Flag Command

HackTheBox Challenge Writeup

Flag Command is a beginner-level web challenge from Hack The Box that disguises itself as a lighthearted text adventure game. While the interface invites users to make choices like a classic RPG, the real solution lies in inspecting the front-end code for hidden commands. By analyzing the JavaScript logic and bypassing the standard gameplay, you can discover a secret keyword that reveals the flag.

Flag Command Challenge

Step 1: Starting the Challenge

Once you launch the instance from the Hack The Box platform, you receive a web address (usually an IP and port). Opening it in your browser brings up a retro-style command-line adventure game in your terminal window.

> START
Step 1 Image

This begins a simulated text adventure, where you're given multiple options (e.g., "HEAD NORTH", "GO SOUTH", "SET UP CAMP").

Step 2: Realize the Loop

After a few attempts, you’ll see that the game doesn't progress meaningfully. All choices end with failure, indicating the real solution is likely not part of the visible gameplay.

Step 2 Image

This is a strong hint that the flag is hidden behind a secret mechanism — possibly hardcoded into the client-side logic.

Step 3: Lets check whats in main.js

In the JavaScript file, you’ll find the game logic that checks for user input. With a bit of scrolling, you’ll uncover this conditional:

Step 3 Image

This tells you that the game is listening for a hidden command — the word "secret".

Step 4: Open Developer Tools

Open your browser’s developer tools:

Chrome: F12 or Ctrl + Shift + I

Firefox: F12 or Ctrl + Shift + K

Step 4 Image

This command isn’t listed in the normal options. It’s a developer Easter egg or hidden backdoor.

Step 5: OPTIONS file

On clicking "options" file from devloper options got a secret code

Step 5 Image

Step 6: Getting the flag

On pasting the secret which we got from OPTIONS, got the flag

Step 6 Image