picoCTF Solutions
picoCTF 2021General SkillsEasy

Nice netcat...

Published: April 2, 2026

Description

There is a program running on a server that just outputs some numbers -- figure out what they mean.

Setup

Remote

Connect via netcat.

nc mercury.picoctf.net 43239

Solution

  1. Step 1Connect and observe the output
    Connect to the server. It streams a series of space-separated decimal numbers, then exits.
    nc mercury.picoctf.net 43239
    Learn more

    netcat (nc) is a fundamental network utility sometimes called the "Swiss Army knife" of networking. It can open raw TCP or UDP connections to any host and port, and it passes data between your terminal and the remote endpoint with no protocol overhead. Security researchers use it constantly to interact with CTF challenge servers, probe open ports, and debug networked services.

    When the server streams numbers and then exits, that's a one-shot interaction -- the server sends its payload and closes the connection. Your job is to capture that output and interpret it. The most common encodings for numbers-as-characters are decimal ASCII values (what this challenge uses), octal, hexadecimal, or binary.

  2. Step 2Convert decimal values to ASCII characters
    Each number is the decimal ASCII code of one character of the flag. Use Python to convert them all at once. Copy the numbers from the output and paste them as a space-separated string.
    python3 -c "output = '<paste numbers here>'; print(''.join([chr(int(x)) for x in output.split()]))"
    Learn more

    ASCII (American Standard Code for Information Interchange) is a 7-bit character encoding that maps integers 0–127 to characters. Printable characters occupy 32–126: lowercase letters are 97–122, uppercase 65–90, digits 48–57, and common punctuation fills the gaps. Understanding ASCII values is essential for CTF work -- you'll encounter them in many forms: decimal, hexadecimal (0x70 = p), octal, and binary.

    Python's chr() function converts an integer to its corresponding Unicode character (which is identical to ASCII for values 0–127). The inverse is ord('p') which returns 112. The one-liner splits the space-separated number string, converts each token to an integer, maps it through chr(), and joins the results into the flag string.

    Combining with netcat in one pipeline: You can also pipe netcat's output directly into Python without copy-pasting:

    • nc mercury.picoctf.net 43239 | python3 -c "import sys; print(''.join(chr(int(x)) for x in sys.stdin.read().split()))"

    This kind of pipeline -- connecting tools with | -- is a core Unix philosophy skill that makes terminal workflows far more powerful.

Flag

picoCTF{...}

The server streams the flag as space-separated decimal ASCII values.

More General Skills