WebDecode
Name: WebDecode Description: Do you know how to use the web inspector? Start searching here to find the flag Author: Nana Ama Atombo-Sackey Tags: Easy, Web Exploitation, picoCTF 2024, browser_webshell_solvable Challenge from: picoCTF 2024 Hints: 1. Use the web inspector on other files included by the web page. 2. The flag may or may not be encoded
Theory
According to the description, to get the flag we have to search through a website or something. So let's go to the website and see what we can look for.
Solution
So we'll open the website:
Hmm, they're saying the flag is not here, and keep looking for it. Let's see the about page at the top there:
Alright, so the page tells us that the flag is here somewhere in the code, let's go to the Ctrl+U or view source:
This code may look normal to you, but if you look closely, there is a Base64 string inside a notify thing of the html. So let's decode it with the website I always use:
BASE64 DECODE (Base64Decode.com)
INPUT: cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfMDJjZGNiNTl9
OUTPUT: picoCTF{web_succ3ssfully_d3c0ded_02cdcb59}
There we go! That's the flag.
I rated this level as "good"! :3
https://play.picoctf.org/practice/challenge/427