Author: Mubarak Mikail
The flag is somewhere on this web application not necessarily on the website. Find it.
Check this out.
None
If we visit the website we can have a look through all the stuff. A first point should be the /robots.txt file.
Here we see some symbols at the bottom directly above Disallow: /wp-admin/. The middle part seems like it's Base64 encoded and if we decode it it says js/myfile.txt.
If we visit that file we have the flag. The interesting part in this challenge is that the flag is not really on the web application, so a website mirror and
grep -rw 'path' -e 'picoCTF'does not work here, as the /js/myfile.txt is not mirrored.
Show flag
picoCTF{Who_D03sN7_L1k5_90B0T5_87ccf72a}