picoCTF Solutions
picoCTF 2026General SkillsMedium

Piece by Piece

Published: March 20, 2026

Description

After logging in, you will find multiple file parts in your home directory. These parts need to be combined and extracted to reveal the flag.

Setup

Launch the challenge instance and SSH in.

List files in the home directory to see the split archive parts.

ls -la
file *

Solution

  1. Step 1SSH in and list the file parts
    Log into the challenge instance via SSH. Your home directory contains multiple numbered split-archive parts (e.g. file.zip.001, file.zip.002, ... or file.aa, file.ab, ...).
    ssh ctf-player@<HOST> -p <PORT_FROM_INSTANCE>
    ls -la
    file *
  2. Step 2Combine all parts
    Concatenate the parts in sorted order with cat. The glob pattern sorts correctly for numbered suffixes.
    cat *.zip.* > /tmp/combined.zip
    # or if parts use letters (aa, ab, ac...):
    cat *.a? > /tmp/combined.zip
    # or for part1/part2 naming:
    cat *part* > /tmp/combined
    file /tmp/combined*
  3. Step 3Extract the archive
    Identify the combined file type and extract it. Try without a password first; if password-protected try common passwords.
    cd /tmp && unzip combined.zip
    # If password protected, try common ones:
    unzip -P picoCTF combined.zip
    # For tar/gz/xz/bz2:
    tar xf combined || gunzip combined.gz || unxz combined.xz
  4. Step 4Read the flag
    Find and print the flag file from the extracted contents.
    ls /tmp/
    find /tmp -name 'flag*' -o -name '*.txt' 2>/dev/null
    cat /tmp/flag.txt
    grep -r picoCTF /tmp/ 2>/dev/null

Flag

picoCTF{p13c3_by_p13c3_...}

SSH into the server, find the numbered split-archive parts in home directory, combine with `cat *.zip.*`, extract with unzip, and read the flag file.