iCTF 2011 challenge 15 writeup (150 points)
20 Dec 2011One of my iCTF challenges was a simple JavaScript obfuscation, a backup of the code is available here. What happens is obvious, window.alert is triggered with the message “why?”. “Why” is less obvious since the code was encoded with jjencode. There are no other visible hints.
To further look into window.alert, we can overwrite the function:
After re-running the code we see that window.alert is not being called with a String as argument, but with an object which contains the attribute:
The solution is obviously: Hackers.
FYI: Before the obfuscation the code looked like this: