file-run2

Description

Solution

1. Step 1Read the prompt carefully
   The description literally tells you to pass `Hello!`. Without the argument the program just prompts you again.
   Learn more

   Command-line arguments are values passed to a program at launch, available inside the program via the argc / argv array in C, or sys.argv in Python. They are separate from environment variables and standard input - three distinct ways a program receives data from its caller.

   When a binary checks argv[1] for a specific string and behaves differently based on the result, it's performing a simple form of authentication or gating. In CTF reverse engineering, identifying what arguments or inputs a binary expects is one of the first steps - tools like strings, ltrace, and strace can reveal what comparisons are being made without needing to fully disassemble the code.

   Note that Hello! includes an exclamation mark. Some shells treat ! specially in interactive mode (history expansion). If you encounter issues, quoting the argument as 'Hello!' or running it from a script bypasses this expansion.

   Argument-based gating is also commonly used in malware and crackmes to delay execution or confuse automated sandboxes. A binary that requires a specific argument simply exits without doing anything suspicious when run without it - meaning automated analysis tools that just execute the file will see nothing. CTF reverse engineering problems use this same trick to teach analysts to inspect what inputs a program expects before running it blindly.

   When you don't know the expected argument ahead of time, ltrace shows library calls including strcmp and strncmp, revealing exactly what the program compares argv[1] against. For stripped binaries where symbol names are gone, strace shows system calls, and a disassembler like Ghidra will decompile the comparison logic directly. Always check the simplest techniques first: strings and ltrace before reaching for a full disassembler.

2. Step 2Capture the flag
   Use `cut` to isolate the fourth space-delimited field for a clean flag string.
   Learn more

   Output parsing with shell tools like cut, awk, and grep is a fundamental skill for working efficiently in the terminal. Rather than reading the entire output and copying the flag by hand, piping to cut -d ' ' -f4 extracts precisely the token you need, which is useful when automating or when the flag is embedded in a longer sentence.

   As an alternative, awk '{print $4}' achieves the same result and handles variable amounts of whitespace between fields (unlike cut, which treats each delimiter character separately). Knowing both gives you flexibility depending on the structure of the output you're parsing.

   Shell pipelines chain commands so the output of one becomes the input of the next. This composability is one of the defining strengths of Unix-style tooling. Instead of writing a custom script to parse program output, you string together small, single-purpose utilities. The same pipeline pattern appears constantly in security work: capturing output from a scanner, filtering it for relevant entries, extracting fields, and writing results to a file - all in a single one-liner.

   tr, sort, uniq, and wc are other commonly paired tools. For example, strings binary | sort | uniq -c | sort -rn produces a frequency-ranked list of all printable strings in a binary, which can highlight repeated constants or likely passwords. Building fluency with pipeline composition will save significant time during time-pressured CTF events.

Flag

picoCTF{F1r57_4rgum3n7_be07...}

Introductory warm-up for command-line arguments.