picoCTF Solutions
picoCTF 2021General SkillsEasy

Obedient Cat picoCTF 2021 Solution

Published: April 2, 2026

Description

This file has a flag in plain sight (which is what 'in-the-clear' means). Download the file called flag.

Setup

Download the flag file using wget.

bash
wget <url>/flag

Solution

Walk me through it
  1. Step 1Print the file contents
    The flag is stored as plain text in the file. Use cat to print it directly to the terminal.
    bash
    cat flag
    Learn more

    cat (short for "concatenate") is one of the most commonly used Unix commands. It reads one or more files and writes their contents to standard output. Despite its simplicity, it's the go-to tool for quickly inspecting small text files, and it's also used to chain files together: cat file1 file2 > combined.

    "In the clear" (or "in plaintext") means data is stored or transmitted without any encryption or obfuscation - it's immediately human-readable. The opposite is data "at rest" protected by encryption, where you need a key to read it. Many real-world security incidents involve sensitive data left in the clear: API keys in public GitHub repos, passwords in unencrypted config files, or traffic sent over HTTP instead of HTTPS.

    wget (Web GET) is a command-line tool for downloading files from the web. It supports HTTP, HTTPS, and FTP. For CTF work, wget <url> is the quickest way to pull down challenge files without opening a browser. An alternative is curl -O <url>, which provides more control over HTTP headers and request methods.

    Sensitive data in the clear is one of the most common real-world security failures. Classic examples include: API keys and tokens checked into public GitHub repositories, database credentials stored in plaintext config files, passwords transmitted over HTTP instead of HTTPS, and private keys left in world-readable files. The 2017 Equifax breach and numerous cloud storage exposures all involved data that was technically accessible without any attack - it was simply stored or transmitted without encryption.

    Beyond cat: For binary files that may contain non-printable characters, xxd or hexdump -C give a hex+ASCII side-by-side view. file identifies the file type by inspecting magic bytes rather than relying on the file extension. less is useful for paging through large files. For this challenge, cat is sufficient since the flag is plain ASCII text, but building the habit of checking file first is good forensic practice.

    Standard output, stdin, and pipelines: cat writes to stdout, which can be redirected with > (overwrite), >> (append), or piped with | into another command. For example, cat flag | grep picoCTF filters lines containing the pattern. Understanding how Unix pipes chain commands is fundamental to CTF work - most solutions involve piping the output of one tool into another.

Flag

picoCTF{...}

The simplest possible challenge - the flag is the entire file contents.

Want more picoCTF 2021 writeups?

Browse picoCTF 2021Full library

Useful tools for General Skills

Related reading

What to try next