PicoCTF 2018 Walkthrough – Inspect Me

Category: Web Exploitation

Points: 125


Inpect this code! http://2018shell.picoctf.com:56252 (link)


  • How do you inspect a website’s code on a browser?
  • Check all the website code.


In this problem ‘Inspect Me’, you need to find the key or flags in the source files of the website provided. For that, you need to have basic knowledge of basic components which make the website i.e HTML, CSS and JavaScript. 

You can find resources to learn them all over the internet but the best place to do so in my opinion is W3School and FreeCodeCamp. This problem does not require a vast amount of knowledge about them but the basics. 

The hint suggests that we have to look for the website’s code in the browser. Different browsers have different shortcuts to do the same. For Firefox and Chrome, you can use Ctrl+Shift+I to see the source code of the page which you are looking currently.

First, you need to open the link provided in the question and then use the shortcut to look at its source code.

When using Chrome

 For Chrome the source code will look like this 

You need to go to the sources tab to look for the source files used for the website which will look something like this:

It clearly has 3 files- index, mycss and myjs. Look into the file one by one and you will find that there is a flag which is separated and stored in 3 files in the comments. The 3 files look as follows:

  • Index file
  • Mycss file
  • Myjs file

When using Firefox

For firefox the source files will look like this:

For firefox, there is no central place to look for all the files together so we have to look one by one for the 3 files. 

  • In the Inspector tab, you can look for the index file’s content.
  • In the style editor, you find the CSS files and we see that the flag is present in the mycss file. 
  • Finally, in the debugger, we can find the myJs file contents.

<!-- I learned HTML! Here's part 1/3 of the flag: picoCTF{ur_4_real_1nspe -->

Second part is 

/* I learned CSS! Here's part 2/3 of the flag: ct0r_g4dget_9dd3b33c} */

and finally the third part is 

/* I learned JavaScript! Here's part 3/3 of the flag:  */

Hence combining the above 3 we get our final flag message as  picoCTF{ur_4_real_1nspect0r_g4dget_9dd3b33c}. We need to enter the same in the text box provided and hit submit.

Solution Flag


For more capture the flag challenges, visit Capture the flag

If you want to see Leetcode explained solutions visit Leetcode Solutions.

Check out my socials below in the footer. Feel free to ask any doubts in comment section or contact me via Contact page I will surely respond. 

Happy Learning 🙂

1 thought on “PicoCTF 2018 Walkthrough – Inspect Me”

  1. Pingback: PicoCTF 2018 Walkthrough – Client Side is Still Bad - Cse Nerd

Leave a Comment

Your email address will not be published. Required fields are marked *