Tags: web
Rating: 5.0
**Step 1**
Use the Network Tab and see for the scripts being loaded, there we see a suspicious script named as "custom.js"
[https://imgur.com/QzcXC8B](https://imgur.com/QzcXC8B)
**Step 2**
On analysing the code inside the script, we see a password field as "if(u == "admin" && p=== ....)" with URIComponent
[https://imgur.com/RKaPGp1](https://imgur.com/RKaPGp1)
**Step 3**
Use the Developer tab to decode the URIComponent
[https://imgur.com/R0xgQy4](https://imgur.com/R0xgQy4)
**Step 4**
Viola you have your flag
