Second room in the Deus Ex (2000) inspired series. This one is considerably more tricky than the first room, but not crazily so: every step is trivial, but with a twist.
- Scanning will reveal just two ports: 80 and an unusual port. On both is a website, the first containing the apparent home page for the 'Ton Hotel, and the latter a login interface to NYCOMM mail.
- With no creds efforts should be focused on the first site, which seems pretty basic. There is a guest book, an about page and a new booking page, however the button that opens new bookings is disabled by javascript as no bookings are available.
- By examining the javascript code you can see it makes an api call, but this is a simple get request with no params and doesn't seem vulnerable. However you can learn the path to the new booking page.
- By going there a message says no rooms are available, however the page is running javascript and there is a hidden form. The javascript grabs a cookie value and m