Insp3ct0r | Mar 3, 2023

Introduction

Welcome to my another writeup! In this picoGym challenge, you’ll learn: Inspecting HTML! Without further ado, let’s dive in.

• Overall difficulty for me (From 1-10 stars): ★☆☆☆☆☆☆☆☆☆

Background

Author: zaratec/danny

Description

Kishor Balan tipped us off that the following code may need inspection:

https://jupiter.challenges.picoctf.org/problem/44924/ (link) or http://jupiter.challenges.picoctf.org:44924

Enumeration

Home page:

Pretty empty.

Let’s view source page:

[...]
  <head>
    <title>My First Website :)</title>
    <link href="https://fonts.googleapis.com/css?family=Open+Sans|Roboto" rel="stylesheet">
    <link rel="stylesheet" type="text/css" href="mycss.css">
    <script type="application/javascript" src="myjs.js"></script>
  </head>
[...]
	<!-- Html is neat. Anyways have 1/3 of the flag: picoCTF{tru3_d3 -->
[...]

In here, we found the first 3 parts of the flag: picoCTF{tru3_d3.

In the <head> element, we also see that there are 2 files are being imported: mycss.css, myjs.js.

mycss.css:

[...]
#tabintro { background-color: #ccc; }
#tababout { background-color: #ccc; }

/* You need CSS to make pretty pages. Here's part 2/3 of the flag: t3ct1ve_0r_ju5t */

myjs.js:

[...]
window.onload = function() {
    openTab('tabintro', this, '#222');
}

/* Javascript sure is neat. Anyways part 3/3 of the flag: _lucky?f10be399} */

We found all 3 parts!

• Flag: picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?f10be399}

What we’ve learned:

1. Inspecting HTML