Category — Web Exploitation
Level — Easy
Challenge URL — picoCTF — picoGym Challenges
Welcome! It is time to look at the Challenge “WebDecode” on picoCTF. I am making these walkthroughs to keep myself motivated to learn cyber security and ensure that I remember the knowledge gained by playing picoCTF Challenges.
Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.
About Challenge — The challenge is an easy Web Exploitation challenge. Let’s start!
Let’s start! Launch Instance.
The website for the challenge.
I know that the challenge involves using inspect tab. This means that it is likely that we are supposed to find the flag hidden in the code of the website. Thus, I used the search tool on the website and searched for the flag.
See the contents of the home page.
http://titan.picoctf.net:60923/index.htmlI didn’t get anything useful in main PAGE.
Check Other pages, we have other 2 page.
See the contents of the about page.
http://titan.picoctf.net:60923/about.html
On the About page, it seems that they say we will find the flag here! But I tried using the search tool which didn’t help! Let’s now manually check the code and see if we can get anything useful!
Ok! We found Base64 Cipher in view-source.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<meta content="IE=edge" http-equiv="X-UA-Compatible"/>
<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
<link href="style.css" rel="stylesheet"/>
<link href="img/favicon.png" rel="shortcut icon" type="image/x-icon"/>
<!-- font (google) -->
<link href="https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap" rel="stylesheet"/>
<title>
About me
</title>
</head>
<body>
<header>
<nav>
<div class="logo-container">
<a href="index.html">
<img alt="logo" src="img/binding_dark.gif"/>
</a>
</div>
<div class="navigation-container">
<ul>
<li>
<a href="index.html">
Home
</a>
</li>
<li>
<a href="about.html">
About
</a>
</li>
<li>
<a href="contact.html">
Contact
</a>
</li>
</ul>
</div>
</nav>
</header>
<section class="about" notify_true="cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfZGYwZGE3Mjd9">
<h1>
Try inspecting the page!! You might find it there
</h1>
<!-- .about-container -->
</section>
<!-- .about -->
<section class="why">
<footer>
<div class="bottombar">
Copyright © 2023 Your_Name. All rights reserved.
</div>
</footer>
</section>
</body>
</html>Ok!!! Let’s try to crack the cipher.
cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfZGYwZGE3Mjd9In the last line we can see that we have some Base64 Cipher. Let’s try to decode them using CyberChef.
picoCTF{web_succ3ssfully_d3c0ded_df0da727}I hope you enjoyed this writeup! Happy Hacking :)
Follow me on below Social Media:
- LinkedIn: Reju Kole
2. Instagram: reju.kole.9
3. Respect me On HackTheBox! : W40X
4. Check My TryHackMe Profile : TryHackMe | W40X
5. Twitter | X : @Mr_W40X
6. GitHub : W40X | Reju Kole | Security Researcher
in case you need any help feel free to message me on my social media handles.
