📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points		Out of 500 total
⭐ Difficulty	🟢 Easy	Personal Rating: 0/10
👤 Author	LT ‘syreal’ Jones	Profile
🎮 Solves	55.676	solve rate
📅 Date	30-01-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

Can you get the flag?

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

Clicking the say hello button would open an alert that indicates the file containing the JavaScript script is not found on this page.

So, I decided to inspect the page source with CTRL + U:

As we can see here, two files are included: style.css and script.js. From the name of the challenge, the solution was quite intuitive. In fact, after trying to open the included files, I found the flag.

🎯 Solution Path

Exploitation Steps

Exploitation

The exploitation phase, being so simple, was explained directly in the section Initial Analysis.

Flag capture

🛠️ Exploitation Process

Approach

The exploit makes two requests: one to /style.css and the other to script.js. Using a regex, I extracted the flag from the response and assembled it.

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit
ChromeDevTools	Web Testing

💡 Key Learnings

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📊 Final Statistics

Created: 30-01-2025 • Last Modified: 30-01-2025 *Author: mH4ck3r0n3 • Team: *