picoCTF Solutions
picoCTF 2022Web ExploitationMedium

Search source picoCTF 2022 Solution

Published: July 20, 2023

Description

A sprawling static site hides the flag somewhere in its source tree. Mirror the entire site and grep for picoCTF.

Setup

Visit portal

Use wget -r -np -k <url> to recursively download the entire site without traversing upward.

Run grep -R picoCTF inside the mirrored directory to locate the flag.

bash
wget -r -np -k http://saturn.picoctf.net:53295/
bash
cd saturn.picoctf.net:53295 && grep -R picoCTF
bash
grep -R picoCTF | cut -d ' ' -f3

Solution

Walk me through it
  1. Step 1Mirror everything
    wget -r -np -k recursively pulls down every linked file (-r), refuses to climb above the starting directory (-np = no-parent), and rewrites links inside the local copy so the mirror is browsable offline (-k). The result is the full /problem directory ready for offline grep.
    Learn more

    wget is a command-line tool for downloading files and mirroring websites. The flags used here: -r (recursive download), -np (no-parent, don't traverse above the starting URL), and -k(convert links for local browsing). Together they create a complete local copy of the site's directory tree.

    This technique is useful when a site has many pages or files - rather than clicking through each one manually, you download everything at once and analyze offline. In real-world web recon, httrack and Scrapy provide similar offline mirroring with more configuration options.

    Static sites (no server-side rendering) are particularly amenable to this approach because every file is directly accessible via HTTP. Dynamic sites (React, Next.js, PHP) may not expose source files directly, but their JavaScript bundles, CSS, and API responses can still contain sensitive data worth examining.

  2. Step 2Search recursively
    grep -R picoCTF recursively searches the mirrored tree and surfaces the file containing the flag. A second pass with grep -hoE 'picoCTF\{[^}]+\}' strips everything except the flag itself.

    A typical run looks like this:

    $ cd saturn.picoctf.net:53295
$ grep -R picoCTF
css/style.css:/* picoCTF{1nsp3ti0n_0f_w3bpag3s_8de9...} */

$ grep -RhoE 'picoCTF\{[^}]+\}' .
picoCTF{1nsp3ti0n_0f_w3bpag3s_8de9...}

    -h suppresses the file name, -o prints only the match, -E enables the extended regex.

    Learn more

    grep -R pattern directory performs a recursive content search through all files in a directory tree. It's one of the most powerful everyday tools for developers and security researchers alike. The -l flag shows only filenames; -n adds line numbers; -i makes the match case-insensitive.

    In CTF competitions, flags often appear in comments, JavaScript files, CSS, configuration files, or metadata - places that aren't rendered visibly in a browser. A broad recursive grep covers all of these simultaneously and is far faster than manually checking each page's view-source.

    For larger codebases or binary files, ripgrep (rg) is a faster modern alternative to grep. It respects .gitignore patterns, handles binary files gracefully, and produces colorized output by default. Both tools are essential for source code review and CTF challenges involving large file sets.

Flag

picoCTF{1nsp3ti0n_0f_w3bpag3s_8de9...}

When in doubt, mirror and grep-many web challenges boil down to hidden strings in source files.

Want more picoCTF 2022 writeups?

Browse picoCTF 2022Full library

Useful tools for Web Exploitation

Related reading

What to try next