🌐 MatchTheRegex

A detailed write-up of the Web challenge 'MatchTheRegex' from PicoCTF - 2023

mH4ck3r0n3 Ethical Hacking/CTFs/Jeopardy/PicoGym/PicoCTF-2023/Web

01/03/2025 400 words 2 minutes

Contents

/images/PicoGym/PicoCTF-2023/MatchTheRegex/challenge_presentation.png — Challenge Presentation

📊 Challenge Overview

Category Details Additional Info

🏆 Event PicoGym Event Link

🔰 Category Web 🌐

💎 Points Out of 500 total

⭐ Difficulty 🟡 Medium Personal Rating: 0/10

👤 Author Sunday Jacob Nwanyim Description Profile

🎮 Solves (At the time of flag submission) 18.572 solve rate

📅 Date 12-02-2025 PicoGym

🦾 Solved By mH4ck3r0n3 Team:

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points		Out of 500 total
⭐ Difficulty	🟡 Medium	Personal Rating: 0/10
👤 Author	Sunday Jacob Nwanyim Description	Profile
🎮 Solves (At the time of flag submission)	18.572	solve rate
📅 Date	12-02-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

How about trying to match a regular expression

🎯 Challenge Files & Infrastructure

Provided Files

1

Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

Site Presentation

While inspecting the page source, I found the function send_request():

Page Source

This function makes a request to /flag, sending a parameter input=... (which is the parameter seen in the input box from the image Site Presentation) and extracts the response (which will be the flag, inserting it into an alert). There’s also a comment:
1
// ^p.....F!?  
I think it’s pretty clear… Let’s move on to the exploitation.

🎯 Solution Path

Exploitation Steps

Initial setup

In this challenge, we need to match a regex. A regular expression (often abbreviated as regexp, regex, or RE) is a sequence of symbols (a string) that defines a set of strings. Let’s move on to the next phase.

Exploitation

The pattern from the comment seems to resemble the format of picoCTF flags. In fact, by entering picoCTF in the input box, it will match the regex and return the flag in an alert(). As we can see, by using https://regex101.com/ (a useful online tool to analyze regex), inserting the regex from the comment and typing picoCTF in the section below, we get a match:

Regex 101

Flag capture

Manual Flag

🛠️ Exploitation Process

Approach

The exploit simply sends a GET request to /flag?input=picoCTF and extracts the flag from the response using a regex.

Exploit

🚩 Flag Capture

Flag

Proof of Execution

Automated Flag

Screenshot of successful exploitation

🔧 Tools Used

Tool Purpose

Python Exploit

ChromeDevTools Web Testing

Regex 101 Regex Testing

Tool	Purpose
Python	Exploit
ChromeDevTools	Web Testing
Regex 101	Regex Testing

💡 Key Learnings

Skills Improved

Binary Exploitation

Reverse Engineering

Web Exploitation

Cryptography

Forensics

OSINT

Miscellaneous

📚 References & Resources

Learning Resources

https://en.wikipedia.org/wiki/Regular_expression

https://regex101.com/ (useful tool for parsing regexes)

📊 Final Statistics

Metric	Value	Notes
Time to Solve	00:00	From start to flag
Global Ranking (At the time of flag submission)		Challenge ranking
Points Earned		Team contribution

Created: 12-02-2025 • Last Modified: 12-02-2025 *Author: mH4ck3r0n3 • Team: *