picoCTF 2022 | Sleuthkit Apprentice Write-up

Challenge description

Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory.

Category: Forensics


Having downloaded the file, I used binwalk -e to extract the disk image.

Navigating to the extracted directory, I first attempted grep -r pico to try and find a flag, but no dice.

Perhaps a different term could work? Let’s try flag.txt instead.

That’s a hit!

Knowing the file’s location, I just had to navigate there and obtain the flag

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: