Get your flag is a forensic challenge that was part of the MetaRed CTF 2022 (4th STAGE). We were given a binary file and the task to find the flag with “tools”.

File

$ file b1n@ri0
b1n@ri0: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), \
    dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, \
        for GNU/Linux 3.2.0, \
            BuildID[sha1]=506b7be935d8940c672ab0d40d2e03ebd746155b, \
                with debug_info, not stripped

Solution

The file command already tells us that the file is a 64-bit ELF executable, wich is not stripped…

Thanks to the strings command, we can get the flag without running or decompiling the binary.

$ strings b1n@ri0 | grep flag
Oh, help? I actually don't do much, but I do have this flag here: \
    flag{T3@m_H3rE_1s_yU0r_Fl@G_XD}"@@@@@
_flags
/opt/hacksports/shared/staging/Wave a flag_2_9470317830239579/\
    problem_files
_flags2

Flag

The flag is “flag{T3@m_H3rE_1s_yU0r_Fl@G_XD}”.