back to home

ELI Challenge #2 - Helipad

This challenge can be found when Martina jumps off a helipad.

The Setup

Looks like after freebooting the queue, Martina and Wheeler hid something on the Space Charging Queue panel.

Can you find it yourself?

We're given a link to a web dashboard.

The Dashboard

Taking a look at the HTML source, this looks like a React app. This means we have to go digging into the JavaScript of the page.

You should have access to devtools in your browser of choice. Using the "Debugger" tab, we can inspect the source code. Both static/js/App.js and static/js/index.js do not contain anything out of the ordinary, but static/js/components/ctfpage.jsx has some code that clearly references the challenge.

useEffect(() => {
  window.getFlag = () => flag;
}, [flag]);

This is a fancy JavaScript way of saying "the getFlag() function returns the flag".

Opening up the "Console", we type getFlag(), press enter, and the flag is right there!

The Search

Alternatively, you could have gone to the "Network" tab, clicked on main.something.js, "Response", ctrl+F and search for "KEY{" to get the flag.