Flag Command writeup
Challenge name: Flag Command
Difficulty: Very Easy
Challenge Scenario: Embark on the “Dimensional Escape Quest” where you wake up in a mysterious forest maze that’s not quite of this world. Navigate singing squirrels, mischievous nymphs, and grumpy wizards in a whimsical labyrinth that may lead to otherworldly surprises. Will you conquer the enchanted maze or find yourself lost in a different dimension of magical challenges? The journey unfolds in this mystical escape!
Link: https://app.hackthebox.com/challenges/Flag%2520Command?tab=play_challenge
Machine IP: 154.57.164.76:30990
Navigated to the site. It’s a site of an OG text RPG.
Checked source code and there’s mention of a few scripts, commands, main, game.
I curled each file to see if I could read them and I could.
curl http://154.57.164.76:30990/static/terminal/js/main.js
In main.js I saw that there was some secret and a mention of /api/monitor.
I went to /api/monitor but nothing important was there. Instead I went to /api/monitor and there is a secret command for the game.
Started the game and put that in and we got the flag.
GG
Hacking Insights by Max Bautista 
Leave a comment