Challenge 4
The webpage includes a JavaScript file called guess2.js
. guess2.js
is obscured using JSFuck.
The way that JSFuck works is that it constructs a string using fucked-up JavaScript semantics, and then passes it to the eval
function.
So after all the fucked-up JavaScript expressions are evaluated, you will eventually get something like this:
eval("<your original code>")
Those two brackets over there are part of the original JSFuck as-is -- guess.js
will be some thing like:
<some expression that evalutes to eval>(<some expression that evaluates to your code>)
Now there are two ways to do this:
- You can try to isolate the expression inside those braces --
guess2.js
ends in a)
, find the opening(
for that one (you can usevim
to do this -- the%
key on vim matches braces). - You can exploit a loophole in how the code is written.
The loophole here is that the code uses jQuery (this is the <script>
included in the the <head>
of the HTML document), so if you try to eval
this code in a context where jQuery isn't available (like an online executor, or node.js), the debugger will throw an error which contains the code being executed: