WM01 - 250pts
Last updated
Was this helpful?
Last updated
Was this helpful?
View the page at and try to get the flag.
When looking around for interesting files we can find an interesting comment in /assets/js/site.js
that says // Image slideshow. Moved in from /new-images when each is finalised
.
Navigating to /new-images
shows a list of pictures. Checking each picture to see if the flag is hidden using steganography tricks yields nothing.
It took a lot of different ideas but eventually I tried using Google's reverse image search to see if any of the images in /new-images
were unique. The image of the macbook with the screen showing "mii-home" got some matches, but none of them had the "mii-home" graphic. Going to /mii-home
shows a login page.
The username and password for the login page at /mii-home
are validated using login.js
. We can deobfuscate it with to get the output in . We can run lines 1-18 in the JS console (only if not already on /mii-home
) and then define j to hl_b with j = hl_b
. Finally, simply run line 28: window[j(0x73)] = 'se' + 'curi' + 'ty-' + 'ca' + j(0x7d) + '/f' + j(0x70);
. This will redirect to /mii-home/security-camera/feed/
.
We can look at the "Office" camera to see a note that says the WiFi password is XGHEV7HGEV
, which is the flag.
XGHEV7HGEV