lists of JSONs

Challenge

Web...ish...
https://lists-of-jsons.web.app/

Solution

When we click on the link, we end up on a simple webpage with a list of values.

Using Wappalyzer you can see there's some Firebase database behind it.

Using our Developer Tools, we can see there's some interesting public information in the init.js file.

Thanks to this we have the database url and we can access the .json file by going on this page: https://lists-of-jsons-default-rtdb.firebaseio.com/flag.json

Now it's just a question of rebuilding the flag by following the clues. I let ChatGPT build me a Python script that does all the work for me.

import json

# Replace 'your_file.json' with the path to your JSON file
file_path = '/path/to/my/flag.json'

# Read the JSON file
with open(file_path, 'r') as file:
    data = json.load(file)

# Ensure that the data is a list
if isinstance(data, list):
    # Starting point: index 251
    current_index = 251
    phrase = ""  # To concatenate the 'chr' values into a phrase

    while current_index < len(data):
        # Get the current item (dictionary)
        item = data[current_index]

        if 'chr' in item and 'next' in item:
            # Append the 'chr' value to the phrase
            chr_value = item['chr']
            phrase += chr_value
            print(f"Visited index {current_index}, chr = {chr_value}")

            # Check if we've reached the end of the phrase
            if chr_value == "}":
                print(f"End of phrase reached at index {current_index}.")
                break

            # Evaluate the "next" operation to get the next index
            try:
                next_index = int(eval(item['next']))  # Evaluate the operation (e.g., '1627 - 1151')
                print(f"Next operation: {item['next']} => {next_index}")
                
                # Check if the next index is within bounds
                if 0 <= next_index < len(data):
                    current_index = next_index  # Update current index
                else:
                    print(f"Next index {next_index} is out of bounds. Stopping.")
                    break
            except Exception as e:
                print(f"Error evaluating operation '{item['next']}' for index {current_index}: {e}")
                break
        else:
            print(f"Missing 'chr' or 'next' at index {current_index}. Stopping.")
            break

    # Print the final concatenated phrase
    print(f"\nThe final concatenated phrase is: {phrase}")
else:
    print("The data is not a list as expected.")

After running it, we get our flag.

PreviousIntro to Web NextWhispers of the Feathered Messenger

Last updated 7 months ago