Type: Forensic / Log analysis
Files in archive: tutorial.txt, access.log
Password to extract archive: ThisIsAFunTutorial1#
About: Throughout the Grimoires of the Gauntlet, you'll have to investigate attacks, analyze malicious files, and identify threat actors. For each exercise, you will have to provide answers in different formats. While you may be used to answering exercises in the Offsec Learning Platform with a specific flag or term, the exercises of the Gauntlet often need to be answered using descriptive text.
This writeup is a step‑by‑step practical guide to solving the Tutorial challenge. Follow the commands exactly on your analysis machine where the ZIP and logs are available. All commands assume a Linux-like environment (bash).
1. Setup & sanity checks
Create a working directory and copy the ZIP archive into it (or
cdinto the folder where you uploaded the files):
mkdir -p ~/grimoire_tutorial && cd ~/grimoire_tutorial
# move the zip here, or operate in place
Verify the files you have (confirm
tutorial.txtandaccess.logare present after extraction step below):
ls -la
file tutorial.txt access.log || true
file is useful to check if tutorial.txt is a plain text file or something encoded/packed.
2. Extract the tutorial ZIP (if zipped)
If the challenge provided a ZIP you must extract it with the given password. Replace archive.zip with the actual ZIP name.
unzip -l archive.zip # list contents (optional)
unzip -P 'ThisIsAFunTutorial1#' archive.zip
# or: unzip -P ThisIsAFunTutorial1# archive.zip
ls -la
You should now see tutorial.txt and access.log (or equivalents).
