Disco-3 is a forensic ctf to find the flag

Download the disk image from the site: https://play.picoctf.org/practice/challenge/507?difficulty=2&page=1

Use the following commands to extract the flag from disk images

Step 1:

┌──(kaliॐKurukshetra)-[PICOCTF] └─$ ls disko-3.dd

We can see the folder is present here

Step 2:

┌──(kaliॐKurukshetra)-[PICOCTF] └─$ file disko-3.dd disko-3.dd: DOS/MBR boot sector, code offset 0x58+2, OEM-ID "mkfs.fat", Media descriptor 0xf8, sectors/track 32, heads 8, sectors 204800 (volumes > 32 MB), FAT (32 bit), sectors/FAT 1576, serial number 0x49838d0b, unlabeled

File command

Tells you what type of file you're dealing with.

• It reads magic numbers (unique byte sequences at the start of files) to identify the file type.
• It does NOT rely on file extensions (.jpg, .zip, .txt) — it's smarter than that.

Step 3:

┌──(kaliॐKurukshetra)-[/media/sf_PICOCTF] └─$ binwalk -e disko-3.dd

Once the binwalk complete the extraction of flag go to folder

Scans files for embedded files or data, often used in firmware or forensic analysis.

• It performs a binary entropy and signature scan.