Challenge Overview
Can you get the flag?
Go to this website and see what you can discover.
Solution
In the page source you can see the login post request is using "login.php" file.
However in the sources tab it is not listed.
So I just went to http://saturn.picoctf.net:64710/login.php and now files appeared in the source.
In the login.php you can see some filtering and a hash but neither of these things help with logging in. But if you look at another file in the sources tab and shown at the top of the login.php code:
You can see a file called "secure.js".
This file justs shows that user and password in plaintext. So I now went back to the orginal path of the website with the given credentials. This directed me to http://saturn.picoctf.net:64710/admin.php where the flag was located.
Flag: picoCTF{j5_15_7r4n5p4r3n7_b0c...}