Home >

Cyber Defense CTF > Forensics

Back <> Next

The flag is in here somewhere…

For this challenge, we are given haystack.zip to download.

The zip folder contains nested directories, each containing 100 txt files named flag.txt, all but one file contains a fake flag.

If we cat out a few of the flags we see that all of the fake flags are the same hex and base64 encoded {fakeflag}. This makes it easy, and we can retrieve the real flag with a simple bash command:

grep -Rv '39 6d 62 47' haystack | cut -d':' -f2 | xxd -r -p | base64 -d && echo

Back <> Next