picoCTF Solutions
picoCTF 2023General SkillsMedium

Permissions

Published: April 26, 2023Updated: December 9, 2025

Description

SSH into the target host and enumerate /root-owned challenge files. Proper directory traversal and permissions understanding lead straight to the flag.

Setup

SSH to saturn.picoctf.net on port 54578 with the provided password.

Navigate into /challenge, list files, and open metadata.json (or similar) with vim or cat.

ssh -p 54578 picoplayer@saturn.picoctf.net
Sd9KYTm5kr
cd ../.. && cd challenge
cat metadata.json

Solution

  1. Step 1Escalate into /challenge
    After logging in, move two directories up and then into challenge/. The files there are world-readable even though root-owned.
  2. Step 2Read the metadata
    Open metadata.json (or use vim if you prefer). The flag is stored in that JSON document.

Flag

picoCTF{uS1ng_v1m_3di...f1a}

Permissions look scary, but world-readable files make the flag accessible.