Disco-2 is a forensic ctf to find the flag with medium level difficulties

Download the disk image from the site: https://play.picoctf.org/practice/challenge/506?difficulty=2&page=1

Use the following commands to extract the flag from disk images

Step 1:

┌──(kaliॐKurukshetra)-[/media/sf_PICOCTF] └─$ ls disko-2.dd.gz

unzip the folder using Gunzip

┌──(kaliॐKurukshetra)-[/media/sf_PICOCTF] └─$ gunzip disko-2.dd.gz

Step 2:

find the information about the file you are dealing

┌──(kaliॐKurukshetra)-[/media/sf_PICOCTF] └─$ file disko-2.dd disko-2.dd: DOS/MBR boot sector; partition 1 : ID=0x83, start-CHS (0x0,32,33), end-CHS (0x3,80,13), startsector 2048, 51200 sectors; partition 2 : ID=0xb, start-CHS (0x3,80,14), end-CHS (0x7,100,29), startsector 53248, 65536 sectors

If you read the output you will get to know it hold multiple partition,use fdisk to list the available partitions within. This will tell us the Start and End sectors for us to extract with ‘dd’

Step 3:

┌──(kaliॐKurukshetra)-[/media/sf_PICOCTF] └─$ fdisk -l disko-2.dd Disk disko-2.dd: 100 MiB, 104857600 bytes, 204800 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x8ef8eaee

Device Boot Start End Sectors Size Id Type disko-2.dd1 2048 53247 51200 25M 83 Linux disko-2.dd2 53248 118783 65536 32M b W95 FAT32