Post

Solving 'Big Zip' on picoCTF

Posted Updated
By Jacob Macdonnell
2 min read
Solving 'Big Zip' on picoCTF

Challenge Overview

The BigZip challenge involves extracting the flag hidden within a zip file. The zip file contains numerous files and directories, and the goal is to find the flag, which is in the format picoCTF{}, hidden within its contents.

Step-by-Step Solution

Step 1: Download the Zip File

The first step is to download the zip file containing the hidden flag.

1

jacob@Jacobs-PC:~ $ wget https://artifacts.picoctf.net/c/503/big-zip-files.zip

wget is a tool to download files from the internet. We use it here to download the zip file from the provided URL.

Step 2: Extract the Zip File

Next, we extract the contents of the zip file to inspect the files inside.

1

jacob@Jacobs-PC:~ $ unzip big-zip-files.zip

unzip is the command used to extract the contents of a .zip file. After running this, you’ll have a new folder (big-zip-files) containing all the extracted files and folders.

Step 3: Search for the Flag Inside the Extracted Files and Directories

The key step is to search through all the files inside the extracted folder for the flag. Since the zip file may contain many subdirectories, we use the grep command to search recursively through all files.

1

jacob@Jacobs-PC:~ $ grep -r 'picoCTF{' ./big-zip-files/

Explanation of the Command:

  • grep: A command-line tool used for searching specific text or patterns inside files.
  • -r (recursive): The -r flag tells grep to search recursively inside all files and subdirectories of the big-zip-files folder. Without this flag, grep would only search in files located directly in the specified folder, not in any subdirectories.
  • ‘picoCTF{‘: This is the search pattern, which is the start of the flag format. We’re looking for any text that starts with picoCTF{, which is the typical format of the flags in picoCTF challenges.
  • ./big-zip-files/: This is the directory where the zip file was extracted. By specifying this folder, we ensure that the search covers all the files and subfolders inside the big-zip-files directory.
  • Result: If the flag exists within any file inside the extracted contents, grep will display the matching line.

Step 4: Retrieve the Flag

After running the grep command, the flag will be displayed in the terminal. The output will look something like this:

1

picoCTF{3nh4ncd_24374675}

This is the flag for the challenge, and it’s the correct solution.

Summary of Commands

  1. Download the Zip File:
1

jacob@Jacobs-PC:~ $ wget https://artifacts.picoctf.net/c/503/big-zip-files.zip
  1. Extract the Zip File:
1

jacob@Jacobs-PC:~ $ unzip big-zip-files.zip
  1. Search for the Flag:
1

jacob@Jacobs-PC:~ $ grep -r 'picoCTF{' ./big-zip-files/
  1. Retrieve the Flag: The output of the above command will show the flag.
1

picoCTF{3nh4ncd_24374675}

Conclusion

By following the above steps, we successfully extracted and searched through the zip file and retrieved the flag hidden within. The use of the grep -r command allowed us to recursively search all files and directories inside the extracted folder, ensuring that we didn’t miss the flag even if it was buried in subdirectories.

This challenge demonstrates the importance of knowing how to efficiently search through large collections of files, a common task in cybersecurity investigations and CTF competitions.

CTF Competitions, picoCTF
CTF Challenges Linux
This post is licensed under CC BY 4.0 by the author.