Rating:

# Secrets - picoCTF 2022 - CMU Cybersecurity Competition
Web Exploitation, 200 Points

## Description

![‏‏info.JPG](images/info.JPG)

## Secrets Solution

By browsing the [website](http://saturn.picoctf.net:53295/) from the challenge description we can see the following web page:

![webpage.JPG](images/webpage.JPG)

By observing the source code we can see the following:
```html

<html>
<head>
<meta charset="UTF-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1, shrink-to-fit=no"
/>
<meta name="description" content="" />

<link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet" />

<title>home</title>

<link href="secret/assets/index.css" rel="stylesheet" />
</head>
<body>

<div class="topnav">
Home
About
Contact
</div>

<div class="imgcontainer">

<div class="top-left">
<h1>If security wasn't your job, would you do it as a hobby?</h1>
</div>
</div>
</body>
</html>

```

We can see the ```secret/``` path, Let's observe it [http://saturn.picoctf.net:54925/secret/](http://saturn.picoctf.net:54925/secret/):

![secret.JPG](images/secret.JPG)

By observing the source code we can see:
```html

<html>
<head>
<title></title>
<link rel="stylesheet" href="hidden/file.css" />
</head>

<body>
<h1>Finally. You almost found me. you are doing well</h1>

</body>
</html>

```

We can see the path ```hidden/```, Let's observe it [http://saturn.picoctf.net:54925/secret/hidden/](http://saturn.picoctf.net:54925/secret/hidden/):

![hidden.JPG](images/hidden.JPG)

By observing the source code again we can see:
```html

<html>
<head>
<title>LOGIN</title>

<link href="superhidden/login.css" rel="stylesheet" />
</head>
<body>
<form>
<div class="container">
<form method="" action="/secret/assets/popup.js">
<div class="row">
<h2 style="text-align: center">
Login with Social Media or Manually
</h2>
<div class="vl">
<span>or</span>
</div>

<div class="col">

Login with Facebook


Login with Twitter


Login with Google+

</div>

<div class="col">
<div class="hide-md-lg">

Or sign in manually:


</div>

<input
type="text"
name="username"
placeholder="Username"
required
/>
<input
type="password"
name="password"
placeholder="Password"
required
/>
<input type="hidden" name="db" value="superhidden/xdfgwd.html" />

<input
type="submit"
value="Login"
onclick="alert('Thank you for the attempt but oops! try harder. better luck next time')"
/>
</div>
</div>
</form>
</div>

<div class="bottom-container">
<div class="row">
<div class="col">
Sign up
</div>
<div class="col">
Forgot password?
</div>
</div>
</div>
</form>
</body>
</html>
```

And now we can see the path ```superhidden/```, Let's observe it [http://saturn.picoctf.net:54925/secret/hidden/superhidden/](http://saturn.picoctf.net:54925/secret/hidden/superhidden/):

![superhidden.JPG](images/superhidden.JPG)

And finally we found the flag ```picoCTF{succ3ss_@h3n1c@10n_34327aaf}``` on the source code:
```html

<html>
<head>
<title></title>
<link rel="stylesheet" href="mycss.css" />
</head>

<body>
<h1>Finally. You found me. But can you see me</h1>
<h3 class="flag">picoCTF{succ3ss_@h3n1c@10n_34327aaf}</h3>
</body>
</html>

```

Original writeup (https://github.com/evyatar9/Writeups/tree/master/CTFs/2022-picoCTF2022/Web_Exploitation/200-Secrets).