picoCTF Web Exploitation Guide

here's how to solve Insp3ct0r

Back to the Web Exploitation Guides

Insp3ct0r

Name: Insp3ct0r
Description: Kishor Balan tipped us off that the following code may need inspection: https://jupiter.challenges.picoctf.org/problem/41511/ (link) or http://jupiter.challenges.picoctf.org:41511
Author: zaratec/danny
Tags: Easy, Web Exploitation, picoCTF 2019
Challenge from: picoCTF 2019
Hints:
1. How do you inspect web code on a browser?
2. There's 3 parts

Theory

According to the description, to get the flag we have to find the flag somewhere around the website we're given. So let's go to this website and see something like view source.

Solution

So we'll open the website in the view source, accessible by pressing Ctrl+U:

So yeah, that's the first part of the flag, let's see, there's two other links, a style, and javascript files, let's go to the style file and see if there's something interesting in there:

...

#tabintro { background-color: #ccc; }
#tababout { background-color: #ccc; }

/* You need CSS to make pretty pages. Here's part 2/3 of the flag: t3ct1ve_0r_ju5t */

Yup that's the second part, now let's go to that javascript file and see if the last part is there:

...
                
window.onload = function() {
    openTab('tabintro', this, '#222');
}

/* Javascript sure is neat. Anyways part 3/3 of the flag: _lucky?832b0699} */

And if we join all the three parts:

picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?832b0699}

There we go! That's the flag.

I rated this level as "good"! :3

https://play.picoctf.org/practice/challenge/18

Explore My Website