📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points		Out of 500 total
⭐ Difficulty	🟢 Easy	Personal Rating: 1/10
👤 Author	Nana Ama Atombo-Sackey	Profile
🎮 Solves	49.252	solve rate
📅 Date	28-01-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

Do you know how to use the web inspector? Additional details will be available after launching your challenge instance.

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

By navigating the website through the navbar and visiting the About page, I obtained this:

As the website itself suggested, I inspected the page using ChromeDevTools and found a strange Base64 string:

🎯 Solution Path

Exploitation Steps

Initial setup

Once the Base64 string was found, the exploit was solely based on decoding it.

Exploitation

I decoded it directly using bash, with the base64 command combined with echo:

1	echo cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfMTBmOTM3NmZ9 | base64 -d; echo "\n"

Flag capture

🛠️ Exploitation Process

Approach

The exploit makes a request to the page and uses bs4 to extract the flag in Base64, then decodes it and prints it.

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit

💡 Key Learnings

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📊 Final Statistics

Created: 28-01-2025 • Last Modified: 28-01-2025 *Author: mH4ck3r0n3 • Team: *