Tags: jsfuck web
Rating:
In the site there is a script, in it there is a weird function validate(){...}
We then noticed it was similer to brainfuck so we tried a brainfuck decoder and saw its not brainfuck,
then we thought it looked like JSFuck so we tried to decode it with a JSFuck decoder (https://codertab.com/jsunfuck)
and we saw it is just:
if (document.forms[0].username.value == "83fe2a837a4d4eec61bd47368d86afd6" && document.forms[0].password.value == "a3fa67479e47116a4d6439120400b057") document.location = "150484514b6eeb1d99da836d95f6671d.php"
From there its a walk in the park, we just entered the 150484514b6eeb1d99da836d95f6671d.php to the url and got the flag
full url: view-source:http://obsfication.kshackzone.com/150484514b6eeb1d99da836d95f6671d.php
flag: KCTF{0bfuscat3d_J4v4Scr1pt_aka_JSFuck}