#CTF #PicoCTF #Forensics #Linux #LogAnalysishacklido
Introduction
The “IN LOG HUNT” challenge is a log analysis-based CTF where the flag is hidden inside a file named server.log. The challenge is interesting because the flag is not stored in one place — instead, it is broken into multiple fragments and scattered throughout the log entries.
The main task is to identify these fragments and reconstruct the complete flag.
Objective
Find the hidden flag inside server.log
Extract all fragmented pieces
Reconstruct the original complete flag
Step 1: Downloading the File
I started by downloading the log file using the wget command in the Pico CTF webshell:
wget <file_url>
After downloading, I verified the file exists using:
```bash
ls
This confirmed that `server.log` was successfully downloaded.
---
Step 2: Understanding the File
To understand the structure of the log file, I inspected the first few lines:
```bash
head server.log
This helped me observe that the file contained structured log entries, which likely included useful hidden information.
Step 3: Searching for the Flag
Since PicoCTF flags usually follow a pattern like PicoCTF{...}, I searched the file using:
grep "PicoCTF" server.log
This revealed that the flag was not present as a complete string. Instead, it was split into multiple parts across different log entries.
Step 4: Extracting and Reconstructing the Flag
Each fragment was labeled using INFO FLAGPART:. To extract and reconstruct the flag properly, I used the following awk command:
awk -F'INFO FLAGPART: ' '!seen[$2]++ {printf "%s", $2}' server.log
How this works:
-F'INFO FLAGPART: ' → Splits each line at the flag marker!seen[$2]++ → Removes duplicate fragmentsprintf "%s", $2 → Prints fragments continuously to rebuild the flag
After running this command, all fragments were successfully combined into the final flag.
Final Result
The reconstructed flag was displayed successfully, which was then submitted to complete the challenge.
