<h2 id="heading-insp3ct0r-solution">Insp3ct0r Solution</h2>
This is the solution for <a target="_blank" href="https://play.picoctf.org/practice/challenge/18?category=1&amp;page=1">picoCTF's Insp3ct0r</a> web exploitation problem.
<img src="https://github.com/niccololampa/cyber-security-notes/assets/37615906/2ba36435-6ac5-404d-96f1-840cb3e4bc64" alt="Screenshot 2024-04-12 at 12 34 40 AM" />
This problem was taken from the picoCTF 2021 and the solution will be discussed below. So proceed with caution.
This one is fairly straightforward.
Opening the link we are redirected to a website showing the following:
<img src="https://github.com/niccololampa/cyber-security-notes/assets/37615906/17b6a8fe-6e1b-4a75-b50f-5b43d08bb01d" alt="Screenshot 2024-04-12 at 12 38 24 AM" />
Investigating the site we naturally look at the source code. Right click the page and left click View Page Source in the browser.
<img src="https://github.com/niccololampa/cyber-security-notes/assets/37615906/27657dd3-d8a4-4d9a-a197-9b24bc023615" alt="Screenshot 2024-04-12 at 12 39 28 AM" />
Here we find out that the html part has the first part of the flag. Flag 1/3: <code>picoCTF{tru3_d3</code>
<img src="https://github.com/niccololampa/cyber-security-notes/assets/37615906/e83445c0-ff02-463b-ab99-3e80b70dbdad" alt="Screenshot 2024-04-12 at 12 39 28 AM" />
Looking at the How tab of the website it mentions that it used html, css, js to create the site.
<img src="https://github.com/niccololampa/cyber-security-notes/assets/37615906/958d952f-2531-4a39-a907-bd01a9dd3c97" alt="Screenshot 2024-04-12 at 12 45 06 AM" />
We have seen the html part. Now let's look at the css part. Just open the <code>mycss.css</code> and <code>myjs.js</code> link in the source page we have opened before.
<img src="https://github.com/niccololampa/cyber-security-notes/assets/37615906/189fd0a5-35e7-47ff-8f41-bd5faab79d36" alt="Screenshot 2024-04-12 at 12 43 30 AM" />
The second part of the flag can be found at <code>mycss.css</code>. Flag 2/3: <code>t3ct1ve_0r_ju5t</code>
<img src="https://github.com/niccololampa/cyber-security-notes/assets/37615906/86099241-0adb-47b9-9bb9-394bc06da56d" alt="Screenshot 2024-04-12 at 12 47 30 AM" />
The last part of the flag can be found at <code>myjs.js</code>. Flag 3/3: <code>_lucky?f10be399}</code>
<img src="https://github.com/niccololampa/cyber-security-notes/assets/37615906/0c40ba91-7be1-4dd9-b9ff-f6bd190f0aeb" alt="Screenshot 2024-04-12 at 12 49 09 AM" />
Combining all the parts we get the full flag.
Flag: picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?f10be399}
Until next time. Keep learning.
Stay stoked and code. :)
<hr />
I hope you can voluntarily <a target="_blank" href="https://www.buymeacoffee.com/thedatalife">Buy Me A Coffee</a> if you found this article useful and give additional support for me to continue sharing more content for the community. :)
Thank you very much. :)

## Insp3ct0r Solution

This is the solution for [picoCTF's Insp3ct0r](https://play.picoctf.org/practice/challenge/18?category=1&page=1) web exploitation problem.

![Screenshot 2024-04-12 at 12 34 40 AM](https://github.com/niccololampa/cyber-security-notes/assets/37615906/2ba36435-6ac5-404d-96f1-840cb3e4bc64 align="left")

This problem was taken from the picoCTF 2021 and the solution will be discussed below. So proceed with caution.

This one is fairly straightforward.

Opening the link we are redirected to a website showing the following:

![Screenshot 2024-04-12 at 12 38 24 AM](https://github.com/niccololampa/cyber-security-notes/assets/37615906/17b6a8fe-6e1b-4a75-b50f-5b43d08bb01d align="left")

Investigating the site we naturally look at the source code. Right click the page and left click **View Page Source** in the browser.

![Screenshot 2024-04-12 at 12 39 28 AM](https://github.com/niccololampa/cyber-security-notes/assets/37615906/27657dd3-d8a4-4d9a-a197-9b24bc023615 align="left")

Here we find out that the html part has the first part of the flag. Flag 1/3: `picoCTF{tru3_d3`

![Screenshot 2024-04-12 at 12 39 28 AM](https://github.com/niccololampa/cyber-security-notes/assets/37615906/e83445c0-ff02-463b-ab99-3e80b70dbdad align="left")

Looking at the **How** tab of the website it mentions that it used html, css, js to create the site.

![Screenshot 2024-04-12 at 12 45 06 AM](https://github.com/niccololampa/cyber-security-notes/assets/37615906/958d952f-2531-4a39-a907-bd01a9dd3c97 align="left")

We have seen the html part. Now let's look at the css part. Just open the `mycss.css` and `myjs.js` link in the source page we have opened before.

![Screenshot 2024-04-12 at 12 43 30 AM](https://github.com/niccololampa/cyber-security-notes/assets/37615906/189fd0a5-35e7-47ff-8f41-bd5faab79d36 align="left")

The second part of the flag can be found at `mycss.css`. Flag 2/3: `t3ct1ve_0r_ju5t`

![Screenshot 2024-04-12 at 12 47 30 AM](https://github.com/niccololampa/cyber-security-notes/assets/37615906/86099241-0adb-47b9-9bb9-394bc06da56d align="left")

The last part of the flag can be found at `myjs.js`. Flag 3/3: `_lucky?f10be399}`

![Screenshot 2024-04-12 at 12 49 09 AM](https://github.com/niccololampa/cyber-security-notes/assets/37615906/0c40ba91-7be1-4dd9-b9ff-f6bd190f0aeb align="left")

Combining all the parts we get the full flag.

**Flag: picoCTF{tru3\_d3t3ct1ve\_0r\_ju5t\_lucky?f10be399}**

Until next time. Keep learning.

Stay stoked and code. :)

---

I hope you can voluntarily [Buy Me A Coffee](https://www.buymeacoffee.com/thedatalife) if you found this article useful and give additional support for me to continue sharing more content for the community. :)

**Thank you very much. :)**

picoCTF - Insp3ct0r Solution

Full stack developer who loves to code, hack and surf.
Created this blog to give back to the tech community that has given me so much.


The Data Life

The Data Life

picoCTF - Insp3ct0r Solution

Insp3ct0r Solution