Access the instance with the given credentials
Check the checksum.txt
this is a sha256 hash of the correct file
From this, we need to check the files in “files” directory to see which one is matched. If we look in the files directory there are too many options to guess and check
$ sha256sum files/*
Then use the use grep to pipe the result that matches the checksum
$ sha256sum files/* | grep "467a10447deb3d4e17634cacc2a68ba6c2bb62a6637dad9145ea673bf0be5e02"
c6c8b911 matches the checksum
$ file files/c6c8b911
$ ./decrypt.sh files/c6c8b911
There you go, the flag:
picoCTF{trust_but_verify_c6c8b911}