Challenge By : Thiseas
Challenge Description : We believe a certain individual uses this website for shady business. Can you find out who that is and send him an email to check, using the web site’s functionality?
Note: The flag is not an e-mail address.
Points : 30
Author : Rehman S. Beg (HTB Profile : MrReh )
________________________________________
Lets Start the instance and open the page, we see the login page
lets see the source code here we see script tag
In jquery-3.2.1.js, we will see the “function doProcess()” have hidden credentials
After use those Creds we passed login screen, and redirected to new page.
Now lets find the email address, Under Main Tasks > Mailbox of Special Customers, read the source code
My firefox browser not support their frames so we can’t see what is in the frames, request to that page again on burp suite and we could get clearly see information from that page.
Here we see path “secret_area_” lets check if we have something more on that it show two files mails.gif and mails.txt
In mails.txt we see a list of mail
After some try we find the correct mail address, lets go back to main page and send mail to grep the flag
FLAG : “HTB{FuckTheB3stAndPlayWithTheRest!!}”