Planet DesKel

DesKel's official page for CTF write-up, Electronic tutorial, review and etc.

13 September 2020 write-up: old-58

2 minutes to read
Link point tag
old-58 150 JavaScript

Howdy there, welcome to another CTF challenge. Today’s challenge is about JavaScript.


This is a JavaScript-based user console, not an actual Linux CLI. We can forget about the command-line injection.

By typing help command we have the following result.


There are only 4 options and our main goal is the flag command.


We need to escalate ourselves as an admin. How did we do that as we are assigned as a guest whenever the page is getting refreshed.

Actually, you just need thinker some of the parameters.

Step 1: Thinker the JS code

$(function () {
      var username = "admin";
      var socket = io();
        return false;
      socket.on('cmd', function(msg){

After that, submit the above code to the console


Step 2: Thinker the HTML

Change the input naming from m to k (The alphabet refer to the JS code)


That’s it, input the command and capture the flag.


tags: - javascript

Thanks for reading. Follow my twitter for latest update

If you like this post, consider a small donation. Much appreciated. :)


© 2020 DesKel