What does cat of a tar archive show? [on hold]











up vote
3
down vote

favorite












I was doing a penetration testing capture the flag training exercise and found a file called "backup". I checked the file type of "backup" and saw it was gzip compressed. I decompressed it to a file called "test". I then did "cat test" and saw that I was looking at a .bashrc file. But I didn't see anything useful in there and was stuck.



Eventually I found by watching a spoiler that the file type of the file test was a tar archive, and extracting it gave me what I needed.



What I'm confused about is why doing cat on a tar archive showed me one random file from the archive (or likely not random, but maybe the first file), and really nothing indicated that there was more in that file than I was shown (much more). What is going on here? How did cat know to stop after one file? Does it have something to do with how a tar is encoded?



I'd like to understand what's happening.






tar cat







share|improve this question















put on hold as unclear what you're asking by Ipor Sircer, Christopher, Kusalananda, RalfFriedl, Isaac Nov 27 at 0:36


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.











  • 1




    What did you see exactly? What made you think that you were looking at a .bashrc file?
    – Gilles
    Nov 26 at 21:53






  • 1




    did you do any experimenting to confirm your suspicions about tar archives?
    – jsotola
    Nov 26 at 22:24








  • 1




    a tar file is not compressed. You will see the file with a header at the top if you cat it. The file command will identify the nature of the file.
    – Rui F Ribeiro
    Nov 26 at 22:31












  • What does tar -tf test show you? I epect that cat test would give you the contents of the single file contained in the archive along with a single header line interesting to tar.
    – Doug O'Neal
    Nov 26 at 22:42















up vote
3
down vote

favorite












I was doing a penetration testing capture the flag training exercise and found a file called "backup". I checked the file type of "backup" and saw it was gzip compressed. I decompressed it to a file called "test". I then did "cat test" and saw that I was looking at a .bashrc file. But I didn't see anything useful in there and was stuck.



Eventually I found by watching a spoiler that the file type of the file test was a tar archive, and extracting it gave me what I needed.



What I'm confused about is why doing cat on a tar archive showed me one random file from the archive (or likely not random, but maybe the first file), and really nothing indicated that there was more in that file than I was shown (much more). What is going on here? How did cat know to stop after one file? Does it have something to do with how a tar is encoded?



I'd like to understand what's happening.






tar cat







share|improve this question















put on hold as unclear what you're asking by Ipor Sircer, Christopher, Kusalananda, RalfFriedl, Isaac Nov 27 at 0:36


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.











  • 1




    What did you see exactly? What made you think that you were looking at a .bashrc file?
    – Gilles
    Nov 26 at 21:53






  • 1




    did you do any experimenting to confirm your suspicions about tar archives?
    – jsotola
    Nov 26 at 22:24








  • 1




    a tar file is not compressed. You will see the file with a header at the top if you cat it. The file command will identify the nature of the file.
    – Rui F Ribeiro
    Nov 26 at 22:31












  • What does tar -tf test show you? I epect that cat test would give you the contents of the single file contained in the archive along with a single header line interesting to tar.
    – Doug O'Neal
    Nov 26 at 22:42













up vote
3
down vote

favorite









up vote
3
down vote

favorite











I was doing a penetration testing capture the flag training exercise and found a file called "backup". I checked the file type of "backup" and saw it was gzip compressed. I decompressed it to a file called "test". I then did "cat test" and saw that I was looking at a .bashrc file. But I didn't see anything useful in there and was stuck.



Eventually I found by watching a spoiler that the file type of the file test was a tar archive, and extracting it gave me what I needed.



What I'm confused about is why doing cat on a tar archive showed me one random file from the archive (or likely not random, but maybe the first file), and really nothing indicated that there was more in that file than I was shown (much more). What is going on here? How did cat know to stop after one file? Does it have something to do with how a tar is encoded?



