HTB - Canvas

To start you download the files it wants. What we're given is a website with a login screen.

If we use our dev-tools we can see it's loading a .js script. If we double-click to see the script, we can see it's a bunch of hex code.

We'll need to figure out what this all says so let's pop it into jsnice.org

Honestly at this point, you pretty much have it. Slide down to the bottom of this code and you'll see this 'fromcharcode' portion of the script:

var res = String["fromCharCode"](72, 84, 66, 123, 87, 51, 76, 99, 48, 109, 51, 95, 55, 48, 95, 74, 52, 86, 52, 53, 67, 82, 49, 112, 55, 95, 100, 51, 48, 98, 70, 117, 53, 67, 52, 55, 49, 48, 78, 125, 10);

There's a few ways to take care of this - we can find an online decoder (the easiest way - https://charcode98.neocities.org/ ) or decode with the linux CLI ascii app. You'll have to make it pretty if you do it that way.

Either way, if you copy and paste the flag it decodes it's done.