HTML5 Escape Game

Using various browser APIs, your goal is to get root of the local box.
You can try to get a filesystem browser with printer popup or download popup 'save as'.
There are various informations on your jail (local IPs, browser version), and you can perform network scans too.
Most of the enumerations are clickable, and will autofill the corresponding inputs in all blocks.
This page is a single HTML file, with no dependencies on the ICANN IPv4 Internet, which means that you can save it to a disk drive. Beware, some features are disabled by the browsers when the source file is not served over network.
You will need an ECMAScript runtime.

I'm not very good at CSS.
2016-10-03 : WIP, adding network scan.

Local IP addresses (HTML5 WebRTC API)

Javascript execution

Client-side « fake » download

Set these mimetypes with clicks :
text/plain;charset=utf-8 txt
application/pdf pdf
image/svg+xml svg svgz
application/rss+xml rss
application/octet-stream raw
application/atom+xml atom;
application/font-woff woff
application/font-woff2 woff2
application/java-archive ear jar war
application/json json
application/ld+json jsonld
application/mac-binhex40 hqx
application/manifest+json webmanifest
application/msword .doc .dot
application/octet-stream raw
application/pdf pdf
application/postscript ai eps ps
application/rss+xml rss
application/rtf rtf
application/vnd.geo+json geojson
application/ kml
application/ kmz
application/ .xls xla xlt;
application/ .xlam
application/ .xlsb
application/ .xlsm
application/ .xltm
application/ eot
application/ .ppt pot ppa pps;
application/ .ppam
application/ .pptm
application/ .ppsm
application/ .potm
application/ .docm
application/ .dotm
application/vnd.openxmlformats-officedocument.presentationml.presentation .pptx
application/vnd.openxmlformats-officedocument.presentationml.slideshow .ppsx
application/vnd.openxmlformats-officedocument.presentationml.template .potx
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet .xlsx
application/vnd.openxmlformats-officedocument.spreadsheetml.template .xltx
application/vnd.openxmlformats-officedocument.wordprocessingml.document .docx
application/vnd.openxmlformats-officedocument.wordprocessingml.template .dotx
application/vnd.wap.wmlc wmlc
application/x-7z-compressed 7z
application/x-bb-appworld bbaw
application/x-bittorrent torrent
application/x-chrome-extension crx
application/x-cocoa cco
application/x-font-ttf ttc ttf
application/x-java-archive-diff jardiff
application/x-java-jnlp-file jnlp
application/x-makeself run
application/x-opera-extension oex
application/x-web-app-manifest+json webapp
application/xml rdf xml
audio/midi mid midi kar
audio/mp4 aac f4a f4b m4a
audio/mpeg mp3
audio/ogg oga ogg opus
audio/x-realaudio ra
audio/x-wav wav
font/opentype otf
image/bmp bmp
image/gif gif
image/jpeg jpeg jpg
image/png png
image/svg+xml svg svgz
image/tiff tif tiff
image/vnd.wap.wbmp wbmp
image/webp webp
image/x-icon cur ico
image/x-jng jng
text/cache-manifest appcache
text/plain;charset=utf-8 txt
video/3gpp 3gp 3gpp
video/mp4 mp4
video/mpeg mpeg mpg
video/ogg ogv
video/quicktime mov
video/webm webm
video/x-flv flv
video/x-mng mng
video/x-ms-asf asf asx
video/x-ms-wmv wmv
video/x-msvideo avi

File input

Canvas file input (drop)

Editable <A> element (specific URI schemes)



Browser footprint

System print popup

Custom XHR

HTTP headers :
Mozilla uneditabled headers :
  • Accept-Charset
  • Accept-Encoding
  • Access-Control-Request-Headers
  • Access-Control-Request-Method
  • Connection
  • Content-Length
  • Cookie
  • Cookie2
  • Date
  • DNT
  • Expect
  • Host
  • Keep-Alive
  • Origin
  • Referer
  • TE
  • Trailer
  • Transfer-Encoding
  • Upgrade
  • User-Agent
  • Via

Network scan

Added /
URI suffix