PicoCTF - Secrets

Posted on 2023-06-26 | Post modified | In Security/Practice/PicoCTF/Web |

PicoCTF - Secrets

tags: `PicoCTF` `CTF` `Web`

Recon

Description: We have several pages hidden. Can you find the one with the flag?
Hint: folders folders folders

這一題也是蠻有趣的

Exploit - 通靈

首先看一下網頁的source code，沒什麼特別的地方，但有看到secret/assets/index.css，所以有一個route是secrets，試看看有甚麼東西
發現這樣的想法是對的，陸續看一下source code有甚麼其他route，就繼續加在URL就對了

Payload: view-source:http://saturn.picoctf.net:65352/secret/hidden/superhidden/ Flag: picoCTF{succ3ss_@h3n1c@10n_790d2615}

Reference

secrets | picoCTF 2022

Post author: SBK6401
Post link: https://bernie6401.github.io/security/practice/picoctf/web/2023/06/26/PicoCTF-Secrets/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.