Pico CTF head-dump

Description: In this challenge, you will explore a web application and find an endpoint that exposes a file containing a hidden flag.The application is a simple blog website where you can read articles about various topics, including an article about API Documentation. Your goal is to explore the application and find the endpoint that generates files holding the server’s memory, where a secret flag is hidden.

So as per the description says, we have to find the endpoint holding the server’s memory

Firstly I explored the website:

Its a blog website with some endpoints, but not got anything, but when I click on #API Documentation I got the Swagger UI Api Documentation Page of this website

Here I got the following API Endpoints:

Now I am interested in heapdump as it says diagnosing for memory allocation, so as swagger UI has option to test the enpoint I click on execute and endpoint gets executed in swagger environment and I got a file

After downloading file I just read it using cat command and used grep to find the flag among the file content