FANTASY CTF picoCTF 2025 Solution

Published: April 2, 2025

Description

A short interactive story walks through basic picoCTF rules. Connect over netcat, read the prompts, and pick the right dialogue options to prove you're the real teammate.

Port provided per instance

Launch the instance to reveal the unique port number assigned to your session.

Connect with nc ... | tee fantasy.log from the start so terminal scrollback never matters.

Press Enter until you see Choose an option: (the prompt format changes; watch for it). If the server goes silent for more than 10s, it likely timed out - reconnect.

bash
nc verbal-sleep.picoctf.net <PORT_FROM_INSTANCE> | tee fantasy.log

Solution

Want to try it yourself first?

The guided walkthrough reveals hints one step at a time.

Walk me through it
First time on netcat? The Netcat CTF guide covers the basics, and the picoCTF beginner's guide walks through the platform end-to-end.
  1. Step 1
    Introduce yourself
    Observation
    I noticed the challenge description said to 'pick the right dialogue options to prove you're the real teammate,' which suggested the server would present a menu and I needed to select the option agreeing to the competition rules before any further interaction.
    Press Enter repeatedly through the opening exposition until the first prompt appears. Choose option A to confirm you agree to the competition rules.
    Learn more

    Netcat (nc) is a networking utility that reads from and writes to network connections using TCP or UDP. It is often called the "Swiss Army knife of networking" and is used in CTFs to connect to challenge services that present interactive text-based interfaces. The basic syntax nc hostname port opens a raw TCP connection where you can type input and see server responses.

    Many CTF challenges use netcat-based interactive programs to test that participants understand the rules of the competition, agree to terms, or demonstrate basic interaction skills. These introductory challenges serve as a warm-up and ensure that everyone knows how to connect to challenge services - a prerequisite for every other netcat-based challenge in the competition.

    If netcat is not installed on your system, alternatives include ncat (from nmap), socat (more feature-rich), or even Python's socket module or pwntools' remote() function. On Windows, PowerShell 6+ includes Test-NetConnection for basic connectivity tests, but netcat itself needs to be installed separately.

  2. Step 2
    Respond to the teammate
    Observation
    I noticed the challenge title referenced a 'teammate' dialogue and the server uses a state-machine flow, which suggested a second round of menu prompts would follow the first agreement step and require the same option-A response.
    Press Enter through the next dialog block until the next Choose an option: prompt, then select option A again. If the server doesn't respond to your input, you're probably not in the state you think - check the last prompt you saw before typing.
    Learn more

    Interactive text-based programs sent over TCP often implement simple state machines: the server sends a prompt, waits for input, transitions to a new state based on what it receives, and sends the next prompt. The practical debugging consequence: when the server stops responding, scroll your tee log up to the last prompt the server printed. That tells you exactly which state the server thinks it's in, and therefore what input it's actually expecting.

    In security competitions, rules challenges like this one typically cover important policies: no attacking competition infrastructure, no sharing flags with other teams before the competition ends, no automated scanning of non-challenge systems, and respecting rate limits. These rules protect both the infrastructure and the fairness of the competition for all participants.

  3. Step 3
    Receive the flag
    Observation
    I noticed the setup command piped all server output through tee into fantasy.log, which suggested using grep on that log file was the cleanest way to extract the picoCTF{...} token without risking terminal scrollback truncation.
    A short mini-game appears next, but the script awards the flag automatically (no skill required). Grep your tee log for picoCTF{ to pull it out cleanly.
    bash
    grep -o 'picoCTF{[^}]*}' fantasy.log

    Expected output

    picoCTF{m1113n1um_3d1710n_76b68...}
    What didn't work first

    Tried: Scrolling up in the terminal instead of grepping the tee log to find the flag

    Many terminal emulators have a limited scrollback buffer and the flag line may have already scrolled out of view, returning nothing. The tee log written to fantasy.log is a complete record of all server output, so grep reliably finds the flag regardless of how much text preceded it.

    Tried: Running grep 'picoCTF' fantasy.log without the -o flag to extract just the flag token

    Without -o, grep prints the entire matching line, which includes surrounding story text and may span multiple lines if the terminal wrapped it - making the flag hard to copy cleanly. The -o flag restricts output to only the matched portion, giving you a clean flag string ready to submit.

    Learn more

    Terminal scrollback buffers store lines that have scrolled off the visible screen. In most terminal emulators (Terminal.app, GNOME Terminal, Windows Terminal, iTerm2), you can scroll up to see past output, search through it with Ctrl+Shift+F or similar shortcuts, or increase the scrollback limit in settings. For very long outputs, redirecting to a file with nc host port | tee output.txt ensures you never miss anything.

    The tee command writes to both standard output and a file simultaneously - useful when you need to see a live stream but also want a permanent record. This technique is helpful throughout CTF competitions: any time you collect output from a challenge service that you might need to reference later, piping through tee saves it automatically.

Interactive tools
  • Base64 & Base32 DecoderDecode Base64 and Base32 strings with auto-detection. Multi-layer mode unwraps nested encodings automatically.
  • Recipe ChainStack decoders into a pipeline: Base64, hex, ROT, XOR, Morse, URL, Atbash, Vigenère, and more. Magic mode auto-discovers the chain. Bookmark the URL to save it.
  • Number Base ConverterConvert numbers between binary, octal, decimal, and hexadecimal instantly. Enter any value and see all four bases update in real time.

Flag

Reveal flag

picoCTF{m1113n1um_3d1710n_76b68...}

The exact number of Enter presses can vary slightly, but choosing option A both times is sufficient to finish the interaction.

Key takeaway

Netcat is the foundational tool for interacting with TCP-based challenge services; every socket-based CTF challenge, from simple banner grabs to complex exploit delivery, relies on this same raw connection primitive. The pattern of connecting, reading a prompt, and sending a response maps directly to real-world network service interaction, penetration testing enumeration, and manual vulnerability verification. Learning to pipe output through tee from the start is a habit that pays off throughout any competition.

Related reading

Want more picoCTF 2025 writeups?

Useful tools for General Skills

What to try next