This file was found among some files marked confidential but
my pdf reader cannot read it, maybe yours can.
You can download the file from here.
wget https://artifacts.picoctf.net/c/80/Flag.pdf
After doing cat Flag.pdf you can see that this looks like a script and at the top of the file it says to run the file with sh.
When doing sh Flag.pdf I got this message:
This can be fixed by getting shell archive utilities with sudo apt install sharutils.
Now it created a new file called "flag".
By look in man ar you can see that "x" is how you extract.
ar x flag
That now gives another file.
After running file once again it shows that it is a cpio archive. Once again looking at the man page to see the correct syntax for extracting.
cpio --file flag -i
This didn't work because of a file collision because there is no file exentsion. To fix this just do mv flag flag.cpio, then run cpio --file flag.cpio -i again.
Running file on the output of that shows "bzip2 compressed data". Looking at the man page again for syntax and than running this command bzip2 flag -d.
That create flag.out which is gzip compressed data. I then did gunzip flag.out, but it didn't know the suffix. So I did mv flag.out flag.gz then gunzip flag.gz.
This gave another file called flag which is lzip compressed data. I then had to do sudo apt install lzip. From there I once again looked at the man page for syntax. It can be assumed you can find the correct syntax for decompression in the man page every time. I then did lzip flag -d.
This gave a flag.out file which was LZ4 compressed data.
I had to do sudo apt install lz4. Then I did lz4 flag.out -d which gave an error because of the extension so I did mv flag.out flag.lz4. lz4 -d is the same as unlz4 so I now did unlz4 flag.lz4 and it gave another file called flag.
This file is LZMA compressed data. I then did lzma flag -d, error because of suffix. mv flag flag.lzma then lzma flag.lzma -d. This gave another file called flag.
This file is lzop compressed data. I then had to do sudo apt install lzop. Then lzop flag -d, then because of unknown suffix error mv flag flag.lzop. Now I could do lzop flag.lzop -d.
This gave another file named flag which is once again using lzip compressed data. So I did lzip flag -d.
This then gave a flag.out file which is XZ compressed data. I then did unxz flag.out, unknown suffix error so mv flag.out flag.xz. Then unxz flag.xz.
This gave another flag file which when running "file" finally showed ascii text.
However when I cat the file out, cat flag. It gives something that looks encoded in hexadecimal.
Then by runing this, cat flag | xxd -r -p, it decodes the output and gives the flag. "-r" is to reverse the hex, and "-p" is to print it out.
Flag: picoCTF{f1len@m3_m@n1pul@t10n_f0r_0b2cur17y_3c7...}