Contact CTF writeups Notes

[PicoCTF 2018] - web - Inspect Me

This is one of my writeups for PicoCTF 2018

Problem

Inpect this code! http://2018shell3.picoctf.com:56252/

Hints :

  1. How do you inspect a website's code on a browser?
  2. Check all the website code.

Solution

This exercise was a very straightforward warmup : the flag was split in three parts (well, two in my case) and put in comments in three different source files on the site :

Index

view source on the index page showed the following HTML comment :

<!-- I learned HTML! Here's part 1/3 of the flag: picoCTF{ur_4_real_1nspe -->

We can also see that a script and a stylesheet are loaded :

<link rel="stylesheet" type="text/css" href="mycss.css">
<script type="application/javascript" src="myjs.js"></script>

Stylesheet

If we examine the stylesheet, we can see that in ends with a CSS comment :

/* I learned CSS! Here's part 2/3 of the flag: ct0r_g4dget_9dd3b33c} */

Script

Similarly, the myjs.js ends with the following comment :

/* I learned JavaScript! Here's part 3/3 of the flag:  */

So if we concatenate the three parts, we get the flag : picoCTF{ur_4_real_1nspect0r_g4dget_9dd3b33c}