Pico CTF: Wave a flag, Information, and Nice netcat…

Wave a flag

Download the binary file and access it from the command line. There is a command line utility called strings which will grab all human readable strings from a file and return them in the terminal. We can use a “|” character to pipe the result of this command to another command called grep, which will filter the returned results based on a string pattern. Since we know from previous levels that all flags begin with the word “pico” we can use this as our search pattern.


The file we get seems like a normal picture of a cat but let’s download it and view the metadata. You can view the metadata using a tool like exiftool. You can download it to your kali machine using sudo apt-get exiftool. If you run into issues try using these two commands.

sudo apt-get update

sudo apt-get install lib image-exiftool-perl

Next let’s view the metadata

The string for the the License looked a bit like base64 so I decoded it from the command line using “| base64 -d”, and found the flag

Nice nectat …

Netcat is a valuable networking tool for communication between devices. We are connecting to a device using netcat and receiving a message from said device.

We receive a long string of numbers. These seem like they might be ASCII numbers. ASCII is an encoding system for most all of the characters we use every day. So each number on the screen might correspond to a character. To decode this we can use python. First, we will need to put the characters into a list format that python will recognize. Basically, we need to add a comma to the end of every line. Doing this line by line would be tedious, and also wouldn’t scale well. For example, what if we had thousands of lines? One tool we can use to solve this issue is sed. Sed is a command line utility that searches through text and replaces/inserts multiple instances of text for an entire file.

The syntax may seem confusing but it’s simple once you break it down.

sed ‘s(for substitute)/[pattern_to_look_for]/[pattern_to_insert]/g(for global, meaning all occurrences)’ [filename].

The “$” is a regular expression meaning the end of the line, and be sure to include a space with the comma otherwise python will get mad at you.

Next let’s create our python script. First we create a list contains our numbers. Then on line 47 we’ll tell python to iterate each item in our list and apply the chr() function. This function will decode the number to its assigned ASCII character. In doing so we will create a new list for every item iterated in the first list. Let’s call this second list character. The purpose of ‘end=””‘ is to print every character within the second list but without the ” ,” so that it all returns as a string.

After you run your script you’ll get the flag.