Tags: web
Rating:
## 10 - Central Savings Account - Web
> Written by evanyeyeye
>
> I seem to have forgotten the password for my savings account. What am I gonna do?
>
> The flag is not in standard flag format.
By seeing the source of https://central_savings_account.tjctf.org/, we can see a static JS file: `main.js`.
Where there is a lot of useless stuff and finally:
```javascript
$(document).ready(function() {
$("#login-form").submit(function() {
if (md5($("#password").val()).toLowerCase() === "698967f805dea9ea073d188d73ab7390") {
$("html").html("<h1>Login Succeeded!</h1>");
}
else {
$("html").html("<h1>Login Failed!</h1>");
}
})
});
```
I just used https://crackstation.net/ to break the md5 hash, the result is `avalon`.
