PicoGym Web Exploitation Writeup | dont-use-client-side | Easy | PicoCTF

PicoGym Web Exploitation Writeup | dont-use-client-side | Easy | PicoCTF

Originally posted on my Medium page.

In this challenge, we are tasked with breaking into a “super secure portal.” The hint in the description suggests that the portal might have vulnerabilities or hidden access points that we can exploit to retrieve the flag.

After clicking on the provided link, we are redirected to a website with a login form.

Let’s first view the source code of the page by pressing Ctrl+U to open the HTML.

The code contains a verify() function that is responsible for checking the password entered by the user.

Inside the verify() function, we notice that the password is being checked in several parts, using a split value. Here’s how the verify() function checks the password:

• The password is checked using a series of substring checks, with specific parts of the password required at different positions.

From the code:

• The first part is pico
• The second part is CTF{
• Then there are checks for specific strings in the following parts of the password like ts_p, lien, no_c, and lz_1.

By analyzing the code carefully, we can reconstruct the full flag by combining the splits correctly.

Arranging the parts from the splits, we get the flag:
picoCTF{no_clients_plz_1a3c89}

📖 Want more CTF and OSINT writeups like this? Check out my Medium page here.