Skip to content

Instantly share code, notes, and snippets.

@krsoninikhil
Last active July 9, 2021 12:32
Show Gist options
  • Save krsoninikhil/13dcf96cc9a040de36e28680b23f6bc0 to your computer and use it in GitHub Desktop.
Save krsoninikhil/13dcf96cc9a040de36e28680b23f6bc0 to your computer and use it in GitHub Desktop.
Write up: Backdoor-CTF https://backdoor.sdslabs.co

Question: https://backdoor.sdslabs.co/challenges/2013-MISC-75

H4x0r once proclaimed on his posterous blog, ' Time eventually catches up with everyone , but not H4x0r. Challenge me if you can !' Time to bring him down to his Win98 world .

Here is the link

Created by: Ravi Kishore R No. of Correct Submissions: 360 Hints Console

Values in the given link changes on every reload, so the script has to be executed from browser console to avoid the cookies and all. Running the following script from the console (as soon as the page loads), will reveal the flag.

var count=1, sum=2, last_prime=2;
var p = /[1-9][1-9]+/i, s = document.getElementsByTagName("p")[0].innerHTML, n = parseInt(p.exec(s));
while(count<n){
	last_prime++;
	var b = Math.sqrt(last_prime);
	var prime=true;
	for(var i=2; i<=b; i++){
		if(last_prime%i == 0){
			prime=false;
			break;
		}
	}
	if(prime){
		count++;
		sum += last_prime;
	}
}
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
  if (this.readyState == 4 && this.status == 200) {
	  document.getElementsByTagName("p")[0].innerHTML= this.responseText;
  }
}
xhttp.open("POST", "http://hack.bckdr.in/2013-MISC-75/misc75.php", true);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.send("answer="+sum);
@STest6905
Copy link

Now this task cannot be completed ... Invalid page address ... Maybe someone still has a flag?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment