Objective 3: Point-of-Sale Password Recovery
Help Sugarplum Mary in the Courtyard find the supervisor password for the point-of-sale terminal. What's the password?
Sugarplum Mary is located in the rear courtyard.
Clicking on the terminal, I'm met with:
Downloading the offline version is just an executable. Opening it gives me a password prompt as shown above. Luckily, the executable is an electron application, a javascript-based interface application that can be decompiled.
To do that, first I would ensure that npm (Node Package Manager) is installed on my machine. I have a Windows VM that I use for things like this, so I went and installed it, then ran:
npm -g install asar
asar is basically a variant of tar to a degree, used to package up electron application code into an .asar file. First, navigate to the installed electron app's directory. In this case, I went to C:\Users\agr0\AppData\Local\Programs\santa-shop\resources\
And there was the .asar file, app.asar. To extract I simply ran the following:
And it extracted everything into the src directory. From there I navigated to app.js, and lo and behold I saw the following:
Don't place passwords hard-coded into your apps! Password is: santapass.