PicoCTF2018 – Web – Secret Agent Objective: Here's a little website that hasn't fully been finished. But I heard google gets all your info anyway. http://2018shell.picoctf.com:3827 (link [1] ) Hints: ( How can your browser pretend to be something else? Solution: Ok so this one looks like its referencing a user agent, which is what your browser tells the website about your computer. Such as OS and browser So if you click on the flag button in the website and you get this error message. “Your’re not google!” That is a clue we are looking for, its checking to see if the user agent is google. I used a chrome extension called “User-Agent Swticher” to change my user agent to replicate that of the Googlebot – which is google spider agent Tried the flag button again and got the flag Flag : picoCTF{s3cr3t_ag3nt_m4n_12387c22}
@circusmonkey404 on the twitters; DM for contact