The challenge description implies that we will probably have to extract the contents of the provided tar file repeatedly until we finally find a flag. Let’s explore.
Understanding the challenge
We first download the provided tar file by running wget <link>. The downloaded file is named 1000.tar. To extract tar files, I usually run the following command:
tar -xvf < file-name >
-x : Extracts files from a tar archive
-v : Verbosely list files processed
-f : Specifies archive file
After running tar -xvf 1000.tar, we can see that 2 files have been created (999.tar and filler.txt).
I thought that filler.txt may contain something useful or suspicious, but this was the contents in this file:
alkfdslkjf;lkjfdsa;lkjfdsa
It seems like there is nothing of interest currently. I proceeded to run the same command on 999.tar, and received a similar output, in this case 998.tar. I tried to cat the contents of filler.txt again, and the same gibberish was displayed.
However, since another tar file was created this time as well, it seemed like the solution to this challenge is to continue extracting the files again and again, one after the other.
PicoCTF Hint: Try and script this, it'll save you a lot of time
Attempting to solve
To do this, I made the following Python script:
Python script
import tarfiledef is_safe_tar(member, path): return member for i in range(998, 0, -1): # Extract file with tarfile.open(f'{i}.tar', 'r') as tar: tar.extractall(path='.', filter=is_safe_tar)
Note
The reason why is_safe_tar function was required is because there will be an error message displayed if a filter is not specified. This is aimed at preventing unsafe files from being extracted.
Running the script recursively extracts the existing tar files in the directory we are in. Running ls after successful execution of the script reveals that a file named flag.png created in this directory.
Opening this image file awards us with the flag for this challenge.
