🏳️
Bag of Flags
  • Home
  • 2023
    • 🅿️picoCTF 2023
      • money-ware
      • repetitions
      • two-sum
      • ReadMyCert
      • rotation
      • hideme
      • PcapPoisoning
      • who is it
      • Reverse
      • timer
      • Safe Opener 2
      • findme
      • MatchTheRegex
      • SOAP
    • 🐦magpieCTF 2023
      • Space Plan
      • Space Exploration
      • So Meta
      • There is no flag
      • Momma says to play fair
      • Rubis
      • What is the password?
      • Eavesdropper
      • Shredded
      • Missing Flag
      • This outta be large enough right?
      • No Password Here
      • Chocolate Chips with Zero-G
      • Education Comes First
    • 🌴ISSessions CTF 2023
      • Basic Permissions
      • Crack Me
      • File Detective
      • Word Vomit
      • Fileception
      • Coding Time
      • Ghost File
      • CryptoTools1
      • CryptoTools2
      • 1337
      • ROT++
      • RunedMyDay
      • RSA_2
      • The Man Who Sold the World
      • VaultChallenge
      • Lost Media
      • Decontamination
      • Decade Capsule
      • Password in A Haystack
  • 2022
    • 🏁UW CTF S22
      • 0s and 1s
      • simple image
      • Helikopter
      • Meow
      • Google Form
      • Strings, literally
      • WASM
      • Audio
      • Pwn0
      • YATD
      • steg
      • Passwords
      • Vitalik
  • Practice
    • 🧠CryptoHack
      • Introduction
        • Finding Flags
        • Great Snakes
      • General
        • ASCII
        • Hex
        • Base64
        • Bytes and Big Integers
        • XOR Starter
        • XOR Properties
        • Favourite byte
        • You either know, XOR you don't
        • Greatest Common Divisor
Powered by GitBook
On this page
  • Description
  • Hints
  • Pattern Matching
  • Flag
  1. 2023
  2. picoCTF 2023

MatchTheRegex

PreviousfindmeNextSOAP

Last updated 2 years ago

Description

How about trying to match a regular expression

Hints

1

any redirections?

Pattern Matching

We have a website with a single input field

Any incorrect input gives us an angry alert

Looking through the code, we find this interesting function which appears to validate the input

function send_request() {
	let val = document.getElementById("name").value;
	// ^p.....F!?
	fetch(`/flag?input=${val}`)
		.then(res => res.text())
		.then(res => {
			const res_json = JSON.parse(res);
			alert(res_json.flag)
			return false;
		})
	return false;
}

The regex is ^p.....F!?

  • ^p - String starts with "p"

  • ..... - 5 characters of any value

  • F - The letter "F"

  • !? - Matches 0 or 1 occurrences of "!"

Using this, we can pass in "picoCTF" or any other possible string that satisfies the regex

Flag

picoCTF{succ3ssfully_matchtheregex_8ad436ed}

🅿️