🏳️
Bag of Flags
  • Home
  • 2023
    • 🅿️picoCTF 2023
      • money-ware
      • repetitions
      • two-sum
      • ReadMyCert
      • rotation
      • hideme
      • PcapPoisoning
      • who is it
      • Reverse
      • timer
      • Safe Opener 2
      • findme
      • MatchTheRegex
      • SOAP
    • 🐦magpieCTF 2023
      • Space Plan
      • Space Exploration
      • So Meta
      • There is no flag
      • Momma says to play fair
      • Rubis
      • What is the password?
      • Eavesdropper
      • Shredded
      • Missing Flag
      • This outta be large enough right?
      • No Password Here
      • Chocolate Chips with Zero-G
      • Education Comes First
    • 🌴ISSessions CTF 2023
      • Basic Permissions
      • Crack Me
      • File Detective
      • Word Vomit
      • Fileception
      • Coding Time
      • Ghost File
      • CryptoTools1
      • CryptoTools2
      • 1337
      • ROT++
      • RunedMyDay
      • RSA_2
      • The Man Who Sold the World
      • VaultChallenge
      • Lost Media
      • Decontamination
      • Decade Capsule
      • Password in A Haystack
  • 2022
    • 🏁UW CTF S22
      • 0s and 1s
      • simple image
      • Helikopter
      • Meow
      • Google Form
      • Strings, literally
      • WASM
      • Audio
      • Pwn0
      • YATD
      • steg
      • Passwords
      • Vitalik
  • Practice
    • 🧠CryptoHack
      • Introduction
        • Finding Flags
        • Great Snakes
      • General
        • ASCII
        • Hex
        • Base64
        • Bytes and Big Integers
        • XOR Starter
        • XOR Properties
        • Favourite byte
        • You either know, XOR you don't
        • Greatest Common Divisor
Powered by GitBook
On this page
  • Description
  • Hints
  • Searching Hard
  • Flag
  1. 2023
  2. picoCTF 2023

findme

PreviousSafe Opener 2NextMatchTheRegex

Last updated 2 years ago

Description

Help us test the form by submiting the username as test and password as test!

Hints

1

any redirections?

Searching Hard

The website has two fields for username and password

As directed in the question, we try username test and password test!

Note that trying anything else leads you to a prompt try username:test and password:test!

We get sent to the /home page, but wait! Was it just me, or did the URL flash a bit when we came here? That means there was some sort of redirection

Using the Network tab we find that there were two redirections

  • /next-page/id=cGljb0NURntwcm94aWVzX2Fs

  • /next-page/id=bF90aGVfd2F5XzI1YmJhZTlhfQ==

These appear to be base64 encoded strings, however both look a bit short. So let's concatenate the two and decrypt cGljb0NURntwcm94aWVzX2FsbF90aGVfd2F5XzI1YmJhZTlhfQ== to get the flag

Flag

picoCTF{proxies_all_the_way_25bbae9a}

🅿️