3. Point-of-Sale Password Recovery
Sugarplum Mary in the Courtyard
Hey, wouldja' mind helping me get into my point-of-sale terminal?
It's down, and we kinda' need it running.
Problem is: it is asking for a password. I never set one!
Can you help me figure out what it is so I can get set up?
Shinny says this might be an Electron application.
I hear there's a way to extract an ASAR file from the binary, but I haven't looked into it yet.
When the Santa Shop terminal is clicked there is an option to download an offline version of the Point of Sale software, https://download.holidayhackchallenge.com/2020/santa-shop/santa-shop.exe
santa.exe turns out to be a self-extracting executable and it is possible to open this with 7-Zip.
Goning into the
$PLUGINSDIR open the application.
Inside the application and the
resources directory is app.asar, which is the source code of the Electron application
This file can be opened using Notepad.
Looking through the source code, there is a hardcoded password.
If santa.exe is run then this password successfully unlocks the offline version of SantaPOS v1.0.