picoCTF Solutions
picoCTF 2024Web ExploitationEasy

Unminify

Published: April 3, 2024Updated: December 9, 2025

Description

I don't like scrolling down to read the code of my website, so I've squished it. As a bonus, my pages load faster! Browse here, and find the flag!

Setup

View-source

Browse to the provided URL (http://titan.picoctf.net:54777/) and open DevTools.

Alternatively, fetch the HTML with curl and search for picoCTF{.

Solution

  1. Step 1Inspect the DOM
    In DevTools, right-click the body and choose "Expand recursively". Scroll until you spot the picoCTF{...} string.
  2. Step 2One-liner option
    Use curl -s URL | grep -oE 'picoCTF{.*}' to print only the flag, even though the HTML is minified.
    curl -s http://titan.picoctf.net:54777/ | grep -oE 'picoCTF{.*}' --color=none | cut -d "\"" -f1

Flag

picoCTF{pr3tty_c0d3_743...}

Even minified HTML can't hide a plaintext flag.