Tags: web 

Rating: 5.0

**Step 1**

Use the Network Tab and see for the scripts being loaded, there we see a suspicious script named as "custom.js"


**Step 2**

On analysing the code inside the script, we see a password field as "if(u == "admin" && p=== ....)" with URIComponent


**Step 3**

Use the Developer tab to decode the URIComponent


**Step 4**

Viola you have your flag