โHackMD
Hello guys am back again, Got a few minutes to struggle with one single ctf challenge and learned something new.
I will share with u this web challenge i was give by a friend of mine to give a push, dispite i wasn't prepared to play any CTF on sunday but i decided to help a friend of mine.
lemme go straight with to the challenge coz i dont have much discription about the challenge, but once you see it you will get the idea what the challenge wants.
The main objective with this challenge was that you were supposed to click the "I Accept" button with console disabled.
If your familia with this kind of challenge is that, sometimes they give you this kind of challenge but they dont disable console, but with this challenge you were not allowed to use console and everytime you try to access console it gives you an error.
HOW TO SOLVE THE CHALLENGE
Took me a while thinking how i can access the inspector mode or developer tool without being detected here.
NB: I tried with burp suite also but i was out of ideas then i thought i should go back to my normal browser, where i came up with a simple idea here, what if i try to go to the inspector mode again, i know it will give an error but what if i refresh the page mhmmmmmmmmm (the idea worked correct so i was right).
The first strick we managed to bypass it, here comes the other trick which can give us the flag, in order to get the flag we need to click the "I Accept" button but suddenly we can't click it easly like that.
The bad thing here i that i tried every simple trick came-up on my mind but didn't work.
IDEA: with the challenge,seems the developer within button he added addition components that will make every time we come need the button the button moves away (event listerner,touchstart and transform templates).
NB: I stucked for a while here, i googled a lot and i thought i shouldping a friend of mine who is a developer maybe he can give me a hint, actually he gave a hint and he sayed the issue here maybe will a event-listener.
With chrome is easy to see more components than in firefox and i went to chrome and with the same steps as before in firefox and finally inspected the button element and then event listener.
Found:event listener
- mousover
- touchstart
I decide to remove one after another, and went back again to click the "I accept" button i got the flag.
flag:lactf{that_button_was_definitely_not_one_of_the_terms}
