PicoCTF 2014 Write-ups

No Comment - 20 (Web Exploitation)

Writeup by evantey14

Created: 2014-11-07 17:26:27

Last modified: 2014-11-09 23:28:11


The CD you find has a copy of your father's website: homepage.html. Maybe something is hidden in the site...


You may want to use your browser to view the source of the web page.



Look through the page source for the flag.


In most browsers, you can view a page's HTML source code in Chrome or Firefox by pressing Ctrl+U . When we do this on homepage.html, we see

        <title>Dr. Claudio Drake's Personal Website</title>
            <div style="width: 500px">
                <h1>Dr. Claudio Drake</h1>
                <img src="/problem-static/web/no-comment/me.png">
                    I am a roboticist with a Doctorate Degree in Robotics. My primary interests are in developing new medical robotics to help doctors
better perform surgery on high risk patients.
                <!-- In case you forget, the password for this site is: flag_0f8f56a526f63a2af0bce82d11b94081fecaaced -->

In the HTML comment, we see our flag. HTML comments are not rendered to the screen, but still exist in the source code.