Web Decode | picoCTF

 Hello guys! Today, I’m diving into a PicoCTF challenge called Web Decode. Let’s see how we can crack this one and learn something cool along the way. Stay tuned!




Hints:

1. Use the web inspector on other files included by the web page.

2. The flag may or may not be encoded


Challenge link: https://play.picoctf.org/practice/challenge/427


Solution :

Manually investigate the web site :

Browse to the web site and you will see a web page with the message "Ha!!!!!! You looking for a flag?".

On the page, right-click and select 'View page source' (or press CTRL + U) to get the HTML-source of the page



Nope, nothing interesting here apart from several messages telling us to keep searching...

But there are more pages, like the about.html page which contains


Theline<sectionclass="about" notify_true="cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfMWY4MzI2MTV9"> looks interesting.
It seems to contain the flag in encoded form.

Get the flag
There are no padding characters (=) at the end but the string looks like it could be base64-encoded.
We can decode it with the builtin linux tool base64 like this


OR :




                          Send Flag :  picoCTF{web_succ3ssfully_d3c0ded_02cdcb59}




Subscribe to receive free email updates:

0 Response to "Web Decode | picoCTF"

Posting Komentar