PicoCTF Walkthrough: Obedient Cat

PicoCTF Walkthrough: Obedient Cat

Welcome, future cybersecurity enthusiasts! I'm here to guide you through the exciting world of Capture The Flag (CTF) competitions. In this article, we'll embark on our first challenge together: Obedient Cat from PicoCTF. This walkthrough is tailored for beginners, including kids, who are new to CTFs. We'll explore the basics, provide step-by-step instructions, and highlight key concepts along the way. So, let's roll up our sleeves and conquer the Obedient Cat challenge together!

Overview

The Obedient Cat challenge serves as an excellent introduction for newcomers. It focuses on interacting with the "cat" program through a command-line interface (CLI). Our objective is to learn to use the "cat" program, following specific instructions, in order to retrieve the flag. Don't worry if you're unfamiliar with the command line – I'll explain everything in a simple and easy-to-understand manner.

Step 1: Accessing the Challenge

  1. Let's begin by visiting the PicoCTF website (picoctf.com) and creating an account if you haven't done so already.

  2. Log in to your account and navigate to the challenges section. Hint: Look for Practice at the top of the page.

  3. Look for the Obedient Cat challenge and click on it to get started.

Step 2: Understanding the Challenge

The challenge description will provide us with context and instructions. Read it attentively to grasp what we need to accomplish.

  1. Read the Description and if you are already using a linux system, download the flag by clicking on the blue link that says "Download flag"

  1. Otherwise, open the webshell by clicking on the button on the left side of the screen.

  1. It will start and run an instance of Linux.

  2. You will need to enter your username and password for the picoCTF.org website.

  3. Once you have logged in you will be presented with a terminal prompt.

  4. There is one more thing that we need to do before we get started. If we look at the hints, we can see that it provides us with a command that will allow us to download the flag file. If we have not already done that, this is how we do it.

     wget https://mercury.picoctf.net/static/a5683698ac318b47bd060cb786859f23/flag
    

  5. In order for us to see the file, we need to use the command "ls

Step 3: Interacting with the "CAT" Program

  1. Now that we are in the terminal and are able to interact with the command-line interface (CLI) we can now enter commands.

  2. The "cat" program allows us to display the contents of a file. We can use the "cat" command followed by a filename to view the file's contents.

  3. However, there are certain restrictions with the "cat" program. It only accepts specific filenames and displays files with particular permissions.

  4. Our goal is to locate the file containing the flag and display its contents using the "cat" program.

Step 4: Exploring the Filesystem

  1. Let's start exploring the filesystem to identify available files. After we typed "ls" we listed the files in the current directory.

  2. Take note of any filenames that seem interesting or relevant. We can use the "cat" command with those filenames to view their contents. The file we downloaded was flag so lets take a look at the file we downloaded.

  3.    cat flag
    
  4. this will show us the flag file.

Step 5: Obtaining the Flag

  1. The flag format that we are looking for will always look something like this:

  2.    picoCTF{s4n1ty_v3r1f13d_4a2b35fd}
    
  3. The flag will have picoCTF{flag} the flag is everthing inside the "picoCTF{" and the closing "}"

Step 6: Submitting the Flag

  1. Once we obtain the flag, copy it and return to the PicoCTF website.

  2. Find the input field to submit the flag and paste it there.

  3. Submit your answer, and if it's correct, you'll receive points and are ready to proceed to the next challenge! Keep in mind that you can skip challenges if you want to.

Congratulations on completing the Obedient Cat challenge! Together, we've interacted with the "cat" program through the command line and successfully retrieved the flag. Remember, this is just the beginning of our CTF journey, and many exciting challenges await. Stay tuned for our next walkthrough, where we'll tackle another thrilling PicoCTF challenge. Keep practicing and embrace the fascinating world of cybersecurity!

The purpose of this challenge is to introduce you to the "cat" program and how it can help you read files. It is also a way to get you to use the "ls" command and familiarize yourself with the terminal.

Disclaimer: CTF challenges are designed to educate and promote learning about cybersecurity concepts. Always ensure that you participate in CTFs legally and ethically. Respect the rules and guidelines provided by the organizers, and never attempt to compromise systems or access unauthorized information.

Did you find this article valuable?

Support Matthew Hard by becoming a sponsor. Any amount is appreciated!