Description
I think I may have hidden the file in the folder. Can you find it?
Setup
SSH or connect to the provided shell environment where the hidden file resides.
Solution
Want to try it yourself first?
The guided walkthrough reveals hints one step at a time.
Step 1
List all files including hidden onesObservationI noticed the challenge description said the file was 'hidden in the folder,' which suggested it might be a dotfile that ls omits by default, pointing directly to using ls -a to reveal names beginning with a period.Files whose names begin with a dot are hidden from regular ls. The -a flag (all) forces ls to show them. Spot the dotfile and cat it to read the flag.bashls -abashcat .cant_see_meExpected output
picoCTF{...}What didn't work first
Tried: Running ls without any flags and looking for the file in the visible output
Plain ls silently omits any filename that starts with a dot, so .cant_see_me never appears in the listing. The file is present on disk the entire time - only the -a (or --all) flag disables the dot-prefix filter and makes it visible.
Tried: Running cat cant_see_me (without the leading dot) after spotting it with ls -a
The shell treats the leading dot as part of the filename, not as a path separator. Omitting it causes a 'No such file or directory' error because the shell is looking for a completely different filename. The exact name including the dot must be typed: cat .cant_see_me.
Learn more
In Unix and Linux, any file or directory whose name begins with a period (
.) is considered a hidden file (also called a dotfile). The convention originates from a quirk in early Unix where thelscommand checked if the first character of a filename was.and skipped it if so - this was originally to hide the.(current directory) and..(parent directory) entries, and the behavior was later extended by convention to any dotfile.The
ls -aflag (or--all) overrides this filtering and shows every file including hidden ones. The relatedls -A(capital A) shows all files except the special.and..entries, which is usually more useful. Combining flags:ls -lashows all files in long format with permissions, ownership, size, and modification time.Dotfiles are used extensively in Linux for configuration:
~/.bashrc,~/.zshrc- shell configuration~/.ssh/- SSH keys and known hosts~/.gitconfig- git user configuration~/.env- environment variables (sometimes accidentally committed to git).htaccess- Apache web server configuration per-directory
In security contexts, attackers often hide malicious files with dotnames to avoid casual detection. During incident response, checking for unexpected dotfiles in home directories,
/tmp, and web server directories is an important step. Tools likefind / -name ".*" -type fenumerate all dotfiles system-wide. The lesson: "hidden" files in Unix are only hidden from casuallsuse - they are perfectly visible with the right flags.
Interactive tools
- File Magic IdentifierIdentify file types from magic numbers. Paste hex bytes or drop a file to detect PNG, JPEG, ZIP, PDF, ELF, PCAP, SQLite, and dozens of other formats.
- Hex ViewerView text or raw hex bytes as a xxd-style hex dump with byte offset, hex columns, and ASCII sidebar. Highlights printable characters and null bytes.
- Strings ExtractorPull printable text from any binary, library, or image. ASCII and UTF-16 detection, configurable minimum length, flag-like highlight, no command line needed.
Flag
Reveal flag
picoCTF{w3ll_that_d1dnt_w0RK_...}
Per-instance flag. Two different hash suffixes found (cb4a5081 and 30444bc6) confirming per-instance variation. Prefix picoCTF{w3ll_that_d1dnt_w0RK_} is consistent.