Skip to content

Objective #10 - Defeat Fingerprint Sensor

Objective

Bypass the Santavator fingerprint sensor. Enter Santa's office without Santa's fingerprint.

Solution

Step 1: Inspect the javascript source using the browser developer tools, or download it from https://elevator.kringlecastle.com/app.js. You’ll find that the code behind the fingerprint sensor checks to see if the user has the value “besanta” in the token array.

Step 2: Search for any references to “tokens” in the source to determine how you might manipulate the program's behavior.

Step 3: Type tokens.push(‘besanta’) into the javascript console. You can now bypass the fingerprint reader and visit Santa’s office without being Santa.