Disko 1 - Forensics Challenge Writeup (picoCTF)

Naresh SNaresh S
1 min read

Link to the challenge

Category: Forensics
Author: Darkraicg492
Flag Format: picoCTF{FLAG}

Challenge Description: Given a disk image file (disko-1.dd.gz) we are tasked to find the hidden flag within it.

Hint: The hint provided suggests the use of strings command.

I started of by decompressing the gzip file (.gz) :

gzip -d disko-1.dd.gz

This gives disko-1.dd.

Then I used the the file command to understand the file format as it helps know the kind of image we are dealing with.

file disko-1.dd

From which it is pretty sure that the image contains a FAT32 filesystem some thing that is often used in flashdrives and other removable media.

Since disk images contain various data the strings command facilitates extracting all human-readable texts which helps identifying the flag without analyzing the file system. Since the flag format is specified i used grep command to extract the flag.

strings disko-1.dd | grep -i picoCTF

Correct Flag:
picoCTF{1t5_ju5t_4_5tr1n9_e3408eef}

Happy Hacking!!

41
Subscribe to my newsletter

Read articles from Naresh S directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Naresh S
Naresh S

CyberSecurity Enthusiast diving into OSINT, Forensics, Crypto and CTFs | Learning One challenge at a time | Vice-President bi0s AVV Nagercoil Campus | President IKS AVV Nagercoil Campus | Sharing my journey, writeups & beginner-friendly insights