Disko 1 - Forensics Challenge Writeup (picoCTF)


Category: Forensics
Author: Darkraicg492
Flag Format: picoCTF{FLAG}
Challenge Description: Given a disk image file (disko-1.dd.gz
) we are tasked to find the hidden flag within it.
Hint: The hint provided suggests the use of strings command.
I started of by decompressing the gzip file (.gz
) :
gzip -d disko-1.dd.gz
This gives disko-1.dd
.
Then I used the the file
command to understand the file format as it helps know the kind of image we are dealing with.
file disko-1.dd
From which it is pretty sure that the image contains a FAT32 filesystem some thing that is often used in flashdrives and other removable media.
Since disk images contain various data the strings
command facilitates extracting all human-readable texts which helps identifying the flag without analyzing the file system. Since the flag format is specified i used grep
command to extract the flag.
strings disko-1.dd | grep -i picoCTF
Correct Flag:
Happy Hacking!!
Subscribe to my newsletter
Read articles from Naresh S directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Naresh S
Naresh S
CyberSecurity Enthusiast diving into OSINT, Forensics, Crypto and CTFs | Learning One challenge at a time | Vice-President bi0s AVV Nagercoil Campus | President IKS AVV Nagercoil Campus | Sharing my journey, writeups & beginner-friendly insights