PicoGym Web Exploitation Writeup | Includes | Easy | PicoCTF
easy ctf picoctf web easy-web easy-picoctf-web easy-picoctf picoctf-web
PicoGym Web Exploitation Writeup | Includes | Easy | PicoCTF
Originally posted on my Medium page.
In this challenge, we’re asked to visit a website and uncover a hidden flag. The challenge title “Includes” hints that the flag might be placed inside an included external file like a JavaScript or CSS file linked to the webpage.
Our goal is to explore the website, check the included resources, and see if any of them contain the hidden flag. Let’s dive in and track it down!
After clicking on the Launch Instance button, we are given a link to a website. Let’s click on the link to see what’s on the page.
There’s a simple paragraph along with a Say Hello button.
Let’s view the page source by pressing Ctrl+U.
In the source code, we can see two included files:
- style.css
- script.js
First, let’s check style.css.
It displays a part of the flag as a comment.
Next, open script.js.
It contains the second part of the flag, completing it.
Combining the two parts, we get the full flag.
The flag is: picoCTF{1nclu51v17y_1of2_f7w_2of2_df589022}
📖 Want more CTF and OSINT writeups like this? Check out my Medium page here.