picoCTF Solutions
picoCTF 2022Web ExploitationMedium

Search source

Published: July 20, 2023

Description

A sprawling static site hides the flag somewhere in its source tree. Mirror the entire site and grep for picoCTF.

Setup

Visit portal

Use `wget -r -np -k <url>` to recursively download the entire site without traversing upward.

Run `grep -R picoCTF` inside the mirrored directory to locate the flag.

wget -r -np -k http://saturn.picoctf.net:53295/
cd saturn.picoctf.net:53295 && grep -R picoCTF
grep -R picoCTF | cut -d ' ' -f3

Solution

  1. Step 1Mirror everything
    `wget -r -np -k` preserves the /problem structure locally, letting you search without further HTTP requests.
    Learn more

    wget is a command-line tool for downloading files and mirroring websites. The flags used here: -r (recursive download), -np (no-parent, don't traverse above the starting URL), and -k(convert links for local browsing). Together they create a complete local copy of the site's directory tree.

    This technique is useful when a site has many pages or files - rather than clicking through each one manually, you download everything at once and analyze offline. In real-world web recon, httrack and Scrapy provide similar offline mirroring with more configuration options.

    Static sites (no server-side rendering) are particularly amenable to this approach because every file is directly accessible via HTTP. Dynamic sites (React, Next.js, PHP) may not expose source files directly, but their JavaScript bundles, CSS, and API responses can still contain sensitive data worth examining.

  2. Step 2Search recursively
    A simple `grep -R picoCTF` surfaces the file containing the flag; pipe the output to `cut` or another tool to isolate the token.
    Learn more

    grep -R pattern directory performs a recursive content search through all files in a directory tree. It's one of the most powerful everyday tools for developers and security researchers alike. The -l flag shows only filenames; -n adds line numbers; -i makes the match case-insensitive.

    In CTF competitions, flags often appear in comments, JavaScript files, CSS, configuration files, or metadata - places that aren't rendered visibly in a browser. A broad recursive grep covers all of these simultaneously and is far faster than manually checking each page's view-source.

    For larger codebases or binary files, ripgrep (rg) is a faster modern alternative to grep. It respects .gitignore patterns, handles binary files gracefully, and produces colorized output by default. Both tools are essential for source code review and CTF challenges involving large file sets.

Flag

picoCTF{1nsp3ti0n_0f_w3bpag3s_8de9...}

When in doubt, mirror and grep-many web challenges boil down to hidden strings in source files.

Want more picoCTF 2022 writeups?

Browse picoCTF 2022Full library

Useful tools for Web Exploitation

Related reading

What to try next