PicoCTF-2021 Writeup
  • README
  • Binary Exploitation
    • Binary Gauntlet 0
    • Binary Gauntlet 1
    • Stonks
    • What's your input?
  • Cryptography
    • Compress and Attack
    • Dachshund Attacks
    • Double DES
    • Easy Peasy
    • It is my Birthday 2
    • It's Not My Fault 1
    • Mini RSA
    • New Caesar
    • New Vignere
    • No Padding, No Problem
    • Pixelated
    • Play Nice
    • Scrambled: RSA
  • Forensics
    • Disk, disk, sleuth!
    • Disk, disk, sleuth! II
    • information
    • MacroHard WeakEdge
    • Matryoshka doll
    • Milkslap
    • Surfing the Waves
    • Trivial Flag Transfer Protocol
    • tunn3l v1s10n
    • Very very very Hidden
    • Weird File
    • Wireshark doo dooo do doo...
    • Wireshark twoo twooo two twoo...
  • Reverse Engineering
    • ARMssembly 0
    • ARMssembly 2
    • ARMssembly 3
    • ARMssembly 4
    • gogo
    • Hurry up! Wait!
    • keygenme-py
    • Let's get dynamic
    • Rolling My Own
    • Shop
    • speeds and feeds
    • Transformation
  • Web Exploitation
    • Ancient History
    • Bithug
    • GET aHEAD
    • It is my Birthday
    • More Cookies
    • Most Cookies
    • Scavenger Hunt
    • Some Assembly Required 1
    • Some Assembly Required 2
    • Some Assembly Required 3
    • Some Assembly Required 4
    • Super Serial
    • Web Gauntlet 2
    • Web Gauntlet 3
    • Who are you?
    • X marks the spot
Powered by GitBook
On this page
  • Problem
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Web Exploitation

Scavenger Hunt

PreviousMost CookiesNextSome Assembly Required 1

Last updated 2 years ago

Was this helpful?

Problem

There is some interesting information hidden around this site . Can you find it?

Solution

These are the URLs that contain the flags:

  1. view-source:: <!-- Here's the first part of the flag: picoCTF{t -->

  2. : /* CSS makes the page look nice, and yes, it also has part of the flag. Here's part 2: h4ts_4_l0 */

  3. : /* How can I keep Google from indexing my website? */ so lets go to and find Part 3: t_0f_pl4c and well as I think this is an apache server... can you Access the next flag?

  4. : Part 4: 3s_2_lO0k and I love making websites on my Mac, I can Store a lot of information there.

  5. : Congrats! You completed the scavenger hunt. Part 5: _f7ce8828}

Flag

picoCTF{th4ts_4_l0t_0f_pl4c3s_2_lO0k_f7ce8828}

http://mercury.picoctf.net:39491/
http://mercury.picoctf.net:39491/
http://mercury.picoctf.net:39491/mycss.css
http://mercury.picoctf.net:39491/myjs.js
http://mercury.picoctf.net:39491/robots.txt
http://mercury.picoctf.net:39491/.htaccess
http://mercury.picoctf.net:39491/.DS_Store