Disko 3 - Forensics Challenge Writeup (picoCTF)

Naresh SNaresh S
1 min read

Link to the challenge

Category: Forensics
Author: Darkraicg492
Flag Format: picoCTF{FLAG}

Challenge Description: Given a disk image file (disko-3.dd.gz) we are tasked to find the hidden flag within it. This time, its not as plain as you think it is!

Hint: How will you search and extract files in a partition?

I started of by decompressing the gzip file (.gz) :

gzip -d disko-3.dd.gz

This gives disko-3.dd.

Then used 7z (7-zip) which lets extract file and folders embedded inside the disk image without mounting it.

7z x disko-3.dd

Upon extracting I found a folder called log within which a compressed file that reads flag.gzincreased my suspection.

Once again I went on to unzip the folder to find a file called flag and then used the strings command to extract the flag from it.

strings flag

That’s how I extracted the flag from this challenge.

Correct Flag
picoCTF{n3v3r_z1p_2_h1d3_26d4f233}

Happy Hacking!!

20
Subscribe to my newsletter

Read articles from Naresh S directly inside your inbox. Subscribe to the newsletter, and don't miss out.

picoCTFforensics

Written by

Naresh S
Naresh S

CyberSecurity Enthusiast diving into OSINT, Forensics, Crypto and CTFs | Learning One challenge at a time | Vice-President bi0s AVV Nagercoil Campus | President IKS AVV Nagercoil Campus | Sharing my journey, writeups & beginner-friendly insights