Archive Operations
Extract dead drops. Compress exfil packages. Master archive formats.
CLASSIFIED SCENARIO
Your handler has left a dead drop containing encrypted archives with intelligence materials. You must extract and analyze the contents, then prepare a compressed package for secure transmission to headquarters. Time is critical - the dead drop location may be compromised.
Why Archive Operations Matter
In the field, data rarely comes in convenient single files. Intelligence arrives in compressed archives, exfiltration requires packaging gigabytes into manageable chunks, and evidence must be preserved with integrity.
- Dead drops - Archives hide content and reduce file count
- Exfiltration - Compression reduces transfer time and detection window
- Evidence preservation - Archives maintain directory structure and metadata
- Steganography - Archives can be hidden within other files
Operational Uses
- tar - Preserve permissions, ownership, timestamps for forensics
- gzip/gunzip - Single file compression, often combined with tar
- zip/unzip - Cross-platform, password protection available
- Inspection - Always inspect archive contents before extraction
Core Archive Commands
tar - Tape Archive
Bundle files/directories while preserving structure and permissions. The backbone of Linux archiving.
gzip/gunzip - Compression
Compress single files. Often combined with tar for .tar.gz (tarballs).
zip/unzip - Universal Format
Cross-platform archives. Supports password encryption. Common for dead drops.
tar Command Deep Dive
Creating Archives
# Create tar archive
$ tar -cvf intel.tar /home/operator/classified/
c = create, v = verbose, f = filename
# Create compressed tarball (.tar.gz)
$ tar -czvf exfil_package.tar.gz /data/target/
z = gzip compression
# Create with bzip2 compression (.tar.bz2)
$ tar -cjvf archive.tar.bz2 /evidence/
Extracting Archives
# Extract tar archive
$ tar -xvf intel.tar
x = extract
# Extract tarball
$ tar -xzvf dead_drop.tar.gz
# Extract to specific directory
$ tar -xzvf package.tar.gz -C /tmp/staging/
Inspecting Without Extracting
# List contents (ALWAYS do this first!)
$ tar -tvf suspicious_archive.tar.gz
-rw-r--r-- handler/ops 2048 2024-01-15 CLASSIFIED_MEMO.pdf
-rw-r--r-- handler/ops 15360 2024-01-15 ASSET_NETWORK.xlsx
-rwxr-xr-x handler/ops 4096 2024-01-15 beacon.sh
[!] Note executable beacon.sh - could be malicious!
zip Operations
# Create zip archive
$ zip -r intel_package.zip /classified/
# Create password-protected zip
$ zip -e -r secure_drop.zip /sensitive/
Enter password: ********
# Extract zip
$ unzip dead_drop.zip
# List zip contents without extracting
$ unzip -l suspicious.zip
Quick Reference
| Operation | tar | zip |
|---|---|---|
| Create | tar -cvf archive.tar files/ |
zip -r archive.zip files/ |
| Create compressed | tar -czvf archive.tar.gz files/ |
zip -r archive.zip files/ |
| Extract | tar -xvf archive.tar |
unzip archive.zip |
| List contents | tar -tvf archive.tar |
unzip -l archive.zip |
| Compress file | gzip file |
zip file.zip file |
| Decompress | gunzip file.gz |
unzip file.zip |
tar Flag Memory Aid
c = Create archive
x = eXtract archive
t = lisT contents
v = Verbose (show files)
f = File (specify filename)
z = gZip compression
j = bJip2 compression
Common combos:
tar -czvf = Create Zipped Verbose File
tar -xzvf = eXtract Zipped Verbose File
tar -tvf = lisT Verbose File
Ready to Handle Dead Drops?
Test your archive skills, then extract real intelligence packages.