Description
The Pachinko exhibit hides two separate artifacts; this page covers flag one. Explore the website, submit circuits until the curators finally acknowledge you, and capture the flag that appears in the success toast.
Launch the instance to obtain your personalized website URL and port.
Optionally pull the provided `server.tar.gz` to inspect the frontend code, although it is not required for flag one.
Browse to the site and locate the “Submit Circuit” interaction.
wget https://challenge-files.picoctf.net/c_activist_birds/7eac27979c12e4bd449f03e40a8492044221b7d2a96ac85f1150e30983c56eac/server.tar.gz
tar -xvf server.tar.gz
Solution
- Step 1Interact with the exhibitOpen the provided website in your browser (or via curl if you prefer) and start clicking the “Submit Circuit” button. Each submission logs a faux success response and occasionally rewards you with a special message.
- Step 2Watch the network tabEven if you close the toast notification too quickly, the Network panel shows every POST response. Look for the one where the JSON payload includes the picoCTF flag.
- Step 3Record flag oneOnce the pop-up finally includes `picoCTF{...}`, copy that value. That’s flag one for Pachinko. Flag two appears only in the follow-up challenge, Pachinko Revisited.
Flag
picoCTF{p4ch1nk0_f146_0n3_e947...}
There’s no trick. The site randomly decides when to hand you the flag, and keeping the browser devtools open prevents you from missing it.