WM02
| Category | Points | Difficulty |
|---|---|---|
| Web | 250 | Medium |
Solution
Looking at the source code of the website, we see a few things. First, we have an obfuscated Javascript file, which we can deobfuscate, but that leads nowhere. Looking at the obfuscated code, we see that there is a sourcemap loaded. Doing some internet searching led me to open up dev tools in Firefox and load up the source map there. Looking at the source map, we find the flag.
Flag: GroovyBaby!
Also in Chrom: If you inspect element, go to the Sources tab, open the js tab, you’ll see the file obfuscated.js, and directly after that file, you’ll see a file sourceMap. Open that file, and the very first line says // Flag: GroovyBaby!