag :
picoCTF{...........redacted.............}
Where the actual flag value has been redacted for the purposes of this write up.