# Technical Report

## <mark style="color:purple;">Technical Security Report: "Flag Command" Challenge</mark>

### <mark style="color:purple;">**Purpose of the Report**</mark>

This document provides a detailed technical assessment of the "Flag Command" challenge from Hack The Box. The objective of this assessment was to identify and exploit vulnerabilities within the web application to retrieve the hidden flag.

***

### <mark style="color:purple;">Methodology</mark>

The security evaluation was conducted using the following approach:

1. **Interaction with the Web Interface:** Engaging with the application's terminal-like interface to understand available commands and functionalities.
2. **Client-Side Code Analysis:** Inspecting the website's source code and associated JavaScript files to uncover hidden commands or secrets.
3. **Exploitation:** Utilizing the gathered information to execute commands that reveal the flag.

***

### <mark style="color:purple;">Detailed Findings</mark>

1. **Interaction with the Web Interface**
   * **Observation:** Upon accessing the provided URL, the application presents a terminal-like interface, prompting users to input commands.
   * **Action Taken:** Initial attempts to execute standard commands (e.g., `ping`, `help`) were made to assess the application's responses.
   * **Result:** The application responded with predefined messages, indicating limited command support.
2. **Client-Side Code Analysis**
   * **Observation:** To uncover potential hidden functionalities, the website's source code was examined.
   * **Action Taken:** Using browser developer tools, the HTML and JavaScript files were inspected, focusing on scripts that define available commands.
   * **Result:** A JavaScript array labeled `options` was discovered, containing a list of acceptable commands. Notably, an additional command labeled `secret` was present, which was not advertised in the user interface.
3. **Exploitation**
   * **Observation:** The presence of the `secret` command suggested a hidden functionality.
   * **Action Taken:** Entered the `secret` command into the application's input field.
   * **Result:** The application revealed the hidden flag upon executing the `secret` command.

***

### <mark style="color:purple;">Conclusion</mark>

The "Flag Command" challenge highlights the importance of thorough client-side code analysis during security assessments. By inspecting the application's source code, hidden functionalities were uncovered, leading directly to the retrieval of the flag. This exercise underscores the necessity of securing client-side scripts to prevent unauthorized access to concealed features.