Pico CTF- Web exploitation walkthrough (1–5)

1. CTF-GET aHEAD

• Begin by opening the Capture The Flag (CTF) challenge.
• Click on the given link to access the specified content.
• Launch Burp Suite to prepare for the interception of network requests.

• Turn on the Intercept (in proxy option) in Burp suite
• Refresh the webpage to ensure the latest information is loaded.
• Within Burp Suite, capture the request associated with the refreshed page.
• click right and send the request to Repeater

In Burp Suite:

• Locate the captured request in the Proxy or Target tab.
• Right-click on the request and select “Change Request Method…”
• Choose “HEAD” as the new request method.
• After changing the request method to “HEAD” in Burp Suite, forward the modified request to the server.

2. CTF-Cookies

In your web browser

• Right-click on the element you want to inspect.
• Select “Inspect” from the context menu.

• Go to the “Application” tab.
• Select “Cookies” from the sidebar.
• Find the specific cookie with the value you want to change.
• Edit the cookie value from 1 to 18.
• Refresh the tab on the browser.

3. CTF Insp3ct0r

• Inspect an element and go to the “Sources” tab.
• Open “41511/” for the first flag.
• Look for “mycss.css” and “myjs.js” for the second and third files.

Combine information from files and the edited cookie to get the flag.

4. CTF- Scavenger Hunt

• Open Inspect Element.
• Navigate to the “Sources” tab.
• Open the “index” file for the first flag.
• Access “mycss.css” for the second file.
• Make a URL change: Add “/robots.txt”.

Result: You’ll obtain the third flag by making this modification in the URL.

5. CTF- Some Assembly Required 1

• Open Inspect Element.
• View the source code.
• Add the provided code and “.js” at the end of the URL.
• Press Enter.

Result: A new tab will open, revealing another vulnerability code. This tab will also display the flag.