Rating:

This exercise was a very straightforward warmup : the flag was split in three
parts (well, two in my case) and put in comments in three different source
files on the site :

### Index

view source on the index page showed the following HTML comment :

```html

```

We can also see that a script and a stylesheet are loaded :

```html
<link rel="stylesheet" type="text/css" href="mycss.css">
<script type="application/javascript" src="myjs.js"></script>
```

### Stylesheet

If we examine the stylesheet, we can see that in ends with a CSS comment :

```css
/* I learned CSS! Here's part 2/3 of the flag: ct0r_g4dget_9dd3b33c} */
```

### Script

Similarly, the `myjs.js` ends with the following comment :

```javascript
/* I learned JavaScript! Here's part 3/3 of the flag: */
```

So if we concatenate the three parts, we get the flag :
`picoCTF{ur_4_real_1nspect0r_g4dget_9dd3b33c}`

Original writeup (http://blog.iodbh.net/picoctf2018-web-inspect-me.html).