PicoGym Web Exploitation Writeup | Insp3ct0r | Easy | PicoCTF

PicoGym Web Exploitation Writeup | Insp3ct0r | Easy | PicoCT

Originally posted on my Medium page.

In this challenge, we’re tasked with inspecting a piece of code that might contain a hidden flag. The hint in the description, “Kishor Balan tipped us off,” suggests that there could be something in the code itself that we’re supposed to uncover.

Description

Kishor Balan tipped us off that the following code may need inspection: https://jupiter.challenges.picoctf.org/problem/41511/ (link) or http://jupiter.challenges.picoctf.org:41511

We begin by clicking on the provided link, which redirects us to a webpage.

The page displays the message “Inspect Me,” suggesting that we need to inspect the page’s source code for clues. To view the source code, use the keyboard shortcut Ctrl + U (or right-click and select “View Page Source”).

Here, we find the first part of the flag:
picoCTF{tru3_d3 inside the HTML content.

The source code also links to two external files: mycss.css and myjs.js. Let’s investigate these files further for additional parts of the flag.

Examine mycss.css:
Opening the mycss.css file,

we find the second part of the flag:
t3ct1ve_0r_ju5t.

Examine myjs.js:
Finally, when we check the myjs.js file,

we discover the last part of the flag:
_lucky?832b0699}.

Putting all three parts together, we obtain the complete flag:
picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?832b0699}

📖 Want more CTF and OSINT writeups like this? Check out my Medium page here.