IT and security stuff

CyberSecurityRumble 2021 – Biometric Vault Writeup

neoh

Clicking the Challenge link brought me to this website.

This is a simple sound welcomeing us to the Money Bin.
Our Promise. Take note of the comment “Only our very own personnel is authorized and must not only state their name for identification but also pass a facial scan.”
Going further, the site asks for our webcam, microphone and name.

We will have to provide a facial picture, A full name and a voice sample. At this point anything I tried did not work.

I started digging further into the website source code.

The file Home.js revealed something interesting. The voice message on the main page, was in fact Helena Black, the CEO.
There was even a picture of her. LOL

Time to try to log as Helena! I downloaded her picture on my cellphone and changed my microphone source to be my desktop sound.

Took me a couple tries. The hardest part was getting a clean part of her dialogue. And after a couple tries :

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.