Questcon 2023 web writeups
We get this url when we click on one of the maps ‘https[:]//questcon-cursed-treasure.chals.io/maps.php?id=e25388fde8290dc286a6164fa2d97e551b53498dcbf7bc378eb1f178'
The id parameter has a wired value, it is sha224 and its value is 1 and the other hashes on the other maps are 2 and 4 …
The 3 is missing so i used sha224sum on linux to get it’s hash and i used it as an id :3
echo -n '3' | sha224sum
4cfc3a1811fe40afa401b25ef7fa0379f1f7c1930a04f8755d678474 -‘https[:]//questcon-cursed-treasure.chals.io/maps.php?id=4cfc3a1811fe40afa401b25ef7fa0379f1f7c1930a04f8755d678474’
here i used the name from the challenge Barbossa, and i got the flag :>
Flag : QUESTCON{Th3_Pir4t3s_0f_Th3_Car1bb34n_Arr_Th3_B3st!}
Here based on the hint in the description i checked the js script, click ctrl+u to see the page source code
This seems to be the encoded flag : 81856983846779781238751669551888076488251829549839552875183487751125
let flag = "flag{Test_Flag}";
let encryptedFlag = "";
function encodeFlag() {
for (let i = 0; i < flag.length; i++) {
encryptedFlag += flag.charCodeAt(i);
}
}
encodeFlag();
document.getElementById("flag").innerHTML = encryptedFlag;This is the js code, it convert the flag characters to decimal numbers, so i wrote this script to solve the challenge
a = '81856983846779781238751669551888076488251829549839552875183487751125'
l = 48 # 48 in assci is 0
i = 0
"""
The logic behind this script is that if the first two numbers are less than
48 then it had to be 3 numbers to be an ascci alphabet, so we take the first
3 numbers and increase i by one
anything else it would be from the range of 48 - 99 which we will do normal
operation without adding one to 'i'
"""
while i < len(a) :
c = a[i:i+2]
if int(c) < l :
c = a[i:i+3]
print(chr(int(c)),end='')
i+=1
else :
c = a[i:i+2]
print(chr(int(c)),end='')
i+=2; after running the script you’ll get the flag :>
Flag : QUESTCON{W3B_3XPL0R3R_1S_4W3S0M3}
