picoCTF 2022 | Search Source Write-up

Challenge description

The developer of this website mistakenly left an important artifact in the website source, can you find it? The website is here

Category: Web Exploitation


The flag is located in a comment in the style.css file. You can get lucky while manually looking for it while inspecting the source.
But, the better solution is to clone the website and then look locally using more powerful search tools. I cloned the site with the wget -rpk command.
I initially found the flag using my text editor’s search function:

You can also accomplish the same thing using grep:

Just remember to include the -r option so grep looks recursively through your files

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: