NCS Competition 2021 Writeup
  • HHousen National Cyber Scholarship Competition 2021 Writeup
  • Forensics
    • FE02 - 100pts
    • FE03 - 100pts
    • FH01 - 500pts
    • FE04 - 100pts
    • FM01 - 250pts
    • FM02 - 250pts
    • FM03 - 250pts
    • FE01 - 100pts
  • Crypto
    • CM01 - 250pts
    • CM02 - 250pts
    • CX01 - 1000pts
    • CH01 - 500pts
    • CH02 - 500pts
  • Binary
    • BM01 - 250pts
    • BM02 - 250pts
    • BM03 - 250pts
    • BX01 - 1000pts
    • BX02 - 100pts
    • BE01 - 100pts
    • BE02 - 100pts
    • BH01 - 500pts
  • Networking
    • NM01 - 250pts
    • NE01 - 100pts
  • Web
    • WX01 - 1000pts
    • WE01 - 100pts
    • WE02 - 100pts
    • WH01 - 500pts
    • WH02 - 500pts
    • WM01 - 250pts
    • WM02 - 250pts
    • WM03 - 250pts
    • WM04 - 250pts
    • WM05 - 250pts
  • Challenge Name
Powered by GitBook
On this page
  • Briefing
  • Solution
  • Flag

Was this helpful?

Edit on Git
  1. Web

WM01 - 250pts

PreviousWH02 - 500ptsNextWM02 - 250pts

Last updated 4 years ago

Was this helpful?

Briefing

View the page at and try to get the flag.

Solution

  1. When looking around for interesting files we can find an interesting comment in /assets/js/site.js that says // Image slideshow. Moved in from /new-images when each is finalised.

  2. Navigating to /new-images shows a list of pictures. Checking each picture to see if the flag is hidden using steganography tricks yields nothing.

  3. It took a lot of different ideas but eventually I tried using Google's reverse image search to see if any of the images in /new-images were unique. The image of the macbook with the screen showing "mii-home" got some matches, but none of them had the "mii-home" graphic. Going to /mii-home shows a login page.

  4. The username and password for the login page at /mii-home are validated using login.js. We can deobfuscate it with to get the output in . We can run lines 1-18 in the JS console (only if not already on /mii-home) and then define j to hl_b with j = hl_b. Finally, simply run line 28: window[j(0x73)] = 'se' + 'curi' + 'ty-' + 'ca' + j(0x7d) + '/f' + j(0x70);. This will redirect to /mii-home/security-camera/feed/.

  5. We can look at the "Office" camera to see a note that says the WiFi password is XGHEV7HGEV, which is the flag.

Flag

XGHEV7HGEV

https://cfta-wm01.allyourbases.co
de4js
login.js