capture the flag, hacking

PicoCTF 2017 – Bash Loop

Another day, another challenge…

Today’s blog post we will solve the “Bash Loop” challenge in the PicoCTF challenge.

Let’s start!

Clicking on the challenge we see:


OK… There’s a program we need to execute to find the hidden number. Let’s look at the hints to see what they give us.


OK… the hint tells us that we need to use Google to search for “bash loops”.

First let’s navigate to the folder of the program

Copying the location of the program, right clicking on the command line, selecting paste from browser, and pressing enter we have the following:



We see the bashloop program and the flag.

Executing the bashloop program we see the following:


Let’s do a quick Google search and look for bash loops

Going to the following link, and scrolling down to the for loop we see the following:


Let’s use this for our challenge.

Going back to the command line we enter the following:


Let’s break down the loop…

In the first line we are using a for loop and we’re looping over the range from 0 to 4096 as that is the range of numbers we need to guess over.

The next line we are invoking (calling) the program with the current number in the range (between 0 to 4096). From that we’re grepping (finding) the keyword of flag. The reason we’re doing that is to find the flag. Next line is specifying that we’re ending the loop.

Pressing enter we see that the flag is displayed to us.

Entering this into the input box we acquired 40 points!