Navigate nested directories through CSS file paths and learn why security through obscurity fails
Press enter or click to view image in full size
This writeup gives a step-by-step explanation of the picoCTF challenge “Secrets”. The best learning experience comes from working through the challenge alone, but read on if you’re stuck or are curious about other approaches.
picoCTF uses Capture The Flag (CTF) security challenges to teach security fundamentals. The challenges cover various security categories (web exploitation, cryptography, forensics, etc) but they all have the common goal of finding a flag in the format picoCTF{unique-text-string-here}. Some challenges are easy and others deviously difficult, but they are all great for learning security skills.
About the “Secrets” Challenge
This is an intermediate challenge, but it can be solved by anyone with a web browser, as minimal technical skills are needed.
- Name: Secrets
- Category: Web Exploitation
- Difficulty: Medium
- Description: We have several pages hidden. Can you find the one with the flag?
- Hint 1: folders folders folders