Yorzaren

Categories

Tags

Statement: None.

Solution:

View the page source:

<html>
    <head>
        <title>Obfuscation JS</title>

          <script type="text/javascript">
              /* <![CDATA[ */

              pass = '%63%70%61%73%62%69%65%6e%64%75%72%70%61%73%73%77%6f%72%64';
              h = window.prompt('Entrez le mot de passe / Enter password');
              if(h == unescape(pass)) {
                  alert('Password accepté, vous pouvez valider le challenge avec ce mot de passe.\nYou an validate the challenge using this pass.');
              } else {
                  alert('Mauvais mot de passe / wrong password');
              }

              /* ]]> */
          </script>
    </head>
   <body><link rel='stylesheet' property='stylesheet' id='s' type='text/css' href='/template/s.css' media='all' /><iframe id='iframe' src='https://www.root-me.org/?page=externe_header'></iframe>
    </body>
</html>

You can see this is the password %63%70%61%73%62%69%65%6e%64%75%72%70%61%73%73%77%6f%72%64 but you need to decode it from url encoding.

A decoder: https://meyerweb.com/eric/tools/dencoder/

which gives you this cpasbiendurpassword

Validation: cpasbiendurpassword