Includes (picoCTF 24)

Challenge Author: LT ‘SYREAL’ JONES

Category: Web Exploitation

Difficulty: Easy

Description

Can you get the flag?

Process / Notes

  1. Start the challenge instance
  2. Details on the “include/copy/import” directive that contains a second file inserted into the first file
  3. Check the source
  4. There’s a button to say hello at the bottom
  5. Knowing to check the linked files in the source this time, checking the style.css…
  6. That contained half the flag!
  7. The script that looks like it gets run when you press the button had a comment containing the other half of the flag.

10 minutes 29 seconds to complete

Hints

Core Lessons

  1. Understand how to use the web inspector
  2. Understand how to examine embedded files