picoCTF Solutions
picoCTF 2023Web ExploitationMedium

findme

Published: April 26, 2023Updated: December 9, 2025

Description

The login form logs every request client-side. Capture the POST in the browser devtools to recover the Base64-encoded flag fragments.

Setup

Open the website, enter username test and password test!, and keep the Network tab open with “Preserve logs” enabled.

Copy the id parameters returned in the response; they are Base64 fragments of the flag.

id=cGlj...VzX2Fs
id=bF90aG...YmJhZTlhfQ==

Solution

  1. Step 1Capture the response
    After submitting the test credentials, two id values appear. Highlight them in the Network response pane.
  2. Step 2Decode and concatenate
    Base64-decode each id separately, then join the strings to form the complete picoCTF flag.

Flag

picoCTF{prox...bae9a}

The fragments must be concatenated before submitting.