Figure out the encryption.
The encryption the challenge is talking about is to base64 encode any input that is typed into the username and password fields.
For example, sending in "admin" as the username and password results in this:
Bypass the encryption.
A way to bypass this is by editing the POST request rather than typing in the values into the text fields.
By doing so, the query would be sent without the base64 encoding, as shown below.
Perform SQL injection.
Based on the index.js file, it seems that the username must be "admin". Thus, I placed the tautology in the password field instead.
The following input can be used for the password field:
password' OR 1=1--
Yes, it is similar to the web/orm-bad challenge, just that we are now injecting the password field.
Query that the database receives:
SELECT id FROM users WHERE username = 'admin' AND password = 'password' OR 1=1--
Using the Edit and Resend capability in the Firefox browser, the POST request would look something like this:
With these parameters, we can get the flag.
Flag: flag{50m37h1n6_50m37h1n6_cl13n7_n07_600d}