# WM01 - 250pts ## Briefing > View the page at and try to get the flag. ## Solution 1. When looking around for interesting files we can find an interesting comment in `/assets/js/site.js` that says `// Image slideshow. Moved in from /new-images when each is finalised`. 2. Navigating to `/new-images` shows a list of pictures. Checking each picture to see if the flag is hidden using steganography tricks yields nothing. 3. It took a lot of different ideas but eventually I tried using Google's reverse image search to see if any of the images in `/new-images` were unique. The image of the macbook with the screen showing "mii-home" got some matches, but none of them had the "mii-home" graphic. Going to `/mii-home` shows a login page. 4. The username and password for the login page at `/mii-home` are validated using `login.js`. We can deobfuscate it with [de4js](https://lelinhtinh.github.io/de4js/) to get the output in [login.js](https://github.com/HHousen/NCS-Competition/tree/e3a1ab990b675bd865fdddd9e5fa5cd7895b3b02/Web/WM01/login.js). We can run lines 1-18 in the JS console (only if not already on `/mii-home`) and then define j to hl\_b with `j = hl_b`. Finally, simply run line 28: `window[j(0x73)] = 'se' + 'curi' + 'ty-' + 'ca' + j(0x7d) + '/f' + j(0x70);`. This will redirect to `/mii-home/security-camera/feed/`. 5. We can look at the "Office" camera to see a note that says the WiFi password is `XGHEV7HGEV`, which is the flag. ### Flag `XGHEV7HGEV` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ncs2021.haydenhousen.com/web/wm01.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.