picoCTF 2022 | Secrets Write-up

Challenge description

We have several pages hidden. Can you find the one with the flag? The website is running here.

Category: Web Exploitation


I felt like I took way more time solving this than I should have, but perhaps I needed a refreshed mind to think efficiently.

Regardless, the first step is always the same, let’s inspect the site’s source using Ctrl + U.

This suggests there is a /secret directory on the website.

Going to http://saturn.picoctf.net:49810/secret directly doesn’t seem to work. However, http://saturn.picoctf.net:49810/secret/index.html does. Inspecting this page provides us with the next clue:

Again, this suggests another folder within, /hidden

Repeating the last steps, and inspecting the source of http://saturn.picoctf.net:49810/secret/hidden/index.html gives us

And again we go, reaching the flag with this last repetition:


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: