<h2 id="heading-challenge-description">Challenge description</h2>
The challenge contains the HTML file "admin.html" and a directory of 2 images:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1680039979722/2536b1c4-984f-4d7a-a79b-f2d434afe6b9.png" alt />
Open the "admin.html" file:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1680040074306/7d01825a-f760-41c8-92eb-c84a4a5a2a01.png" alt />
The goal is to find the username and password to claim the flag.
<h2 id="heading-solution">Solution</h2>
We will take a look at the source code of the HTML file.
The next function checks the credentials:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1680040233632/8fc7b6da-fc35-42dd-be0f-703297044b62.png" alt />
As we can see, the username value to be checked is "Admin".
The password value is the base64 value which converts to "goldenticket" (by the atob() function which decodes the input value).
Encoding "goldenticket" to base64 to get the password to enter: "Z29sZGVudGlja2V0".
Enter the username and password, and get the flag:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1680040739771/4960bdf5-27d6-4b1a-b378-7fd7d3733728.png" alt />
Finally, the flag for this challenge is - "<a href="mailto:enter_the_funhouse@flare-on.com" class="autolinkedURL autolinkedURL-email" target="_blank">enter_the_funhouse@flare-on.com</a>".

## **Challenge description**

The challenge contains the HTML file "admin.html" and a directory of 2 images:

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1680039979722/2536b1c4-984f-4d7a-a79b-f2d434afe6b9.png align="left")

Open the "admin.html" file:

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1680040074306/7d01825a-f760-41c8-92eb-c84a4a5a2a01.png align="left")

**The goal is to find the username and password to claim the flag.**

## Solution

We will take a look at the source code of the HTML file.

The next function checks the credentials:

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1680040233632/8fc7b6da-fc35-42dd-be0f-703297044b62.png align="left")

As we can see, the username value to be checked is "Admin".

The password value is the base64 value which converts to "goldenticket" (by the atob() function which decodes the input value).

Encoding "goldenticket" to base64 to get the password to enter: "Z29sZGVudGlja2V0".

Enter the username and password, and get the flag:

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1680040739771/4960bdf5-27d6-4b1a-b378-7fd7d3733728.png align="left")

Finally, the flag for this challenge is - "enter\_the\_funhouse@flare-on.com".

Flare-on 2021: Challenge 1 - credchecker

Malware Research and Reverse Engineering for fun !
