📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points		Out of 500 total
⭐ Difficulty	🟡 Medium	Personal Rating: 0/10
👤 Author	Mubarak Mikail	Profile
🎮 Solves (At the time of flag submission)	32.246	solve rate
📅 Date	13-02-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

The developer of this website mistakenly left an important artifact in the website source, can you find it?

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

As per the challenge title Search source, I decided to inspect the page source (CTRL+U):

Then, by searching for picoCTF using CTRL+F, as we can see, I didn’t find anything. So, I decided to also inspect the included files, such as the css files.

🎯 Solution Path

Exploitation Steps

Initial setup

I started inspecting the various files, in order, even though it probably wasn’t necessary for the first two, as the first one is for bootstrap, but it’s always better to check.

Exploitation

By inspecting the file /css/style.css and searching for picoCTF on the page, I found the flag.

Flag capture

🛠️ Exploitation Process

Approach

The automatic exploit simply makes a GET request to /css/style.css and extracts the flag using a regex.

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit
ChromeDevTools	Web Testing

💡 Key Learnings

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📊 Final Statistics

Created: 13-02-2025 • Last Modified: 13-02-2025 *Author: mH4ck3r0n3 • Team: *