The CyberHeroes CTF challenge introduces a simple web application where the goal is to bypass the login page and retrieve a hidden flag. Rather than using valid credentials, the task involves examining how the login process works and identifying weaknesses that can be exploited. By testing the application and observing its responses, it becomes possible to find a way past the authentication and access the flag.
Step 1: Accessing the URL
Start by launching the AttackBox environment and click "Start Machine" to initialise the target. Once the machine has fully loaded, a URL will be provided. This link directs you to the web application used in the challenge, so it is important to keep a copy of it for easy access throughout the task.
Then, copy and paste the URL into the VM's browser, and you should see the landing page of the application.
Step 2: Opening the Login Form
From the landing page, click the hamburger icon in the top-right corner. This will open a navigation panel on the left-hand side. From there, select the "Log in" option to bring up the login form.
The log in pop up will be shown as below.
Step 3: Beginning the Attack
The next step is to examine how the login process is handled by the application. To do this, right-click anywhere on the page and select the "View page source" option to open the source code. Once the code is displayed, locate the <script> section, where the client-side logic is defined. Within this section, you should be able to identify a function related to authentication, often named authenticate, which controls how the login credentials are processed.
Step 4: Testing the Discovered Credentials
Next, copy the values assigned to uname and pass from the source code and enter them into the login form. After submitting the credentials, you will find that the login attempt is unsuccessful, indicating that these values alone are not sufficient to bypass the authentication.
Step 5: Reversing the Logic
At this point, the credentials taken directly from the source code do not work, so the next step is to analyse the logic more closely. By reviewing the authenticate function, it becomes clear that the input is being handled in a reversed manner. Instead of using the values as they appear, try reversing the username and password before entering them into the login form.
Once submitted, this should grant access to the application. You can then retrieve the flag and complete the challenge.
Conclusion
This challenge demonstrates how simple weaknesses in client-side code can be used to bypass authentication. By inspecting the page source and analysing the JavaScript logic, it was possible to understand how the login mechanism worked and identify a flaw in how the credentials were handled. The task highlights the importance of not relying on client-side validation for security, as it can be easily examined and manipulated. Overall, the exercise provides a clear example of how basic analysis and careful testing can lead to a successful compromise of a web application.