Password Locker on the Web

Upon entering some random data, an encrypted string was being printed out.

Since, upon changing the string length, output string changed so I knew it wasn't a hash. It was definitely encryption.

I first used burpsuite to break the 20 character limit and input 80 "A"s

Turned out that the string became longer and 20 character limit was broken. Same could be obtained by changing length using developer tools.

I analyzed the string to find which kind of encryption was happening using https://www.dcode.fr/cipher-identifier

Upon negating the options which can't be a possibility, I shortlisted it to be XOR cipher. The key was a bunch of A's that we input!

Last updated 1 year ago