Skip to content

Commit

Permalink
Quartz sync: Sep 4, 2024, 3:18 PM
Browse files Browse the repository at this point in the history
  • Loading branch information
@Tan-JunWei
Tan-JunWei committed Sep 4, 2024
1 parent 1e4842a commit c3b8321
Show file tree
Hide file tree
Showing 5 changed files with 51 additions and 1 deletion.
Binary file added content/Assets/PicoCTF First FInd .png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added content/Assets/PicoCTF First FInd 2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added content/Assets/PicoCTF First Find 3.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
49 changes: 49 additions & 0 deletions content/PicoCTF/General Skills/First Find.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
---
tags:
- GeneralSkills
- easy
- zip
- grep
- tree
Creation Date:
Last Date:
References:
draft:
modified: 2024-09-04T15:17:56+08:00
---
## Challenge Description
![[PicoCTF First FInd .png]]

Well, from the description, it seems like we can first download the given `zip` file using `wget <link>`, unzip the file, and then find the full path to the file named `uber-secret.txt` so that we can `cat` its contents. Let's try.

### Unzipping
![[PicoCTF First FInd 2.png]]

Unzipping the `files.zip` file created many directories, subdirectories and files within them. Technically, we can see the full path to the `uber-secret.txt` file from the output during the unzipping process. We can straight away run `cat` on this file using its path. But I'd like to show 2 methods of how we can still find the flag without relying on this output.

This is because the `zip` file unzipped did not contain many directories and files (only 10 directories and 12 files). That is one of the reasons why we are able to see the path to the `uber-secret.txt` at a glance. In the event where we receive a much larger `zip` file, the above method will not work, since we were just lucky to be able to see the full path instantly.

### Methods
![[PicoCTF First Find 3.png]]

I have had experience with folders with more than 100,000 directories and 90,000 files. I used the following command to find the full path of a **known** file.

```bash
tree -f -a < folder-name > | grep < search-term (e.g file-name) >
```
- `-a`: All files are printed
- `-f`: Prints the full path prefix for each file (for full path)

We can then `cat` the contents of the file using the full path we just found. This method uses a similar approach to the above method, with the difference being having more control in terms of how you can `grep` your desired search term.

Another method is just using `grep`, but it only works if we know a flag prefix or similar:
```bash
grep -r < search-term > *
```
- `-r`: recursive i.e, search all subdirectories within the current directory
- `*`: select all files and directories in the current directory

The above command can be used if we want to recursively check if the contents of files in the different directories contain our search term. For this challenge specifically, using the search term "pico" will allow us to get the flag.

> [!NOTE] Flag
> picoCTF{f1nd_15_f457_ab443fd1}
3 changes: 2 additions & 1 deletion content/PicoCTF/PicoCTF Writeups.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
modified: 2024-09-04T14:30:18+08:00
modified: 2024-09-04T14:55:35+08:00
---
<!-- ### Forensics
Expand Down Expand Up @@ -156,4 +156,5 @@ modified: 2024-09-04T14:30:18+08:00
- [[Super SSH]]
- [[endianness]]
- [[Big Zip]]
- [[First Find]]
- medium

0 comments on commit c3b8321

Please sign in to comment.