The Investigate S3 Bucket terminal was beside my friend Shinny Upatreein the Castle Approach. He described loosing Santa's package in an S3, and then having the package under an unknown wrapper. Interesting....

Once getting to the shell, a quick survey shows a file called TIPS and a directory called bucket_finder, within which is a README, a script called bucket_finder.rb and a wordlist. Looking at the TIPS, it states multiple text editors are available, which implies we need to modify a file. The README tells how to execute the script.

Looking through the ruby script shows a hint if a wordlist of more than 50 words is used: use the hints in the challenge description to create the wordlist. Hmm... Within the description, the word Wrapper3000 is in red. Let's try adding that to the wordlist using the command echo Wrapper3000 >> wordlist

Running the script with ./bucket_finder.rb --download wordlist didn't work, but then I remembered that s3 buckets only support lower case names, so I added the value to wrapper3000. Bingo! A file has been downloaded.

Looking in the directory where the script downloaded all s3 objects, there is a file called package. Inspecting with the command file as file package shows it to be ASCII. Looking at the file contents with cat package, it appears to be a single string. Hmmm... This looks like base64.

Decoding this in base64 and directing the output to a file named package2 with cat package | base64 -d > package2. Using file to determine the magic number with file package2 shows this as a zip archive, so let's try unzipping it with unzip package2. This produces a file called package.txt.Z.xz.xxd.tar.bz2 which the file command file package.txt.Z.xz.xxd.tar.bz2 confirms it to be a bunzip2 file. Using bunzip2 on this file with bunzip2 package.txt.Z.xz.xxd.tar.bz2 produces package.txt.Z.xz.xxd.tar. Extracting this tar with tar -xvf package.txt.Z.xz.xxd.tar produces a file called package.txt.Z.xz.xxd. Hmmm, this file is ASCII, and it looks like a hex dump.

A quick google shows xxd as a tool to make a hexdump of a file which I revert back to binary and direct to a file with xxd -r package.txt.Z.xz.xxd > package.txt.Z.xz. The XZ compressed file is expanded with xz --uncompress to produce package.txt.Z. Using uncompress on this with uncompress package.txt.Zfinally produces the file package.txt, which when read shows the objective flag.

An overview of all people, places, and events can be learned in the Introduction.