Nouman Rahman


picoCTF 2022: Forensics: File types

picoCTF 2022: Forensics: File types

Nouman Rahman's photo
Nouman Rahman
·Oct 24, 2022·

1 min read

Subscribe to my newsletter and never miss my upcoming articles

Play this article

Table of contents

  • Introduction
  • Solution
  • Conclusion


Challenge: File types

Category: Forensics

Description This file was found among some files marked confidential but my pdf reader cannot read it, maybe yours can. You can download the file from here.


The file that was given, I am pretty sure is not a pdf file. We can check the type of file using the file command.

file Flag.pdf

Flag.pdf: shell archive text

It's a shell archive text. As far as I know, we can extract it just by executing the file.

chmod +x Flag.pdf

After executing these commands, you will get a file extracted called flag. Let's what file type it is.

file flag

flag: current ar archive

As we can see it's an ar archive. So let's extract it as well.

ar xv flag

We can continue this process of extracting the files by using their file types. In the end, we are gonna get the flag encoded in hex like this:



Therefore, The flag is picoCTF{f1len@m3_m@n1pul@t10n_f0r_0b2cur17y_347eae65}


This challenge was very annoying I would say. You need to extract a lot of files from files. But In the end, we got the flag in a hex form.

Flag: picoCTF{f1len@m3_m@n1pul@t10n_f0r_0b2cur17y_347eae65}

Share this