picoCTF Solutions
picoCTF 2023General SkillsMedium

useless picoCTF 2023 Solution

Published: April 26, 2023

Description

The “useless” workstation exposes SSH access plus a suspicious calculator script. Somewhere inside its documentation hides the flag.

Setup

SSH into saturn.picoctf.net on port 64713 with the provided credentials.

List the home directory, execute ./useless, and read both the script and its man page.

bash
ssh picoplayer@saturn.picoctf.net -p 64713
bash
password
bash
ls && ./useless
bash
man useless

Solution

Walk me through it
  1. Step 1Inspect the script
    Running the script without proper arguments prompts you to “Read the code first.” View the bash source to learn it performs basic math operations.
    bash
    less useless
    Learn more

    Shell scripts are plain-text files containing sequences of shell commands. Unlike compiled binaries, their source code is always readable with less or any text editor; there is no compilation step to reverse. This transparency is both a feature (easy to audit) and a limitation (no obfuscation possible without an external binary).

    Bash scripts often use a shebang line at the top (#!/bin/bash) to specify the interpreter. The script's error message telling you to "Read the code first" is a metacommentary; the challenge is literally teaching you that reading source code is the right debugging approach. In CTF terms, source code review (white-box testing) is always preferable to black-box guessing when the source is available. For broader Linux command-line workflow tips, see Linux CLI for CTF.

  2. Step 2Read the manual
    Find the actual man page path with man -w useless, then run man useless and jump to the bottom. The flag is stashed at the end of the page.
    bash
    man -w useless
    bash
    man useless
    Learn more

    man pages are the traditional documentation system for Unix/Linux programs. Every standard command has a man page accessible via man <command>. Man pages are written in troff/groff markup and displayed through a pager (usually less). They are organized into sections: 1 (user commands), 2 (system calls), 3 (library functions), 5 (file formats), 8 (system administration), and so on.

    man -w useless prints the actual filesystem path of the man page (often something like /usr/local/share/man/man1/useless.1.gz). Knowing the path lets you grep the raw troff source directly with zcat $(man -w useless) | grep picoCTF if you would rather not scroll.

    Custom programs can install their own man pages in /usr/local/share/man/ or /usr/share/man/. This challenge placed a man page for the useless script there, mimicking how real software is documented. The flag hidden at the bottom of the man page teaches you to always read documentation thoroughly; important context, warnings, or in this case flags, are often at the end.

    Navigating man pages. Man pages open in less by default. Key navigation:

    • Space or f: scroll forward one page
    • b: scroll backward one page
    • G: jump to the end (where the flag is)
    • g: jump to the beginning
    • /pattern: search for a pattern (e.g. /picoCTF)
    • q: quit

    Real-world significance. Hiding data inside documentation is obfuscation, not real steganography; anyone reading the docs end-to-end will see it. In real penetration testing, reading all available documentation, comments, and metadata of a target system is called information gathering or reconnaissance; you never know what useful details (API keys, internal URLs, debug flags) might be left in plain sight inside docs and comments.

Flag

picoCTF{us3l3s...it3d_4373}

No exploitation is required; just follow the hints inside the tool’s documentation.

Want more picoCTF 2023 writeups?

Browse picoCTF 2023Full library

Useful tools for General Skills

Related reading

What to try next