Hacking Into Pizza Paradise: A CTF Journey to the Flag

Free Article Link👈

Hey everyone! This is the write-up for the first web challenge of IntigritiCTF2k24. I hope you find it insightful and helpful in your CTF journey. Let’s dive right in!

1. Initial Reconnaissance

I started the challenge by checking out the source code of the web application, but there was nothing useful there at first glance. So, I moved on to the next step.

Exploring robots.txt

A quick look at the robots.txt file revealed an interesting path: /secret.html.

Upon visiting the /secret.html page, I discovered a login panel:

2. Inspecting the Login Panel

I then checked the source code of the login panel. Here’s an interesting part of the JavaScript code responsible for password hashing:

<script>
    function hashPassword(password) {
        return CryptoJS.SHA256(password).toString();
    }

    function validate() {
        const username = document.getElementById("username").value…