picoCTF Solutions
picoCTF 2022Web ExploitationMedium

Secrets

Published: July 20, 2023Updated: December 9, 2025

Description

Multiple nested directories hide the real flag page. Mirror the site or manually enumerate `/secret/hidden/superhidden/` until you discover the correct HTML.

Setup

Visit site

Recursively download the site (`wget -m http://saturn.picoctf.net:53932/`) or probe the directories manually.

Follow the hints (`/secret`, `/secret/hidden`, `/secret/hidden/superhidden`) until you land on the flag page.

wget -m http://saturn.picoctf.net:53932/
curl -s http://saturn.picoctf.net:53932/secret/hidden/superhidden/
grep -oE "picoCTF\{.*?\}" --color=none

Solution

  1. Step 1Mirror or crawl
    Using `wget -m` pulls down every referenced directory so you can explore offline. Alternatively, use curl to fetch each nested folder live.
  2. Step 2Extract the flag
    Once you reach `/secret/hidden/superhidden/`, grep the returned HTML for `picoCTF{...}`.

Flag

picoCTF{succ3ss_@h3n1c@10n_51b2...}

robots.txt or site mirroring often reveals “hidden” directories with ease.