📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points		Out of 500 total
⭐ Difficulty	🟢 Easy	Personal Rating: 0/10
👤 Author	zaratec/danny	Profile
🎮 Solves	128.252	solve rate
📅 Date	30-01-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

Kishor Balan tipped us off that the following code may need inspection: https://jupiter.challenges.picoctf.org/problem/41511/ (link) or http://jupiter.challenges.picoctf.org:41511

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

By inspecting the page source, I found the first part of the flag. Let’s move on to the exploitation.

🎯 Solution Path

Exploitation Steps

Exploitation

The exploitation wasn’t difficult. I tried accessing the files included in the page, starting with mycss.css, where I found the second part of the flag. Then, I tried myjs.js and found the third and final part. Putting all three parts together, I assembled the complete flag.

Flag capture

🛠️ Exploitation Process

Approach

The exploit makes GET requests to the pages /, mycss.css, and myjs.js, extracting the flag pieces from the response using a regex, and then assembles the complete flag.

•  Exploit

🚩 Flag Capture

Flag

picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?832b0699}

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit
ChromeDevTools	Web Testing

💡 Key Learnings

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📊 Final Statistics

Created: 30-01-2025 • Last Modified: 30-01-2025 *Author: mH4ck3r0n3 • Team: *