Back The Hawks

Challenge Description

We are Back the Hawks! We're a non-profit that seeks to protect hawks across the world. We have a vibrant community of Backers who are all passionate about Backing the Hawks! We'd love for you to join us... if you can figure out how to get an access code.

NOTE - any resemblence to other companies, non-profits, services, login portal challenges, and/or the like, living or dead, is completely coincidental.

Solution

Visting the Register page, asks for an Access Code
Checking the Hint on the page
Checking the javascript file backTheHawksInviteCodes.min.js

function makeInviteCode() {
    var o = "! edoc/etivni/skwah/eht/kcab/ ot tseuqer TSOP a ekaM !skwaH eht gnikcaB htiw nwod er'uoy erus ekam ot tnaw YLLAER ,yllaer eW";

    var d = o.split('').reverse().join('');

    console.log(d);
}

Reverse the string of characters
It says Make a POST request to /back/the/hawks/invite/code
We get a message after making a POST request to that endpoint
Decrypting the message using Shift Cipher with shift of 23, we get : WE_OUT_HERE_BACKIN_THE_HAWKS_2023
Enter the access code on the Register page and we get the flag

FLAG

flag{3ef532159716ecfb9117f56f4ead4fb6}

Last updated 1 year ago