<h1>angstromCTF 2016 - SuperSecure™</h1>Category: Web Score: 30<h2>Description</h2>Jason made a new SuperSecure™ website, but lost his password. It’s displayed on the admin page. Can you login?<h2>Solving the challenge</h2><span>This challenge uses client side validation, which makes life very easy for us.

</span><span>if(username == "admin" && CryptoJS.SHA256(password).toString() == "7de7b2fed84fd29656dff73bc98daef391b0480efdb0f2e3034e7598b5a412ce") {
// If they have the correct password go to the admin page.
// For extra security, the hash of the password is added into the name
window.location.href = "admin_" + CryptoJS.SHA256(password).toString() + ".html";
<span>}
</span></span><span>

</span><span>All we had to do was to add the has from the if statement, between admin_ and .html so the file name looked like this
</span><span>
admin_7de7b2fed84fd29656dff73bc98daef391b0480efdb0f2e3034e7598b5a412ce.html
</span><span>

</span>Visiting that file gave us the following message:

Thank you for using web!


 The flag required for administration is all_javascript_is_open
<span>
Flag: all_javascript_is_open</span>