I'd like to understand what's happening.






tar cat







share|improve this question















I was doing a penetration testing capture the flag training exercise and found a file called "backup". I checked the file type of "backup" and saw it was gzip compressed. I decompressed it to a file called "test". I then did "cat test" and saw that I was looking at a .bashrc file. But I didn't see anything useful in there and was stuck.



Eventually I found by watching a spoiler that the file type of the file test was a tar archive, and extracting it gave me what I needed.



What I'm confused about is why doing cat on a tar archive showed me one random file from the archive (or likely not random, but maybe the first file), and really nothing indicated that there was more in that file than I was shown (much more). What is going on here? How did cat know to stop after one file? Does it have something to do with how a tar is encoded?



I'd like to understand what's happening.






tar cat




tar cat






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 26 at 22:20









Jeff Schaller

37k1052121




37k1052121










asked Nov 26 at 21:44









Dave

1346




1346




put on hold as unclear what you're asking by Ipor Sircer, Christopher, Kusalananda, RalfFriedl, Isaac Nov 27 at 0:36


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.






put on hold as unclear what you're asking by Ipor Sircer, Christopher, Kusalananda, RalfFriedl, Isaac Nov 27 at 0:36


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.










  • 1




    What did you see exactly? What made you think that you were looking at a .bashrc file?
    – Gilles
    Nov 26 at 21:53






  • 1




    did you do any experimenting to confirm your suspicions about tar archives?
    – jsotola
    Nov 26 at 22:24








  • 1




    a tar file is not compressed. You will see the file with a header at the top if you cat it. The file command will identify the nature of the file.
    – Rui F Ribeiro
    Nov 26 at 22:31












  • What does tar -tf test show you? I epect that cat test would give you the contents of the single file contained in the archive along with a single header line interesting to tar.
    – Doug O'Neal
    Nov 26 at 22:42














  • 1




    What did you see exactly? What made you think that you were looking at a .bashrc file?
    – Gilles
    Nov 26 at 21:53






  • 1




    did you do any experimenting to confirm your suspicions about tar archives?
    – jsotola
    Nov 26 at 22:24








  • 1




    a tar file is not compressed. You will see the file with a header at the top if you cat it. The file command will identify the nature of the file.
    – Rui F Ribeiro
    Nov 26 at 22:31












  • What does tar -tf test show you? I epect that cat test would give you the contents of the single file contained in the archive along with a single header line interesting to tar.
    – Doug O'Neal
    Nov 26 at 22:42








1




1




What did you see exactly? What made you think that you were looking at a .bashrc file?
– Gilles
Nov 26 at 21:53




What did you see exactly? What made you think that you were looking at a .bashrc file?
– Gilles
Nov 26 at 21:53




1




1




did you do any experimenting to confirm your suspicions about tar archives?
– jsotola
Nov 26 at 22:24






did you do any experimenting to confirm your suspicions about tar archives?
– jsotola
Nov 26 at 22:24






1




1




a tar file is not compressed. You will see the file with a header at the top if you cat it. The file command will identify the nature of the file.
– Rui F Ribeiro
Nov 26 at 22:31






a tar file is not compressed. You will see the file with a header at the top if you cat it. The file command will identify the nature of the file.
– Rui F Ribeiro
Nov 26 at 22:31














What does tar -tf test show you? I epect that cat test would give you the contents of the single file contained in the archive along with a single header line interesting to tar.
– Doug O'Neal
Nov 26 at 22:42




What does tar -tf test show you? I epect that cat test would give you the contents of the single file contained in the archive along with a single header line interesting to tar.
– Doug O'Neal
Nov 26 at 22:42










1 Answer
1






active

oldest

votes

















up vote
1
down vote













I will not answer directly to your answer but will give you tools to help you figure out what is happening.



Before you go further, I suggest you to make a backup copy of your current .bashrc file or (preferably) to perform the following in another directory than your $HOME location.



Comparison and experimentation



You can create a tar file (without compression) of a text file and perform a cat on it. You will see some interesting information at the first line : compare it to your backup file.



