This challenge after a bit of critical thinking wasn't too hard. Instead of bruteforcing, we realized that we could deduce the characters of the flag by returning their ascii values as the exit codes. Such a bash command looks like this `foo=$(head -c n flag.txt | tail -c 2); exit $(printf '%d' "'$foo")` Where you replace "n" after the -c tag with the index of the character you're looking to exract. After the program exits, you can compare the exit code to an ascii table. Rinse and repeat to get the flag. I could've wrote a script, I just did it manually because the flag was short, but it's clear to see how one could write a python script to iterate over the characters, get their ascii codes, convert them back to characters and get the flag