Disko 3 - Forensics Challenge Writeup (picoCTF)


Category: Forensics
Author: Darkraicg492
Flag Format: picoCTF{FLAG}
Challenge Description: Given a disk image file (disko-3.dd.gz) we are tasked to find the hidden flag within it. This time, its not as plain as you think it is!
Hint: How will you search and extract files in a partition?
I started of by decompressing the gzip file (.gz
) :
gzip -d disko-3.dd.gz
This gives disko-3.dd
.
Then used 7z
(7-zip) which lets extract file and folders embedded inside the disk image without mounting it.
7z x disko-3.dd
Upon extracting I found a folder called log
within which a compressed file that reads flag.gz
increased my suspection.
Once again I went on to unzip the folder to find a file called flag
and then used the strings
command to extract the flag from it.
strings flag
That’s how I extracted the flag from this challenge.
Correct Flag
Happy Hacking!!
Subscribe to my newsletter
Read articles from Naresh S directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Naresh S
Naresh S
CyberSecurity Enthusiast diving into OSINT, Forensics, Crypto and CTFs | Learning One challenge at a time | Vice-President bi0s AVV Nagercoil Campus | President IKS AVV Nagercoil Campus | Sharing my journey, writeups & beginner-friendly insights