🌐 Secrets
A detailed write-up of the Web challenge 'Secrets' from PicoCTF - 2022
📊 Challenge Overview
Category Details Additional Info 🏆 Event picoGym Event Link 🔰 Category Web 🌐 💎 Points Out of 500 total ⭐ Difficulty 🟡 Medium Personal Rating: 0/10 👤 Author Geoffrey Njogu Profile 🎮 Solves (At the time of flag submission) 22.473 solve rate 📅 Date 07-02-2025 picoGym 🦾 Solved By mH4ck3r0n3 Team:
📝 Challenge Information
We have several pages hidden. Can you find the one with the flag?
🎯 Challenge Files & Infrastructure
Provided Files
1Files: None
🔍 Initial Analysis
First Steps
Initially, the website appears as follows:
Site Presentation inspecting the source code of the page, since there are no attached files, I found this:
Secret a route to
/secret/, trying to visit the page I found this:
Secret Page then I realized I had to keep going this way until the flag.
🎯 Solution Path
Exploitation Steps
Exploitation
Inspecting the secret page as well, I found this:
Hidden Visiting the route
/secret/hidden/, I found this:
Hidden Page And inspecting the hidden page, I found a route to
/secret/hidden/superhidden/:
Superhidden Visiting the page, I found the flag.
Flag capture
Manual Flag
🛠️ Exploitation Process
Approach
The automatic exploit makes a GET request to
/secret/hidden/superhidden/and extracts the flag from the response using a regex.
🚩 Flag Capture
Flag
Proof of Execution
Screenshot of successful exploitation Automated Flag
🔧 Tools Used
Tool Purpose Python Exploit ChromeDevTools Web Testing
💡 Key Learnings
Skills Improved
- Binary Exploitation
- Reverse Engineering
- Web Exploitation
- Cryptography
- Forensics
- OSINT
- Miscellaneous
📊 Final Statistics
| Metric | Value | Notes |
|---|---|---|
| Time to Solve | 00:01 | From start to flag |
| Global Ranking (At the time of flag submission) | Challenge ranking | |
| Points Earned | Team contribution |
Created: 07-02-2025 • Last Modified: 07-02-2025 *Author: mH4ck3r0n3 • Team: *