So I participated in a Capture The Flag this week and one of the challenges really confused me.
Challenge file (.txt)
Preview:
[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+
This was the file given, it reminded me of this, after playing with it for a bit I entered it into the JavaScript console on my browser and an alert with the flag popped up.
If someone could explain why this works, and how I could create something like this. Also is it simple to translate this into normal looking JavaScript, I just imagine this could be a way for an attacker to execute sketchy code in my browser.
i put some link that could be helpful
transaltejs (github code) translate string into this pattern
explanetion 1, jsfuck
explanation 2, JavaScript, the weird parts
the key to do this
false => ![]
true => !![]
undefined => [][[]]
NaN => +[![]]
0 => +[]
1 => +!+[]
2 => !+[]+!+[]
10 => [+!+[]]+[+[]]
Array => []
Number => +[]
String => []+[]
Boolean => ![]
Function => []["filter"]
eval => []["filter"]"constructor"()
window => []["filter"]"constructor"()
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With