Description
I think I may have hidden the file in the folder. Can you find it?
Setup
SSH or connect to the provided shell environment where the hidden file resides.
Solution
Walk me through it- Step 1List all files including hidden onesFiles whose names begin with a dot are hidden from regular ls. The -a flag (all) forces ls to show them. Spot the dotfile and cat it to read the flag.bash
ls -abashcat .flag.txtLearn more
In Unix and Linux, any file or directory whose name begins with a period (
.) is considered a hidden file (also called a dotfile). The convention originates from a quirk in early Unix where thelscommand checked if the first character of a filename was.and skipped it if so - this was originally to hide the.(current directory) and..(parent directory) entries, and the behavior was later extended by convention to any dotfile.The
ls -aflag (or--all) overrides this filtering and shows every file including hidden ones. The relatedls -A(capital A) shows all files except the special.and..entries, which is usually more useful. Combining flags:ls -lashows all files in long format with permissions, ownership, size, and modification time.Dotfiles are used extensively in Linux for configuration:
~/.bashrc,~/.zshrc- shell configuration~/.ssh/- SSH keys and known hosts~/.gitconfig- git user configuration~/.env- environment variables (sometimes accidentally committed to git).htaccess- Apache web server configuration per-directory
In security contexts, attackers often hide malicious files with dotnames to avoid casual detection. During incident response, checking for unexpected dotfiles in home directories,
/tmp, and web server directories is an important step. Tools likefind / -name ".*" -type fenumerate all dotfiles system-wide. The lesson: "hidden" files in Unix are only hidden from casuallsuse - they are perfectly visible with the right flags.
Flag
picoCTF{...}
Files beginning with '.' are hidden from regular ls - the -a flag (all) reveals them.