Get your flag is a forensic challenge that was part of the MetaRed CTF 2022 (4th STAGE). We were given a binary file and the task to find the flag with “tools”.


$ file b1n@ri0
b1n@ri0: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), \
    dynamically linked, interpreter /lib64/, \
        for GNU/Linux 3.2.0, \
            BuildID[sha1]=506b7be935d8940c672ab0d40d2e03ebd746155b, \
                with debug_info, not stripped


The file command already tells us that the file is a 64-bit ELF executable, wich is not stripped…

Thanks to the strings command, we can get the flag without running or decompiling the binary.

$ strings b1n@ri0 | grep flag
Oh, help? I actually don't do much, but I do have this flag here: \
/opt/hacksports/shared/staging/Wave a flag_2_9470317830239579/\


The flag is “flag{T3@m_H3rE_1s_yU0r_Fl@G_XD}”.