Challenge LAB: MISC
Difficulty: Easy
After having downloaded the file we can see that it is a basic website folder, so I first visited the two html pages on a browser.
After trying to connect with random login we can see that we have 3 attempts otherwise the panel hangs but just with a refresh of the page the panel is reset.
So I tried to do some password guessing and it was the famous admin admin XD
The page redirects to “dashboard.html” which includes the flag YAAAY ! xD
HTB {🤦♂️}
Naah you can imagine that it is not the flag otherwise it will be too easy.
So after that, I decided to see the other files on the folder.
The file “login.js” looks rather interesting.
From the first seen I could see that it’s basic JS Obsfucation.
So i decided to desobfucate the file with an online deobfuscator.
By analyzing the JS code we can understand how the program works.
The interesting part is at the last line in the variable “res” we can see that the variable stores a result which is encoded in ASCII code.
var res = String[“fromCharCode”](72, 84, 66, 123, 87, 51, 76, 99, 48, 109, 51, 95, 55, 48, 95, 74, 52, 86, 52, 53, 67, 82, 49, 112, 55, 95, 100, 51, 48, 98, 70, 117, 53, 67, 52, 55, 49, 48, 78, 125, 10);
You just had to decode the ASCII code to find the flag ^^
Thank you 🚀 Happy Hacking ❤
