Description
Find uber-secret.txt hidden somewhere inside the provided archive. Hidden directories (those prefixed with a dot) might conceal the answer.
Setup
Local forensicsDownload files.zip
Download the archive and extract it. Grep can inspect the expanding tree faster than manual browsing.
Hidden directories (prefixed with .) appear once the archive is unzipped, so make sure your shell shows them.
wget https://artifacts.picoctf.net/c/500/files.zip
unzip files.zip && rm files.zip
Solution
- Step 1Locate the hidden folderOnce unzipped, the structure includes .secret nested multiple levels deep. Rather than traversing each directory by hand, let grep reveal which file mentions picoCTF.grep -R pico
- Step 2Inspect uber-secret.txtGrep output shows that files/adequate_books/more_books/.secret/deeper_secrets/deepest_secrets/uber-secret.txt contains the flag. Read it directly to confirm.cat files/adequate_books/more_books/.secret/deeper_secrets/deepest_secrets/uber-secret.txt
- Step 3Trim the outputIf you only want the flag text, pipe grep through an extractor such as grep -oE, cut, or sed to strip away the path prefix.grep -R pico | grep -oE 'picoCTF\{.*\}' --color=none
Flag
picoCTF{f1nd_15_f457_ab44...}
Once you know the hidden directory path, viewing uber-secret.txt prints the precise flag shown by grep.