Hacker101 CTF Walkthrough — A Little Something to Get You Started

When you begin with CTF challenges, especially on Hacker101, the goal isn't to throw complex exploits at the problem — it's to build a…

Ankitsingh

~2 min read · May 3, 2026 (Updated: May 3, 2026) · Free: Yes

When you begin with CTF challenges, especially on Hacker101, the goal isn't to throw complex exploits at the problem — it's to build a sharp eye for small details.

This Level 0 challenge is a perfect example of that.

🔍 Step 1: Visit the Challenge

I started by opening the challenge:

https://74ee69869de57a4a5cc5b3c9494edd69.ctf.hacker101.com/

At first glance, the page looked extremely basic. It only displayed a simple message:

"Welcome to level 0. Enjoy your stay."

No inputs, no buttons, no visible functionality. That's usually a signal to stop looking at the UI and start looking underneath.

🧠 Step 2: Inspect the Source Code

The next step was to check the page source.

Here's what I found:

<!doctype html>
<html>
    <head>
        <style>
            body {
                background-image: url("background.png");
            }
        </style>
    </head>
    <body>
        <p>Welcome to level 0. Enjoy your stay.</p>
    </body>
</html>

At first, it looks like harmless HTML and CSS. But one line stands out:

background-image: url("background.png");

🧩 Step 3: Spot the Clue

The code clearly references a background image.

But here's the catch:

👉 There is no background image visible on the page.

That mismatch is intentional. In CTFs, when something is referenced but not shown, it's often hiding something useful.

🚀 Step 4: Access the Hidden Resource

Instead of relying on the browser, I directly accessed the file by appending it to the URL:

https://74ee69869de57a4a5cc5b3c9494edd69.ctf.hacker101.com/background.png

🏁 Step 5: Capture the Flag

Opening that image directly revealed the flag.

No brute force. No scanning tools. No payloads.

Just observation and a simple manual request.

🧠 Key Takeaway

This challenge teaches one of the most important habits in web security:

Always look for hidden or directly accessible resources.

Things you should always check:

Page source (HTML, CSS, JS)
Referenced files (images, scripts, stylesheets)
Manually accessible endpoints
Anything that exists in code but not on the UI

⚡ Final Thoughts

"A Little Something to Get You Started" might be a beginner-level challenge, but the mindset it builds is critical.

In real-world scenarios, vulnerabilities often come from:

Forgotten files
Misconfigured assets
Exposed resources

If you learn to notice these early, you'll solve a lot of problems faster than others.

More challenges ahead — and they only get better from here.

#ctf-writeup #ctf-walkthrough #ctf #hacker #hackerone

< Go to the original