3. Point-of-Sale Password Recovery
Introduction
Sugarplum Mary in the Courtyard
Hey, wouldja' mind helping me get into my point-of-sale terminal?
It's down, and we kinda' need it running.
Problem is: it is asking for a password. I never set one!
Can you help me figure out what it is so I can get set up?
Shinny says this might be an Electron application.
I hear there's a way to extract an ASAR file from the binary, but I haven't looked into it yet.
Objective
Hints
Solution
When the Santa Shop terminal is clicked there is an option to download an offline version of the Point of Sale software, https://download.holidayhackchallenge.com/2020/santa-shop/santa-shop.exe
santa.exe turns out to be a self-extracting executable and it is possible to open this with 7-Zip.
Goning into the $PLUGINSDIR
open the application.
Inside the application and the resources
directory is app.asar, which is the source code of the Electron application
This file can be opened using Notepad.
Looking through the source code, there is a hardcoded password.
If santa.exe is run then this password successfully unlocks the offline version of SantaPOS v1.0.
Answer
santapass