picoCTF Solutions
picoCTF 2022Web ExploitationMedium

Search source

Published: July 20, 2023Updated: December 9, 2025

Description

A sprawling static site hides the flag somewhere in its source tree. Mirror the entire site and grep for picoCTF.

Setup

Visit portal

Use `wget -r -np -k <url>` to recursively download the entire site without traversing upward.

Run `grep -R picoCTF` inside the mirrored directory to locate the flag.

wget -r -np -k http://saturn.picoctf.net:53295/
cd saturn.picoctf.net:53295 && grep -R picoCTF
grep -R picoCTF | cut -d ' ' -f3

Solution

  1. Step 1Mirror everything
    `wget -r -np -k` preserves the /problem structure locally, letting you search without further HTTP requests.
  2. Step 2Search recursively
    A simple `grep -R picoCTF` surfaces the file containing the flag; pipe the output to `cut` or another tool to isolate the token.

Flag

picoCTF{1nsp3ti0n_0f_w3bpag3s_8de9...}

When in doubt, mirror and grep-many web challenges boil down to hidden strings in source files.