Points: 100
Tags: picoCTF 2023, Web Exploitation
Author: SUNDAY JACOB NWANYIM
Description:
How about trying to match a regular expression
The website is running here.
Hints:
1. Access the webpage and try to match the regular expression associated with the text field
Challenge link: https://play.picoctf.org/practice/challenge/356
The challenge name and description tells us that there are Regular expressions (RegEx) involved.
Browsing to the web site you see:
- A 'Valid Input' text
- A text input field
- A Submit button
Let's view the source of the web page and especially the send_request function
function send_request() {
let val = document.getElementById("name").value;
// ^p.....F!?
fetch(`/flag?input=${val}`)
.then(res => res.text())
.then(res => {
const res_json = JSON.parse(res);
alert(res_json.flag)
return false;
})
return false;
}The comment in the function suggests that the regular expression matching the input is ^p.....F!?.
This means that the input should
- Start with the lower letter 'p'
- Then include any 5 characters ('.' matches any character)
- Then be followed by an upper letter 'F'
- Then have an optional '!'
There are lots of different input that will match the regex above and print the flag.
These are examples of some of them:
- picoCTF
- picoCTF!
- paaaaaF
- picoCTF is fun
For additional information, please see the references below.