Skip to content
← Back to Community
Calculator CTF
Profile icon
[deleted]

This is a simple CTF I made. The goal is to find the flag, which is hidden in the file flag.txt. The program runs a vulnerable web app. This CTF will test your skills in basic JS and XSS. No cheating and looking at the source code!

Voters
Profile icon
W72702
Profile icon
AmazingMech2418
Profile icon
MrEconomical
Comments
hotnewtop
Profile icon
ABHINAVKUMAR65

Os command injection ig

Profile icon
AmazingMech2418

I think someone changed the flag to a rickroll video... By the way, if it actually saves in the repl, please read my question where the flag once was. I want to know if I'm looking in the right place. I already tried the .env file and I could only find the password and some system-based stuff (like file paths)...

Profile icon
[deleted]

goddammit. Rickrolled

Also, yay, figured it out

Profile icon
AmazingMech2418

@roylatgnail Wait, so the rickroll video was the flag? Oops. I accidentally deleted it because I thought the flag was actually something you could just copy and paste into the comments or something, not a rickroll video.

Profile icon
MrEconomical

incredible idea! however, I couldn't solve it because I just shut down the repl xd but I figured out how to

Profile icon
[deleted]

@MrEconomical oof, i should probably add a try-catch or something

Profile icon
[deleted]

@MrEconomical now you can't do that anymore

Profile icon
MrEconomical

@sugarfi just shut it down again

Profile icon
[deleted]

@MrEconomical how? i wrapped it in a try-catch block.

Profile icon
MrEconomical

@sugarfi process.exit()

Profile icon
[deleted]

@MrEconomical that's cheating! ok. Did you manage to get the flag?

Profile icon
MrEconomical

@sugarfi too lazy to

Profile icon
[deleted]

@MrEconomical but it takes literally one line...

Profile icon
AmazingMech2418

@MrEconomical Wow! It really does work! By the way @sugarfi , I broke the repl... Don't worry though, I didn't change the contents of it besides the flag.txt file...