PicoCTF: Unminify

Challenge: Unminify

Difficulty: Easy

Category: Web Exploitation

Challenge: Un-squish the webpage code and capture the flag.

In my previous post, WebDecode, I mentioned that I would likely go with the right-click and "View Page Source" route to inspect a web page's code since it seemed easier to make sense of. In the case of this web page, they used minification and the "View Page Source" idea didn't seem the most efficient. Instead, I went back to the F12 (inspection) route and in the search bar typed "picoCTF" since I knew that is what the flag began with. If it was encoded like in WebDecode, this method wouldn't have worked.

As you can see, the formatting wasn't the most user friendly when it came to "View Page Source" since it didn't automatically wrap the code. I right-clicked and checked the box "Wrap Long Lines" and that made it better. You still have some work to do to find the flag, but it is in there.

Instead I used the web inspector which you can find by pressing F12. There were 22 instances of "picoCTF" so it was a matter of pressing "Enter" 20 times to find the flag.

In this challenge, the code was vacuum-packed through a process called minification. Code minification is the process of minimizing code to only what is necessary without removing its functionality. Anything that is taking up space, including comments and white space, is removed to reduce its size. This is great for reducing bandwidth and increasing the speed of a website.

Thanks for reading!