If you extract a non-tar file (e.g. .bashrc) here is what you will get:



$ tar xvf .bashrc

tar: This does not look like a tar archive

tar: Skipping to next header

tar: Exiting with failure status due to previous errors


As you said that extracting the backup worked, without warning message nor error, it seems this file is a tar archive.



file will be your friend



Before any extraction, you could use the file command. It will indicate you the type of the file:



$ file backup.tar

backup.tar: POSIX tar archive (GNU)

$ file .bashrc

.bashrc: ASCII text


TAR : Tape ARchive



This sounds obvious but tar is a file format that was (and is still) used to create one single file from several other a complete directory. This allows using magnetic tape as a recording medium to save them.



Did you RTFM ?



As always, reading the manual pages of tar and file will help.



The apropos command may also help, as it is a local search engine. As another example, here how you could use it (note the " here which group the search keywords as a single parameter):



apropos "file type"


The answer



Finally (because I am a nice guy), here is an example of the content of a tar file containing a .bashrc file:



$ cat backup.tar | head

.bashrc0000644000175000017500000000711012770726533011656 0ustar  myusermyuser# ~/.bashrc: executed by bash(1) for non-login shells.

# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)

# for examples



# If not running interactively, don't do anything

case $- in

    *i*) ;;

      *) return;;

esac





share|improve this answer






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote













    I will not answer directly to your answer but will give you tools to help you figure out what is happening.



    Before you go further, I suggest you to make a backup copy of your current .bashrc file or (preferably) to perform the following in another directory than your $HOME location.



    Comparison and experimentation



    You can create a tar file (without compression) of a text file and perform a cat on it. You will see some interesting information at the first line : compare it to your backup file.



    If you extract a non-tar file (e.g. .bashrc) here is what you will get:



    $ tar xvf .bashrc
    
tar: This does not look like a tar archive
    
tar: Skipping to next header
    
tar: Exiting with failure status due to previous errors


    As you said that extracting the backup worked, without warning message nor error, it seems this file is a tar archive.



    file will be your friend



    Before any extraction, you could use the file command. It will indicate you the type of the file:



    $ file backup.tar
    
backup.tar: POSIX tar archive (GNU)
    
$ file .bashrc
    
.bashrc: ASCII text


    TAR : Tape ARchive



    This sounds obvious but tar is a file format that was (and is still) used to create one single file from several other a complete directory. This allows using magnetic tape as a recording medium to save them.



    Did you RTFM ?



    As always, reading the manual pages of tar and file will help.



    The apropos command may also help, as it is a local search engine. As another example, here how you could use it (note the " here which group the search keywords as a single parameter):



    apropos "file type"


    The answer



    Finally (because I am a nice guy), here is an example of the content of a tar file containing a .bashrc file:



    $ cat backup.tar | head
    
.bashrc0000644000175000017500000000711012770726533011656 0ustar  myusermyuser# ~/.bashrc: executed by bash(1) for non-login shells.
    
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
    
# for examples
    

    
# If not running interactively, don't do anything
    
case $- in
    
    *i*) ;;
    
      *) return;;
    
esac





    share|improve this answer



























      up vote
      1
      down vote













      I will not answer directly to your answer but will give you tools to help you figure out what is happening.



      Before you go further, I suggest you to make a backup copy of your current .bashrc file or (preferably) to perform the following in another directory than your $HOME location.



      Comparison and experimentation



      You can create a tar file (without compression) of a text file and perform a cat on it. You will see some interesting information at the first line : compare it to your backup file.



      If you extract a non-tar file (e.g. .bashrc) here is what you will get:



      $ tar xvf .bashrc
      
tar: This does not look like a tar archive
      
tar: Skipping to next header
      
tar: Exiting with failure status due to previous errors


      As you said that extracting the backup worked, without warning message nor error, it seems this file is a tar archive.



      file will be your friend



      Before any extraction, you could use the file command. It will indicate you the type of the file:



      $ file backup.tar
      
backup.tar: POSIX tar archive (GNU)
      
$ file .bashrc
      
.bashrc: ASCII text


      TAR : Tape ARchive



      This sounds obvious but tar is a file format that was (and is still) used to create one single file from several other a complete directory. This allows using magnetic tape as a recording medium to save them.



