# Search Source - picoCTF 2022 - CMU Cybersecurity Competition
Web Exploitation, 100 Points

## Description


## Search Source Solution

By browsing the [website](http://saturn.picoctf.net:56488/) from the challenge description we can see the following web page:


According to the challenge description, we can see that the developer mistakenly left an important artifact in the website source.

Let's download the web site files using ```wget```:
```console
┌─[evyatar@parrot]─[/pictoctf2022/web/search_source]
└──╼ $ wget \
--recursive \
--no-clobber \
--page-requisites \
--html-extension \
--convert-links \
--restrict-file-names=windows \
--domains website.org \
--no-parent \
http://saturn.picoctf.net:56488/

```

Now, we can use ```grep``` to find the flag:
```console
┌─[evyatar@parrot]─[/pictoctf2022/web/search_source]
└──╼ $ grep -r "picoCTF{" .
./style.css:/** banner_main picoCTF{1nsp3ti0n_0f_w3bpag3s_227d64bd} **/
```

And we get the flag ```picoCTF{1nsp3ti0n_0f_w3bpag3s_227d64bd}```.

Original writeup (https://github.com/evyatar9/Writeups/tree/master/CTFs/2022-picoCTF2022/Web_Exploitation/100-Search_Source).