Added elements manipulation level

Author: MatanelGordon

src/app.module.ts

@@ -13,6 +13,7 @@ import { DebuggerController } from './controllers/debugger.controller';
 import { CookieBasicController } from './controllers/cookie-basic.controller';
 import { IndexedDBBasicController } from './controllers/indexedDB-basic.controller';
 import { UserAgentController } from './controllers/user-agent.controller';
+import { ElementsManipulationController } from './controllers/elements-manipulation.controller';
 
 @Module({
 controllers: [
@@ -27,6 +28,7 @@ import { UserAgentController } from './controllers/user-agent.controller';
 CookieBasicController,
 IndexedDBBasicController,
 UserAgentController,
+ElementsManipulationController,
 ],
 providers: [AppService],
 imports: [

src/config.ts

@@ -43,6 +43,10 @@ const config = {
 url: 'level-a68f14e9',
 flag: createFlag('UA_PR0F3SSI0NAL'),
 }),
+elementsManipulation: createLevelConfig('EL_MANIPULATION', {
+url: 'level-abc12345',
+flag: createFlag('ELEMENTS_BABY'),
+}),
 },
 server: {
 port: +envWithDefault<number>('PORT', 3000),

src/controllers/elements-manipulation.controller.ts

@@ -0,0 +1,20 @@
+import { Controller, Get, Render } from '@nestjs/common';
+import config from '~/config';
+import { toBase64 } from '~/utils/toBase64';
+import { chunkParts } from '~/utils/chunkParts';
+
+const levelConfig = config.levels.elementsManipulation;
+const FLAG_PARTIALS = 3;
+const encoded = encodeURIComponent(toBase64(levelConfig.flag));
+const chunkedFlag = chunkParts(encoded, FLAG_PARTIALS);
+
+@Controller(levelConfig.url)
+export class ElementsManipulationController {
+@Get()
+@Render('elements-manipulation.hbs')
+render() {
+return Object.fromEntries(
+chunkedFlag.map((chunk, i) => [`flag${i + 1}`, chunk])
+);
+}
+}

src/pages/elements-manipulation.hbs

@@ -0,0 +1,157 @@
+<!doctype html>
+<html lang="en">
+<head>
+ {{> headers}}
+ <script type="application/json" id="__DATA__">
+ {
+ "a":"{{flag1}}",
+ "b":"0VJRBc0Al",
+ "c":"{{flag2}}",
+ "d":"5e452a05",
+ "e":"{{flag3}}",
+ "f":"e267f8ed",
+ "g":"c8f44612",
+ "i":"c0acb099",
+ "j":"8f3a00b9",
+ "l":"36a399ff",
+ "m":"e3f6622d",
+ "n":"ff35c8c1",
+ "o":"d9784d7a"
+ }
+
+
+
+
+ </script>
+ <style>
+
+ @keyframes shake {
+ 10%, 90% {
+ transform: translate3d(-1px, 0, 0);
+ }
+
+ 20%, 80% {
+ transform: translate3d(2px, 0, 0);
+ }
+
+ 30%, 50%, 70% {
+ transform: translate3d(-4px, 0, 0);
+ }
+
+ 40%, 60% {
+ transform: translate3d(4px, 0, 0);
+ }
+ }
+
+ .submit-btn {
+ padding: .5rem 1rem;
+ background-color: #4aad1d;
+ border-radius: 2rem;
+ border: none;
+ font-size: 2rem;
+ color: #313131;
+ cursor: pointer;
+ }
+
+ .submit-btn:disabled {
+ --color1: #696969;
+ --stop: 15px;
+ --color2: #808080;
+ color: #424242;
+ cursor: not-allowed;
+ background: repeating-linear-gradient(45deg,
+ var(--color1), var(--color1) var(--stop),
+ var(--color2) var(--stop), var(--color2) calc(var(--stop) * 2)
+ );
+ }
+
+ .submit-btn:disabled:active {
+ animation: shake cubic-bezier(.36, .07, .19, .97) infinite .82s;
+ }
+ </style>
+</head>
+<body class="center full-size">
+<form action="">
+ <input id="submitBtn" class="submit-btn" type="submit" disabled>
+</form>
+<script defer>
+ function _0x3a3f(_0xe8c61d, _0x2c31cc) {
+ const _0x23de0a = _0x23de();
+ return _0x3a3f = function(_0x3a3f91, _0x3ea3a1) {
+ _0x3a3f91 = _0x3a3f91 - 0x65;
+ let _0x4ed814 = _0x23de0a[_0x3a3f91];
+ return _0x4ed814;
+ }, _0x3a3f(_0xe8c61d, _0x2c31cc);
+ }
+
+ const _0x2f348d = _0x3a3f;
+ (
+ function(_0x446864, _0xfef117) {
+ const _0x1c0370 = _0x3a3f, _0x3de815 = _0x446864();
+ while (!![]) {
+ try {
+ const _0xd22d4f = parseInt(_0x1c0370(0x78)) / 0x1 * (
+ parseInt(_0x1c0370(0x67)) / 0x2
+ ) + -parseInt(_0x1c0370(0x6e)) / 0x3 * (
+ -parseInt(_0x1c0370(0x6b)) / 0x4
+ ) + parseInt(_0x1c0370(0x69)) / 0x5 + -parseInt(_0x1c0370(0x75)) / 0x6 * (
+ parseInt(_0x1c0370(0x65)) / 0x7
+ ) + -parseInt(_0x1c0370(0x77)) / 0x8 + parseInt(_0x1c0370(0x6c)) / 0x9 +
+ parseInt(_0x1c0370(0x6d)) / 0xa * (
+ -parseInt(_0x1c0370(0x68)) / 0xb
+ );
+ if (_0xd22d4f === _0xfef117) break; else _0x3de815["push"](_0x3de815["shift"]());
+ } catch (_0x41dcbd) {
+ _0x3de815["push"](_0x3de815["shift"]());
+ }
+ }
+ }(_0x23de, 0xd054c)
+ );
+ const JSON_DATA = JSON[_0x2f348d(0x70)](document[_0x2f348d(0x6a)](_0x2f348d(0x72))[_0x2f348d(0x73)]),
+ data = atob(decodeURIComponent(JSON_DATA["a"] + JSON_DATA["c"] + JSON_DATA["e"])), INITIAL_TEXT = "Get\x20Flag",
+ form = document[_0x2f348d(0x74)]("form"), btn = document[_0x2f348d(0x6a)](_0x2f348d(0x7a));
+
+ function _0x23de() {
+ const _0x3e081a = [
+ "onclick",
+ "__DATA__",
+ "textContent",
+ "querySelector",
+ "138sSxrgx",
+ "onsubmit",
+ "11900056VGjceB",
+ "42281ApRwSc",
+ "disabled",
+ "submitBtn",
+ "flag",
+ "preventDefault",
+ "212751DCfLcN",
+ "dataset",
+ "4bPCMQL",
+ "91201eMTBKV",
+ "7927510YmaAvI",
+ "getElementById",
+ "580376eSNEIW",
+ "15238287fIaWQO",
+ "1790YyDQnp",
+ "24adAEaQ",
+ "value",
+ "parse"
+ ];
+ _0x23de = function() {return _0x3e081a;};
+ return _0x23de();
+ }
+
+ form[_0x2f348d(0x76)] = _0x2e7786 => {
+ const _0x379090 = _0x2f348d;
+ _0x2e7786[_0x379090(0x7c)]();
+ }, btn[_0x2f348d(0x6f)] = INITIAL_TEXT, btn[_0x2f348d(0x71)] = () => {
+ const _0x5a4500 = _0x2f348d;
+ btn[_0x5a4500(0x6f)] = "Success", form[_0x5a4500(0x66)][_0x5a4500(0x7b)] = data, setTimeout(() => {
+ const _0xa0e190 = _0x5a4500;
+ btn[_0xa0e190(0x79)] = !![], btn[_0xa0e190(0x6f)] = INITIAL_TEXT;
+ }, 0x7d0);
+ };
+</script>
+</body>
+</html>