      Did you RTFM ?



      As always, reading the manual pages of tar and file will help.



      The apropos command may also help, as it is a local search engine. As another example, here how you could use it (note the " here which group the search keywords as a single parameter):



      apropos "file type"


      The answer



      Finally (because I am a nice guy), here is an example of the content of a tar file containing a .bashrc file:



      $ cat backup.tar | head
      
.bashrc0000644000175000017500000000711012770726533011656 0ustar  myusermyuser# ~/.bashrc: executed by bash(1) for non-login shells.
      
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
      
# for examples
      

      
# If not running interactively, don't do anything
      
case $- in
      
    *i*) ;;
      
      *) return;;
      
esac





      share|improve this answer

























        up vote
        1
        down vote










        up vote
        1
        down vote









        I will not answer directly to your answer but will give you tools to help you figure out what is happening.



        Before you go further, I suggest you to make a backup copy of your current .bashrc file or (preferably) to perform the following in another directory than your $HOME location.



        Comparison and experimentation



        You can create a tar file (without compression) of a text file and perform a cat on it. You will see some interesting information at the first line : compare it to your backup file.



        If you extract a non-tar file (e.g. .bashrc) here is what you will get:



        $ tar xvf .bashrc
        
tar: This does not look like a tar archive
        
tar: Skipping to next header
        
tar: Exiting with failure status due to previous errors


        As you said that extracting the backup worked, without warning message nor error, it seems this file is a tar archive.



        file will be your friend



        Before any extraction, you could use the file command. It will indicate you the type of the file:



        $ file backup.tar
        
backup.tar: POSIX tar archive (GNU)
        
$ file .bashrc
        
.bashrc: ASCII text


        TAR : Tape ARchive



        This sounds obvious but tar is a file format that was (and is still) used to create one single file from several other a complete directory. This allows using magnetic tape as a recording medium to save them.



        Did you RTFM ?



        As always, reading the manual pages of tar and file will help.



        The apropos command may also help, as it is a local search engine. As another example, here how you could use it (note the " here which group the search keywords as a single parameter):



        apropos "file type"


        The answer



        Finally (because I am a nice guy), here is an example of the content of a tar file containing a .bashrc file:



        $ cat backup.tar | head
        
.bashrc0000644000175000017500000000711012770726533011656 0ustar  myusermyuser# ~/.bashrc: executed by bash(1) for non-login shells.
        
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
        
# for examples
        

        
# If not running interactively, don't do anything
        
case $- in
        
    *i*) ;;
        
      *) return;;
        
esac





        share|improve this answer














        I will not answer directly to your answer but will give you tools to help you figure out what is happening.



        Before you go further, I suggest you to make a backup copy of your current .bashrc file or (preferably) to perform the following in another directory than your $HOME location.



        Comparison and experimentation



        You can create a tar file (without compression) of a text file and perform a cat on it. You will see some interesting information at the first line : compare it to your backup file.



        If you extract a non-tar file (e.g. .bashrc) here is what you will get:



        $ tar xvf .bashrc
        
tar: This does not look like a tar archive
        
tar: Skipping to next header
        
tar: Exiting with failure status due to previous errors


        As you said that extracting the backup worked, without warning message nor error, it seems this file is a tar archive.



        file will be your friend



        Before any extraction, you could use the file command. It will indicate you the type of the file:



        $ file backup.tar
        
backup.tar: POSIX tar archive (GNU)
        
$ file .bashrc
        
.bashrc: ASCII text


        TAR : Tape ARchive



        This sounds obvious but tar is a file format that was (and is still) used to create one single file from several other a complete directory. This allows using magnetic tape as a recording medium to save them.



        Did you RTFM ?



        As always, reading the manual pages of tar and file will help.



