picoCTF Solutions
picoCTF 2024Web ExploitationEasy

WebDecode

Published: April 3, 2024Updated: December 9, 2025

Description

Do you know how to use the web inspector? Start searching here to find the flag

Setup

Browser only

Open the challenge URL in your browser and enable DevTools (Ctrl+Shift+I).

Navigate to the About section where the hint lives.

Solution

  1. Step 1Inspect the element
    Right-click the About header and choose Inspect. In the HTML you'll see an attribute named notify_true with a Base64 blob.
  2. Step 2Decode the blob
    Copy the string (for example cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfMDJjZGNiNTl9) into CyberChef (https://gchq.github.io/CyberChef/) or run base64 -d to reveal the flag.
    echo cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfMDJjZGNiNTl9 | base64 -d

Flag

picoCTF{web_succ3ssfully_d3c0ded_02c...}

Decoding the notify_true attribute reveals the flag above.