We have several pages hidden. Can you find the one with the flag? The website is running here.
Category: Web Exploitation
I felt like I took way more time solving this than I should have, but perhaps I needed a refreshed mind to think efficiently.
Regardless, the first step is always the same, let’s inspect the site’s source using
Ctrl + U.
Going to http://saturn.picoctf.net:49810/secret directly doesn’t seem to work. However, http://saturn.picoctf.net:49810/secret/index.html does. Inspecting this page provides us with the next clue:
Repeating the last steps, and inspecting the source of http://saturn.picoctf.net:49810/secret/hidden/index.html gives us
And again we go, reaching the flag with this last repetition: