Flare-on challenges 2022

# Flare-on challenges 2022 I recently stumbled across some challenges that were done sometime back this year organized by Mandiant. The challenges were in sort of CTF in which you had to find the flags. I got the challenges in my [github page](https://github.com/0x3pitom3/flare-on-2022) if you want to explore them. ## Challenge 1 - flaredle For the first challenge flaredle we are given some files that look they are a webpage. So we were given a link for which to access the challenge which can be found [here](http://flare-on.com/flaredle/) When we get into the webpage we see some sort of word puzzle. ![](https://i.imgur.com/0RKBC3Q.png) The puzzle requires 21 characters, so we can try to input some random alphabets to see what it does. ![](https://i.imgur.com/yaiEyQK.png) We see that we have an error message saying that word not in list. In the binary given there were some files given, so we try to analyze them. ![](https://i.imgur.com/1ushwpg.png) we see a script.js and words.js which are interesting. So we view them in a text editor of our choice. I prefer sublime text. We view first the script.js ![](https://i.imgur.com/BU1qjZ4.png) In the first line of the js file we see that it imports words from words.js file, so we can look at words.js file to see. ![](https://i.imgur.com/kRJk8dJ.png) We see that it is soem sort of dictionary file with random words. which are 21 characters each. We can try to input a random word in the js file to our puzzle to see what it does. ![](https://i.imgur.com/p1TY4Qw.png) So we can go and check the script.js file. In the first few line of the code, we see that: ![](https://i.imgur.com/pbaNW6f.png) The number of guesses are 6 and the word length is 21, we see also correct_guess = 57, in the last line of declaring variables, we see that there is a function: ``` let rightGuessString = WORDS[CORRECT_GUESS]; ``` On investigating that function, there are 2 parts that are really juicy. ![](https://i.imgur.com/myNjufC.png) we see that the guess string takes a string in the array rightguessstring Then we find an if statement: ![](https://i.imgur.com/kLJK2xU.png) The if statement checks whether the guess string is equal to the array rightguessstring.The rightGuess array is used in this function to determine the location of specific letters within the correct guessstring, if it does a comparison of the string enteres by user with the rightguessstring array. If equal then it will print the flag which is concatenated with '@flare-on.com'. Now in declaring variables we saw that; ``` const CORRECT_GUESS = 57; let rightGuessString = WORDS[CORRECT_GUESS]; ``` This can imply that the correct string is found in the 57th character of the array of the words.js file and note that the array starts from 0 so in this case the string is in 58th position in the words.js file, which is: ``` flareonisallaboutcats ``` We input the string in the word puzzle to see what it does. ![](https://i.imgur.com/Dgczx0c.png) We see we get the flag. That's all for this challenge.