picoGym | Disk, disk, sleuth! II Write-up

Challenge description

All we know is the file with the flag is named down-at-the-bottom.txt … Disk image: dds2-alpine.flag.img.gz

Category: Forensics

Solution

First, let’s examine the file presented to us by the challenge using the file command.

Looks like it is a gzip archive

Decompressing the archive with the command gzip -d results in the disk image file dds2-alpine.flag.img.

Next, I used the binwalk tool to extract data from the disk image. (binwalk -e dds2-alpine.flag.img). This step produced the following.

Using file on 100000.ext suggests that it is an MBR boot sector image, and ext-root is the extracted root filesystem.

The description of the challenge mentioned a file called down-at-the-bottom.txt. Let’s see if it’s somewhere in ext-root.

Bingo

From here we simply have to read the text file with cat to get our flag.

picoCTF{f0r3ns1c4t0r_n0v1c3_82489dbf}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: