file-run1

Description

Solution

1. Step 1Run the binary
   No tricks here; the compiled program prints picoCTF{...} on stdout.
   Learn more

   On Linux, files downloaded from the web do not automatically receive execute permission. This is a security feature - it prevents accidentally running a downloaded file as a program. The chmod +x command adds the execute bit for the owner (and optionally group/others), making the file runnable as a program.

   The ./ prefix before the binary name tells the shell to look in the current directory for the file. Without it, the shell only searches the directories listed in $PATH, which typically does not include the current directory (another security measure - it prevents accidentally running a malicious file named ls dropped into the current directory).

   ELF (Executable and Linkable Format) is the standard binary format on Linux. You can inspect any ELF binary with file run to see its architecture and linking type, or with readelf -h run for detailed header information. Getting comfortable with these inspection tools is the foundation of binary analysis and reverse engineering.

   ELF binaries contain multiple sections with distinct roles: .text holds executable code, .rodata stores read-only data like string literals, .data holds initialized global variables, and .bss holds uninitialized globals. Understanding this layout matters during reverse engineering because flags and passwords embedded as string constants land in .rodata, making them visible to strings without needing to disassemble any code.

   For compiled binaries that are statically linked, the file command will indicate "statically linked" - meaning all library code is bundled inside. Dynamically linked binaries depend on shared libraries (.so files) at runtime and are typically smaller. Both types can be run the same way, but the distinction matters for analysis: statically linked binaries are self-contained and easier to transfer between systems, which is why CTF challenge authors sometimes produce them to avoid library version mismatches.

2. Step 2Optional: trim the output
   Use `cut -d ' ' -f4` to print only the flag token.
   Learn more

   cut is a Unix utility for extracting columns from delimited text. The flags -d ' ' set space as the delimiter and -f4 selects the fourth field. If the program outputs something like The flag is: picoCTF{...}, field 4 is the flag token itself.

   This kind of output trimming is useful when scripting - for example, if you are piping the flag into another command or writing it to a file. Building the habit of cleanly extracting exactly the data you need, rather than copying and pasting from a messy terminal, will save time as CTF challenges become more complex.

   Another handy approach is grep -oE 'picoCTF\{[^}]+\}', which uses an extended regular expression to match and print only the flag-shaped token regardless of where it appears in the line. The -o flag tells grep to output only the matched portion rather than the whole line. This approach is robust even when the flag appears in the middle of a long sentence or has no predictable field position.

   Scripting these extraction patterns pays dividends during CTF competitions: if you solve ten challenges that all print flags as part of a sentence, having a reliable one-liner that extracts the token consistently avoids the error-prone process of manual copy-paste. Small investments in terminal proficiency compound into significant time savings over many challenges.

Flag

picoCTF{U51N6_Y0Ur_F1r57_F113_e55...}

Another quick warm-up to ensure your environment can execute ELF binaries.