I've been working through PicoCTF challenges as part of building my cyber-security foundation. These are my notes from the General Skills category, five challenges that cover the core terminal skills every CTF player needs. I'll show exactly what I ran, what came back, and what it means.
- Nice netcat: The server sends back a wall of numbers, one per line: 112 105 99 111
My first instinct was to look them up one by one in an ASCII table. That works, but there's a faster way. Each number is a decimal ASCII value. 112 is p, 105 is i, 99 is c, 111 is o. Once I saw the pattern I piped the output straight through Python:
nc -w 2 wily-courier.picoctf.net 53619 | python3 -c "import sys; print(''.join(chr(int(n)) for n in sys.stdin.read().split()))"
The -w 2 flag tells netcat (nc) to close after 2 seconds of silence, which lets the pipe complete. chr(int(n)) converts each decimal to its character. Flag prints immediately.
What I learned: when a server returns a list of numbers, assume ASCII first. Three anchor points worth memorising: 48 is 0, 65 is A, 97 is a.
- Magikarp Ground Mission: SSH into a server, navigate between directories, and collect three parts of a flag. The instructions are literally in the files themselves.
ssh ctf-player@wily-courier.picoctf.net -p 55070
ls
cat 1of3.flag.txt
cat instructions-to-2of3.txt
cd /
cat 2of3.flag.txt
cat instructions-to-3of3.txt
cd ~
cat 3of3.flag.txt
The three files contain picoCTF{xxsh_, then 0ut_0f_//4t3r_, then 0b24fc4f}. Put together: picoCTF{xxsh_0ut_0f_//4t3r_0b24fc4f}
What I learned: cd / is root, cd ~ is home. Flags are sometimes split across locations deliberately to teach navigation.
- First Find: An archive with a file called uber-secret.txt buried somewhere inside. The directory tree is deep and one of the folders is hidden.
wget https://artifacts.picoctf.net/c/502/files.zip
unzip files.zip
find . -name "uber-secret.txt"
output: ./files/adequate_books/more_books/.secret/deeper_secrets/deepest_secrets/uber-secret.txt
cat ./files/adequate_books/more_books/.secret/deeper_secrets/deepest_secrets/uber-secret.txt
Flag: picoCTF{f1nd_15_f457_ab443fd1}
What I learned: find . -name searches recursively and goes into hidden directories that ls won't show you. Get comfortable with this command.
- Static ain't always noise: A binary file and a bash script called ltdis.sh. I read the script before running it. It does two things: disassembles the binary with objdump and extracts readable text with strings.
chmod +x ltdis.sh
./ltdis.sh static
grep "picoCTF" static.ltdis.strings.txt
Output:
3020 picoCTF{d15a5m_t34s3r_20335e41}
What I learned: binaries often contain embedded readable strings. strings extracts them all. grep finds the one you want. This combination comes up constantly in reverse engineering.
- Plumbing: The server floods you with output. The flag is somewhere in there. bash nc fickle-tempest.picoctf.net 49418 | grep "picoCTF" Flag prints immediately: picoCTF{digital_plumb3r_A01Bc3eC} What I learned: the pipe operator passes one command's output directly into another without saving anything to disk. command | grep "pattern" is probably the most used one-liner in CTF general skills challenges.
Tools used across these five challenges
nc, python3, ssh, find, strings, grep, and the pipe operator
I'm continuing through PicoCTF. Next up is the Cryptography category. Follow if you want the writeups as they come.
Top comments (0)