Writeup by brf-f for Layer Cake 2/3

Understanding the Challenge

This challenge gives us a link to a docker image: https://hub.docker.com/r/anssi/fcsc2024-forensics-layer-cake-2.

The flag is located in a deleted file.

Solution

Saving as .tar file:

docker save -o image.tar IMAGE_NAME:TAG

Extracting .tar files, navigate to correct layer, extract layer.tar.

Now just cat contents of /temp/secret. We get the flag:

FCSC{b38095916b2b578109cbf35b8be713b04a64b2b2df6d7325934be63b7566be3b}