SQL Direct

It is known that this is postgres SQL so the commands used will reflect that.

First, it is needed to connect.

psql -h saturn.picoctf.net -p 51070 -U postgres pico with password postgres.

Then I found the syntax to all relations/tables which is \dt command. It is shown that there is a table named flags.

I found two simple ways to output the table flag:

• TABLE flags;
• SELECT * FROM "flags";

This gave the flag in the table.

I then did, \copy flags to flag csv;, which exported the flags table to my working directory. I then used quit to exit psql.

To get just the flag I ran this command:

cat flag | grep -oE picoCTF{.*} --color=none

You could also do it this way:

cat flag | grep pico | cut -d "," -f4

Flag: picoCTF{L3arN_S0m3_5qL_t0d4Y_31fd...}