Tags: password regex 

Rating: 4.0

# Discovery
We are given a URL: hxxp://remote2.thcon.party:10000/
It accepts a single input and "login".

# Step 1
An error message is returned
Error! The password must match the regex /thc/.

> `thc`

When providing it, we have kind of a load bar showing us we progressed.

# Step 2
Error! The password must match the regex /\d{4}/.

We need to support thc AND 4 digits.

> `thc1234`

# Step 3
Error! The password must match the regex /^\/\^/.

We must start with /^

> `/^thc1234`

# Step 4
Error! The password must match the regex /[?-?]/.

We must provide an emoji. (Replaced by ? in ctftime)

> `/^thc1234?`

# Step 5
Error! The password must match the regex /£.€.$/.

We need to finish by £.€.
The "dot" being any character

> `/^thc1234£?€.`

# Step 6
Error! The password must match the regex /^(...).+\1/.

The first 3 characters must be repeated at some point.

> `/^thc1234/^t£?€.`

# Step 7
Error! The password must match the regex /(?=[lo][ve])[co][de]/.

?= is a condition, not something that adds characters.
What it does is to check the following characters and they have to validate the regex `[lo][ve]`.
Considering that the 2 following characters validates `[co][de]` there is a single choice: oe (intersection of "lo" and "co", "ve" and "de").

> `/^thc1234oe/^t£?€.`

# Step 8
Error! The password must match the regex /(?1)(reg|ex|are|hard)(?=\1)..(?<=r.{6})\1/.

We have to choose (reg|ex|are|hard).
Once chosen, we will retrieve the same thing in \1
Trying the different options, we find that regexexex works fine.

> `/^thc1234oeregexexex/^t£?€.`

# Step 9
Error! The password must match the regex /(?<=[help])(x(?(?=-..-)(-->)|(<-)))(?(2)\2|\1)->o/.

We want something starting with x, which is preceded by `[help]`.
So we need x<-x<-->o preceded by `[help]`. Let's add it ourselves.

> `/^thc1234oeregexexex<-x<-->o/^t£?€.`

# Step 10
Error! The password must match the regex
/^.{36}$/.

We are 35 characters long, let's add anything

> `/^thc1234oeregexexex<-x<-->oa/^t£?€.`

# Step 11
Error! The password must be a valid regex.

The last character will need to be a /
> `/^thc1234oeregexexex<-x<-->oa/^t£?€/`

Then in the middle of it we already have a /, so we must escape it.
We can do so with the same number of characters by remove the random char we just added in the last step.
> `/^thc1234oeregexexex<-x<-->o\/^t£?€/`

# Step 12
Error! The password must match the regex /^thc1234oeregexexex<-x<-->o\/^t£?€/.

Our regex (aka password) should be able to match itself.
We need to think of a way to validate the previous conditions, while winning a character at least if we want to be able to do something.

We end up with: (the a is a random character)
> `/^r\/^regexexex<-x<-->oethc1234a£?€/`

We can they leverage a "or" using a pipe
> `/^r\/^regexexex<-x<-->oethc1234|£?€/`

That way we validate any String containing `£?€/`, which is the case of our own regex.

```
Successfully logged in! The flag is THCon21{emojipizza-emojibiere}
```