Canvas
The files we downloaded are the source code of a website. There are files dashboard.html and a index.html inside together with directories css and js. The index.html document shows a login page. Inside the dashboard.html file is this.
HTB{🤦♂️}
It looks like a flag is supposed to be inside. Lets check the JavaScript code inside the js directory. Inside the is Obfuscated Javascript code. You can see the full obfuscated code in Canvas - Obfuscated Js. To deobfuscate it I first used a JavaScript beautifier: Beautifier.io and then a JavaScript deobfuscater: Deobfuscate.io. At the end we find this:
var res = String.fromCharCode(72, 84, 66, 123, 87, 51, 76, 99, 48, 109, 51, 95, 55, 48, 95, 74, 52, 86, 52, 53, 67, 82, 49, 112, 55, 95, 100, 51, 48, 98, 70, 117, 53, 67, 52, 55, 49, 48, 78, 125, 10);
Googling the function fromCharCode reveals that it creates characters from the Unicode values provided (Source). Lets take the values in the function and decode them to Unicode. I simply used this decoder I found online. The result is the flag.
Input:
72, 84, 66, 123, 87, 51, 76, 99, 48, 109, 51, 95, 55, 48, 95, 74, 52, 86, 52, 53, 67, 82, 49, 112, 55, 95, 100, 51, 48, 98, 70, 117, 53, 67, 52, 55, 49, 48, 78, 125, 10
Output:
HTB{***************************}
Flag
HTB{W3Lc0m3_70_J4V45CR1p7_d30bFu5C4710N}