PicoGYM Web Exploitation Writeup | head-dump | Easy | PicoCTF

PicoGYM Web Exploitation Writeup | head-dump | Easy | PicoCTF

Originally posted on my Medium page.

In this writeup, we’ll take on the “head-dump” challenge from picoCTF 2025, created by Prince Niyonshuti N.. The challenge involves exploring a simple blog web application to discover an endpoint that exposes a memory dump file containing a hidden flag.

Let’s get into it and see what secrets the server’s memory holds!

After launching the challenge instance, I started by browsing through the website, carefully checking the pages, links, and possible hidden paths.

In the challenge description, it specifically mentioned an article about API Documentation. So, I clicked on #API Documentation, which took me to the /api-docs/ page. This page had Swagger UI, a tool used to test and explore API endpoints.

Inside Swagger UI, I noticed several API endpoints listed. Since the challenge is called head-dump, the /heapdump endpoint under the diagnosing section immediately stood out.

I used the Try it out button in Swagger UI for the /heapdump endpoint and executed it. The server responded with a download link for a file named something like: heapdump-1746774321051.heapsnapshot

I downloaded the file, which turned out to be quite large. Since picoCTF flags are always in the format picoCTF{}, I decided to search the file for this pattern using the grep command:

cat heapdump-1746773498002.heapsnapshot | grep picoCTF

And we got the flag!

Flag: picoCTF{Pat!3nt_15_Th3_K3y_f1179e46}

📖 Want more CTF and OSINT writeups like this? Check out my Medium page here.