Writeup: FlareOn 2022: 001 - Flaredle

1. TLDR

2. Input data

The challenge file is here. Password: flare.

The subject of the task is an html page with embedded javascript. The available files are:

  index.html
  script.js
  style.css
  words.js

3. Code analysis

The key piece was the code:

if (guessString === rightGuessString) {
	let flag = rightGuessString + '@flare-on.com';
	toastr.options.timeOut = 0;
	toastr.options.onclick = function() {alert(flag);}
    toastr.success('You guessed right! The flag is ' + flag);

    guessesRemaining = 0
    return
}

What was the value of rightGuessString? A word with an index of 57:

const CORRECT_GUESS = 57;
let guessesRemaining = NUMBER_OF_GUESSES;
let currentGuess = [];
let nextLetter = 0;
let rightGuessString = WORDS[CORRECT_GUESS];

4. Reading the flag

The flag was a word with index 57 with postfix attached:

flareonisallaboutcats@flare-on.com