Writeup in progress
Currently making the solution for noted and the walkthrough will be published here as soon as it's ready.
Check back soon - or follow our latest updates on the homepage- to be notified when the full writeup goes live.
noted
Published: July 20, 2023Updated: December 9, 2025
Want more picoCTF 2022 writeups?
Useful tools for Web Exploitation
- URL Encoder / DecoderEncode and decode URL-encoded (percent-encoded) strings. Useful for web exploitation challenges involving query parameters, form data, and HTTP headers.
- JWT DecoderDecode JSON Web Tokens and inspect the header, payload, and signature. Useful for web exploitation challenges.
- Base64 & Base32 DecoderDecode Base64 and Base32 strings with auto-detection. Multi-layer mode unwraps nested encodings automatically.
More Web Exploitation
- Web ExploitationEasy
Includes
The flag is split across the CSS and JS files referenced by the page. Inspect each asset in DevTools to find both halves.
- Web ExploitationEasy
Inspect HTML
The flag is embedded in the HTML source as a comment. View-source or use DevTools to read it instantly.
- Web ExploitationEasy
Local Authority
Credentials for a login portal are hidden in an ancillary JavaScript file. Inspect the assets to recover them.