WebDecode Pico CTF Walkthrough

Category- Web Exploitation

Reward- 50 points

In cyber security, it is important to have a deep knowledge of what you intend to secure. For instance, understanding how the web works, and what goes on behind the scenes can provide you with crucial insights on how to secure it.

How do you do this?

One effective way to do this is by using the 'Inspect' feature under More Tools > Developer tools in web browsers. With this developer toolset, you can easily analyze and explore the functionalities of a web page.

WebDecode is a super easy picoCTF challenge. Let's first go through the hints to figure out where to start.

Hint 1: Use the web inspector on other files included by the web page.

Hint 2: The flag may or may not be encoded.

Step 1: Click on the website link provided. The following home page will appear. On navigation, nothing really stands out.

You can navigate to the other sections.

Step 2: Right click on the page then scroll down to 'Inspect' A separate window will open as shown below:

Step 3: Go ahead to inspect the source code of each section. The home page does not seem to have anything suspicious, so we proceed to 'About'.

Step 4: On manually inspecting 'About' source code, we notice something. In the section class, there is this text:

<section class="about" notify_true="cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfZjZmNmI3OGF9">

Step 5: Remember our second hint? The flag may be or may not be encoded. So will assume this is encoded, and try to decode it.

We will then copy and paste the long string on Cyberchef as shown below:

(**CyberChef is a web tool that makes it easy to encode and decode data. You can use it to convert data into different formats)

Hooray! We just found our flag. Submit it and proceed to the next challenge!