2

So I participated in a Capture The Flag this week and one of the challenges really confused me.

Challenge file (.txt)

Preview:

[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+

This was the file given, it reminded me of this, after playing with it for a bit I entered it into the JavaScript console on my browser and an alert with the flag popped up.

If someone could explain why this works, and how I could create something like this. Also is it simple to translate this into normal looking JavaScript, I just imagine this could be a way for an attacker to execute sketchy code in my browser.

jacstrong
  • 191
  • 2
  • 11
  • JavaScript often behaves in ways that are [unexpected](https://www.destroyallsoftware.com/talks/wat). You'll need to understand what things like `[]+[]` and `[]-[]` do to crack this code. – tadman Jun 09 '18 at 17:59
  • That's [**jsFuck**](http://www.jsfuck.com/) ([wikipedia](https://en.wikipedia.org/wiki/JSFuck)). It is used sometimes to obfuscate code. – ibrahim mahrir Jun 09 '18 at 18:00

1 Answers1

2

i put some link that could be helpful

the key to do this

  • false => ![]

  • true => !![]

  • undefined => [][[]]

  • NaN => +[![]]

  • 0 => +[]

  • 1 => +!+[]

  • 2 => !+[]+!+[]

  • 10 => [+!+[]]+[+[]]

  • Array => []

  • Number => +[]

  • String => []+[]

  • Boolean => ![]

  • Function => []["filter"]

  • eval => []["filter"]"constructor"()

  • window => []["filter"]"constructor"()

Francesco Taioli
  • 2,687
  • 1
  • 19
  • 34