← Back to all challenges ◆ Level 1 · Web Basics · 100 XP
Wargames Realm

The Open Gate

The very first lesson every web hacker learns: the browser shows you the page, but it also hands you the source. Nothing rendered in your browser is ever truly hidden — it all arrived as text you can read.

Your mission

Somewhere in this page's HTML is a flag in the form flag{...}. It is not visible on screen — it's sitting in the source.

Open the page source: right-click anywhere → View Page Source, or press Ctrl+U (Windows) / Cmd+Option+U (Mac). Then search the text for flag{.

Developers leave notes in HTML comments — <!-- like this -->. They never render, but they ship to every visitor. Scroll the source to the very bottom.

Submit the flag

Why it matters: never put secrets, API keys, or "hidden" admin links in front-end code. If the browser can run it, an attacker can read it.