This is a write-up for Localghost web challenge from NahamCon CTF.
This is a web challenge, so the first thing we should so is go check the mentioned URL in the browser.
The first thing we are going to do is to view the page source. In the page source there are two javascript files referenced. The first one is related to code.jquery.com so its not related to the challenge. But the second one is a relative path so its interesting, let’s click on the file path to see it’s content.
Or we can just open inspect elements from the browser then open the debugger tool and see the javascript files loaded. The content of the file is an encoded javascript code. We can simply click on Pretty print source to see the code in a better way.
Now we should see the code in a better way but some of it still encoded and obfuscated. So we have another option to decode and deobfuscate the code using online tool https://beautifier.io/. Copy the encoded JS code the paste it inside the text box in https://beautifier.io/ then click on Beautify code.
After the code has been beautified, the first thing you can notice is that it sets a localStorage item which called flag and it’s content is the output of the atob('somestringhere') fuction.
Lets go to the browser and open the Storage Inspector then choose the Local Storage and finally you will find the flag item and it’s content.
Or we can simply open the browser console and write the below line of JavaScript code:
window.localStorage.getItem('flag')
JCTF{spoooooky_ghosts_in_storage}