        The apropos command may also help, as it is a local search engine. As another example, here how you could use it (note the " here which group the search keywords as a single parameter):



        apropos "file type"


        The answer



        Finally (because I am a nice guy), here is an example of the content of a tar file containing a .bashrc file:



        $ cat backup.tar | head
        
.bashrc0000644000175000017500000000711012770726533011656 0ustar  myusermyuser# ~/.bashrc: executed by bash(1) for non-login shells.
        
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
        
# for examples
        

        
# If not running interactively, don't do anything
        
case $- in
        
    *i*) ;;
        
      *) return;;
        
esac






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 26 at 22:46

























        answered Nov 26 at 22:41









        lauhub

        430616




        430616















            -

            Popular posts from this blog

            Entries order in /etc/network/interfaces

            Image
            4 I have a device with two interfaces, eth0 and eth1. One should get its IP from a DHCP server and the other should get its IP statically. If my /etc/network/interfaces file is configured as follows: auto lo iface lo inet loopback auto eth1 iface eth1 inet dhcp iface eth1 inet6 auto auto eth0 iface eth0 inet static address 10.10.10.10 netmask 255.255.255.0 Everything works great, eth1 gets its IP from the DHCP server, eth0 sets its IP statically from the information given, but if I try to change the order in the file, such as auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.10.10.10 netmask 255.255.255.0 auto eth1 iface eth1 inet dhcp iface eth1 inet6 auto In this case, eth1 fails to get an IP. Does the /etc/network/interface care about th...
            Read more

            新発田市

            Image
            しばたし 新発田市 市のシンボル・新発田城(二の丸隅櫓) 新発田市旗 1934年7月9日制定 新発田市章 1934年7月9日制定 国 日本 地方 中部地方、北陸地方 甲信越地方、信越地方 都道府県 新潟県 団体コード 15206-4 法人番号 5000020152064 面積 533.10 km 2 総人口 96,267 人 [編集] (推計人口、2018年10月1日) 人口密度 181 人/km 2 隣接自治体 新潟市、阿賀野市、胎内市、北蒲原郡聖籠町、東蒲原郡阿賀町 福島県喜多方市 山形県西置賜郡小国町 市の木 サクラ 市の花 アヤメ 市のシンボル 新発田城 新発田市役所 市長 [編集] 二階堂馨 所在地 〒 957-8686 新潟県新発田市中央町3丁目3番3号 北緯37度56分52.5秒東経139度19分38.2秒 外部リンク 公式ウェブサイト ■ ― 政令指定都市 / ■ ― 市 / ■ ― 町 / ■ ― 村 地理院地図 Google Bing GeoHack MapFan Mapion Yahoo! NAVITIME ゼンリン   表示   ウィキプロジェクト 新発田市中心部周辺の空中写真。 1975年撮影の8枚を合成作成。国土交通省 国土画像情報(カラー空中写真)を基に作成。 新発田市 (しばたし)は、新潟県下越地方にある市である。新潟市への通勤率は16.6%(平成22年国勢調査)。 目次 1 概要 2 地理 2.1 隣接している自治体・行政区 3 地域・市街地構成 4 歴史 4.1 市名の由来 4.2 沿革 5 人口 6 行政 6.1 市長 7 経済 7.1 産業 7.1.1 市内の主な企業 7.1.2 漁業 8 姉妹都市・提携都市 8.1 国内 8.2 海外 9 施設・...
            Read more

            Grub takes very long (several minutes) to open Menu (in Multi-Boot-System)

            Image
            0 I have a Multi-Boot-System with 4 different installations of Linux. (1 Manjaro, 3 Mint) spread over 2 hard drives (2 on each). After doing grub-install /dev/sdX and update-grub several times within each installation ... the Grub-menu needs more and more time to open. It started with a few more seconds, now it takes several minutes. I tried to purge and reinstall Grub but this made the problem even worse: apt-get purge grub grub-pc grub-common apt-get install grub-common grub-pc os-prober update-grub What could be causing this problem? linux grub2 multiboot share | improve this question edited 4 mins ago ...
            Read more