Pico CTF head-dump


Description: In this challenge, you will explore a web application and find an endpoint that exposes a file containing a hidden flag.The application is a simple blog website where you can read articles about various topics, including an article about API Documentation. Your goal is to explore the application and find the endpoint that generates files holding the server’s memory, where a secret flag is hidden.
So as per the description says, we have to find the endpoint holding the server’s memory
Firstly I explored the website:
Its a blog website with some endpoints, but not got anything, but when I click on #API Documentation I got the Swagger UI Api Documentation Page of this website
Here I got the following API Endpoints:
Now I am interested in heapdump as it says diagnosing for memory allocation, so as swagger UI has option to test the enpoint I click on execute and endpoint gets executed in swagger environment and I got a file
After downloading file I just read it using cat command and used grep to find the flag among the file content
Subscribe to my newsletter
Read articles from Furkan Sayyed directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
