picobrowser! — PICOCTF challenge

Video Writeup: https://youtu.be/J7ldKZW9Nfs
Description: This website can be rendered only by picobrowser, go and catch the flag! https://jupiter.challenges.picoctf.org/problem/50522/ (link) or http://jupiter.challenges.picoctf.org:50522
challenge link: https://play.picoctf.org/practice/challenge/9?category=1&originalEvent=1&page=1
points: 200

Enumeration

on visiting the given URL in the description: https://jupiter.challenges.picoctf.org/problem/50522

From the source code,

home => /# , signin=> /notimplemented , signout => /notimplemented

and there is one more endpoint, /flag which can also be accessed by clicking the green button flag.

When I click on the flag button, button it through an error, you’re not picobrowser, and then it prints my browser name, looks like it is checking the device.

The first thought that came to mind after seeing this is to change user-agent to picobroswer, and luckily it works

Exploitation

I used the curl tool to grep the flag=>

$ curl https://jupiter.challenges.picoctf.org/problem/50522/flag -H “User-Agent: picobrowser\!” | grep -i “picoCTF”

and here we have our flag.

For more CTFs and bug bounty writeup, or content related to ethical hacking, android penetration testing. follow me on:

Youtube: https://www.youtube.com/channel/UC17W_Ircv7EmIIdbJeOQ_BQ
Instagram: https://www.instagram.com/hackpeas/
Linkedin: https://www.linkedin.com/in/viraj-vaishnav-19b0a61aa/
Twitter: https://twitter.com/VirajVaishnav16

Thank You..