Description
We have several pages hidden. Can you find the one with the flag?
Additional details will be available after launching your challenge instance.
📝 Challenge Overview
Visit a web service running on a nonstandard port and explore URL paths to find nested hidden pages. By following links (or guessing common directory names) you eventually find a deeply nested page that contains the flag in its HTML. Note: the service may drop the connection intermittently, so be prepared for timeouts.
🔎 Step 1: Open the base URL in your browser
- Open your browser and go to:
http://saturn.picoctf.net:61481/ - Inspect the page and elements—there is a link or element pointing to
/secret. Click or navigate to that path.
📝 Explanation: Start with the root URL. Many CTF web challenges hide additional paths linked from the main page. Browsers render HTML and show links that lead to hidden directories.
🧭 Step 2: Follow the discovered path to /secret
- Navigate to:
http://saturn.picoctf.net:61481/secret - The
/secretpage reveals (or links to) another hidden path named/hidden. Move to that path.
📝 Explanation: Web challenges often nest secrets in multiple directories. Manually following links or reading the page source (right‑click → View Page Source) can reveal next-step paths.
🕵️ Step 3: Continue to /hidden and then /superhidden
- Visit:
http://saturn.picoctf.net:61481/secret/hidden/ - From there, follow or guess the next path:
http://saturn.picoctf.net:61481/secret/hidden/superhidden/ - The
superhiddenpage contains the flag in its HTML content.
📝 Explanation: Sequentially exploring nested URLs uncovers deeper hidden pages. If links aren’t visible, try viewing the HTML, or use directory enumeration tools to discover common names.
⚠️ Note about reliability
- The challenge host may drop the port or the service may become temporarily unavailable while you are exploring. If the site becomes unreachable, try again after a short wait or use command‑line tools that can retry (see tips).
📝 Explanation: CTF hosts running many challenges sometimes restart services or throttle connections. Expect transient failures and plan retries.
🏁 Capture the Flag
🎉 The flag found in the HTML of the superhidden page is:picoCTF{succ3ss_@h3n1c@10n_39849bcf}
📊 Summary
| Step | Command / Action | Purpose | Key Result |
|---|---|---|---|
| 1 | Open http://saturn.picoctf.net:61481/ in browser | Start exploration of site | Found link/element to /secret |
| 2 | Navigate to /secret | Follow discovered path | Found link/element to /hidden |
| 3 | Navigate to /secret/hidden/superhidden/ | Reach deeply nested page | Flag present in HTML: picoCTF{...} |
💡 Beginner Tips
- 🔎 Use View Page Source (right‑click) to see hidden links or comments that are not visible on the page.
- 🧰 If the site goes down, retry after a short wait. Consider using
curl -Iorcurlto check availability quickly from the terminal. - 🧭 Try manual navigation first; if that fails, use automated directory enumeration tools (e.g.,
gobuster,dirb) with a small wordlist to find common hidden folders. - 🛡️ Be polite — don’t flood the service with aggressive scans on a shared CTF host.
🎓 What you learn (takeaways)
- Many web CTFs hide flags behind nested URLs—careful manual exploration often finds them.
- Viewing the HTML source can reveal links, comments, or hints that aren’t rendered.
- Services on nonstandard ports may be unreliable; expect intermittent downtime and plan retries.
- Directory brute‑forcing is a useful fallback when links are not present in page source.
⚡ Short explanations for commands / techniques used
- 🔗 Open URL in browser
- What: Use a web browser to request the page.
- Why: The browser renders HTML and exposes links and visible content.
- Example: Enter
http://saturn.picoctf.net:61481/into the address bar.
- 🧾 View Page Source / Inspect Element
- What: Show raw HTML and DOM elements.
- Why: Hidden links or comments may be present only in the HTML source.
- How: Right‑click → View Page Source, or open Developer Tools (F12).
- 🧭 Manual directory traversal
- What: Type or click URLs to navigate to subpaths (e.g.,
/secret/hidden/superhidden/). - Why: Many flags are placed in nested directories; manual traversal is quick and simple.
- What: Type or click URLs to navigate to subpaths (e.g.,
- 🐚
curlto check availability- What: Command‑line HTTP client to fetch pages or headers.
- Why: Fast check for site up/down, useful when browser fails.
- Example:
curl -I http://saturn.picoctf.net:61481/secret(fetches headers).
- 🧰 Directory enumeration tools (optional)
- What: Tools like
gobusterordirbscan for common directory names. - Why: Automated discovery when links or hints are missing.
- Caution: Use gentle settings on shared CTF hosts to avoid causing outages.
- What: Tools like