Useless — PicoCTF Challenge Walkthrough

Challenge Overview

Initial Analysis

Keywords and hints: In this challenge, players should establish an SSH connection, navigate to the home directory, work with scripts, and extract the flag from it. They haven’t given any hints but have provided utilities like hostname, port number, username, and password.

Prerequisites

• Basic knowledge of shell commands like ssh, ls, cat, and man.

Solution Approach

1. Log on to the picoCTF webshell

Start by accessing the provided webshell environment.

2. Start with the ssh command

Running the ssh command shows the available options and usage for establishing SSH connections

ssh

3. Input the provided credentials

• Use the following syntax to connect to the challenge server:

ssh <hostname> -p <port number> -l <username>

ssh saturn.picoctf.net -p 60103 -l picoplayer

4. Confirm the connection request

When prompted with a security warning, choose yes to accept the connection.

5. Provide the password

Enter the given password, which is password.

6. Explore the user’s home directory

• After connecting, use the ls command to list the files in the home directory:

ls

Ouput will be:

7.Read the useless script

• The script performs arithmetic operations based on command-line arithmetric operations (add, sub, mul, div).
• It provides clues like “read the manual”.

8. Access the manual

• Use the ‘man’ command to view the manual page for the script.

man command in Linux is used to display the user manual of any command that we can run on the terminal.

man useless

The manual contains usage details, examples, and the flag.

Extract the flag from the manual

picoCTF{us3l3ss_ch4ll3ng3_3xpl0it3d_4151}