Some Assembly Required 1 Challenge from picoCTF 2021 (Web Exploitation)

Details

Description

New to web hacking? Want to get started with web exploitation but don't know where to begin? This video is for you! We walk through the "Some Assembly Required 1" challenge from picoCTF 2021 step-by-step. You'll learn how to use the Firefox Page Inspector to inspect the HTML, CSS, JavaScript and Web Assembly components of a web application. You'll also learn about JavaScript obfuscation and deobfuscation techniques and tools. Follow along as I demonstrate how to find the flag by using inspection, JavaScript deobfuscation, as well as Base64 decoding with CyberChef. This is a great tutorial for beginners interested in web hacking and penetration testing.

(0:00:00) Intro
(0:00:18) The challenge
(0:00:36) Inspect a web application
(0:02:23) Live hacking - part 1
(0:03:54) JavaScript obfuscation
(0:07:30) JavaScript deobfuscation
(0:11:11) Live hacking - part 2
(0:12:27) Web Assembly
(0:14:19) Live hacking - part 3
(0:14:51) Base64
(0:16:09) CyberChef
(0:18:07) Live hacking - part 4
(0:19:18) Lessons learned

picoCTF: https://www.picoctf.org/

picoCTF 2021 - Some Assembly Required 1: https://play.picoctf.org/practice/challenge/152

Firefox Page Inspector: https://firefox-source-docs.mozilla.org/devtools-user/page_inspector

JavaScript Obfuscator Tool: https://obfuscator.io/

JavaScript Deobfuscator Tool: https://deobfuscate.io/

CyberChef GitHub repo: https://github.com/gchq/CyberChef

Note: Everything presented in this video is strictly meant for educational purposes. Don't do anything evil!