Description
Can you get the flag?
Additional details will be available after launching your challenge instance.
🧩 Challenge Overview
In this challenge, we are given access to a web instance.
Our goal is to find a flag that is hidden in the HTML code of the web page.
🖥 Step 1: Open the website
After launching the instance, navigate to the website in your browser.
✅ Explanation:
- Sometimes, CTF challenges hide flags directly in the source code of a webpage.
- Flags may not appear visually but can be found in HTML comments.
🔎 Step 2: Inspect the page source
Press F12 (or right-click → “Inspect”) to open the Developer Tools.
Look through the HTML source code. You might find a comment like this:
<!--picoCTF{1n5p3t0r_0f_h7ml_1fd8425b}-->
✅ Explanation:
- HTML comments are enclosed between
<!--and-->. - Anything inside a comment is not displayed on the page, but it’s visible in the source code.
- This is a common technique in CTFs to hide flags for beginners.
🏁 Step 3: Capture the Flag
picoCTF{1n5p3t0r_0f_h7ml_1fd8425b}
🧠 Summary
| Step | Tool / Action | Purpose | Key Finding |
|---|---|---|---|
| 1 | Open browser | Access the website | Web page loaded |
| 2 | F12 / Inspect | View HTML source | Flag found in a comment |
💡 Beginner Tips
- Always inspect the HTML source if a web page looks normal.
- Flags can be hidden in comments, scripts, or hidden elements.
- Using Developer Tools is essential for web-based CTF challenges.