picoCTF Solutions
picoCTF 2023Web ExploitationMedium

MatchTheRegex

Published: April 26, 2023Updated: December 9, 2025

Description

A simple login form only checks whether your input matches a hidden regular expression. View-source reveals the required pattern.

Setup

Open the challenge site in your browser.

Inspect the HTML source to find the developer comment showing the regex skeleton.

View-source → look for // ^p.....F!?

Solution

  1. Step 1Derive the pattern
    The comment ^p.....F!? indicates any string starting with p and ending with F or F?! with six total letters. Try picoCTF!.
  2. Step 2Submit picoCTF!
    Entering picoCTF! (or picoCTF!? as hinted) passes the regex and displays the flag.

Flag

picoCTF{succ3s...ad436ed}

Any string that satisfies the secret regex unlocks the flag; picoCTF! works fine.