CTF Challenge Writeup: PicoCTF — like1000

Challenge Description:

This .tar file got tarred a lot.

After downloading the provided file 1000.tar, I extracted it using the following command:

tar -xf 1000.tar

Upon extraction, I noticed that the result was another .tar archive named 999.tar. To confirm the pattern, I extracted 999.tar as well and found 998.tar inside, verifying that the challenge involved a sequence of nested .tar archives, each numbered consecutively from 1000 down to 0 (or until there were no more archives to extract).

Manually extracting each archive would be too slow, so I wrote a Python script to automate the process:

import os
import tarfile
import re

def extract_tar(archive):
    with tarfile.open(archive, 'r') as tar:
        tar.extractall()
        return os.listdir()
def find_next_archive(files, current_number):
    next_number = str(int(current_number) - 1)
    for file in files:
        if file == f"{next_number}.tar":
            return file
    return None
def main(start_archive):
    current_archive = start_archive
    current_number = re.search(r'(\d+)', current_archive).group(1)
    while current_archive:
        print(f"Extracting: {current_archive}")
        extracted_files = extract_tar(current_archive)
        next_archive = find_next_archive(extracted_files, current_number)
        if next_archive:
            current_archive = next_archive
            current_number = re.search(r'(\d+)', current_archive).group(1)
        else:
            print("No more tar archives to extract.")
            break
if __name__ == "__main__":
    main("1000.tar")

Explanation of the script

• extract_tar: Opens and extracts the contents of a .tar file.
• find_next_archive: Searches for the next .tar file by looking for the decremented number (e.g., 999 after 1000).
• main: Loops through each archive, extracting and updating the current archive until no more .tar files are found.

Running the script

After extracting all the nested archives, I listed the files, ignoring the .tar ones, and spotted flag.png.

I opened the flag.png file, and there it was!

picoCTF{l0t5_0f_TAR5}

Conclusion

This challenge tested the ability to automate repetitive tasks using scripting and basic file manipulation skills. Writing the Python script was key to efficiently solving the challenge.

If you found this article useful, follow me for more cybersecurity insights! Let’s connect — send me a message on LinkedIn!

Happy Hacking!