https://play.picoctf.org/practice/challenge/132?category=1&difficulty=1&page=2
This post walks you through solving the “GET aHEAD” challenge from picoCTF, categorized under Web Exploitation and marked as Easy. The goal is to explore different HTTP methods and discover a hidden flag inside the server’s response headers.
In this walkthrough, I’ll explain every step I took — from the first click to the final discovery — and highlight why checking headers is just as important as looking at page content.
Step 1: Opening the Challenge Page
Click the challenge link. You’re taken to a webpage that asks you to choose red or blue. If you click red, the page turns red; if you click blue, it turns blue.
Press enter or click to view image in full size
Press enter or click to view image in full size
Press enter or click to view image in full size