Crack the Gate 1 - Writeups

# Crack the Gate 1 - Writeups :::info :bulb: Hint1: Developers sometimes leave notes in the code (Check code); but not always in plain text. :bulb: Hint2: A common trick is to **rotate each letter by 13** (ROT13) positions in the alphabet. ::: ## 🎉 Welcome :::info Join with host http://amiable-citadel.picoctf.net:52137/ ::: ## 👣 Step 1 :::success Check the source code, we see a weird notes. Suspect that, this is a hint. ::: ![image](https://hackmd.io/_uploads/rk8jaH3Cee.png) ## 👣 Step 2 :::success After that, we try to decrypt this encrypted code by ROT13 reminded by Hint2. Use https://gchq.github.io/CyberChef/ a powerful decrypt tool ::: ![image](https://hackmd.io/_uploads/rkNARHnAeg.png) NOTE: Jack - temporary bypass: use header "X-Dev-Access: yes" ➡️ We received a message from developer that we can bypass by use Header ## 👣 Step 3 :::success Try to login with email already given - email: ctf-player@picoctf.org - password: X-Dev-Access ::: ![image](https://hackmd.io/_uploads/By9ZbUhAll.png) :::success We got nothing ::: ![image](https://hackmd.io/_uploads/SJpDfL30eg.png) :::success Try to check with network traffic in Inspect ::: ![image](https://hackmd.io/_uploads/rkovg-pCel.png) - We see at POST that login is blocked ![image](https://hackmd.io/_uploads/HJDaxZpAge.png) - Try to resend a new request in Headers ![image](https://hackmd.io/_uploads/SJ1BbZp0gg.png) :::success Bypass successfull ::: ![image](https://hackmd.io/_uploads/H1Ua-baAge.png) - Check in Response we got a Flag ![image](https://hackmd.io/_uploads/H1EfMb60eg.png) :::danger Flag: picoCTF{brut4_f0rc4_0d39383f} :::