HackerDNA — Secrets in Source 2 Write-Up | Client-Side Obfuscation and Hidden Secrets

URL : https://hackerdna.com/labs/secrets-in-source-2

Madaminovrahmatilloh

~1 min read · February 11, 2026 (Updated: February 11, 2026) · Free: Yes

This challenge is basically, similar to the Secrets in the Source, about the comments or sometimes called the "secrets" can be found in the source code, and developer often tries to hide it, instead of removing it. Due to this, the site or the server can be effected.

How to find the flag :

After starting the lab, HackerDNA give us the link to the page "https://lab.hdna.me/145-secrets-in-source-2". After getting inside of the page we will see many unnecessary things, but most annoying thing will be that we can not see the source code by pressing Ctrl + U. So, only choice we have is using the powershell or terminal. I am using the terminal, due to the command called "curl" . This command will help us to see the source code of the page.

curl -L https://lab.hdna.me/145-secrets-in-source-2 | grep "flag"

we are using curl and the URL but why -L ? Because, If you don't use -L, you're just staring at the gate, not the room.

So after that command we can see the subdomain of the URL that directs to the actual flag.

#labs #pentesting

HackerDNA — Secrets in Source 2 Write-Up | Client-Side Obfuscation and Hidden Secrets

URL : https://hackerdna.com/labs/secrets-in-source-2

How to find the flag :

Reporting a Problem