PicoCTF Disko-3 Full Writeup: Step-by-Step Solution

 Disko-3 Picoctf Full Writeup......

  🧩 Challenge Overview

We were given a raw disk image named disko-3.dd and tasked with recovering a hidden file or  flag. The file system appeared to be a FAT32 volume, and no partitions were listed by fdisk.

 

 

🧰 Tools Used

 

1.file - to identify file type 

2.fls (SleuthKit) - to list files, including deleted entries

3.fdisk - a command-line utility used for partitioning hard drives and info 

4.icat (SleuthKit)- to recover files by inode

  

🔍 Step 1 :-  Inspect the Disk Image Type

 

I first checked the image using the file command

 

 

🔍 Step 2 :-  List Files and also Deleted 

I used fls to list all files (including deleted ones):

I used grep to easy to find specific file.

You can see that I found a file maybe it's the flag file. The '+' symbol indicates it is deleted, and 522628 is the inode number.

🔍 Step 3 :-  Recover the Deleted File and Read the flag.

To recover the file, I used icat, then decompress and reveal the flag.

 

 

      Thank you for reading this writeup.          

 Read More WriteUp.....

Read More Blog........

What is the Methodology of Hacking?....

Understanding Malware: Top Common Types and How They Work...

Top 10 Cyber Attacks: The Biggest Digital Threats....

What is nmap? How to Use Nmap?........

Top 5 Best Operating System (OS) For Hacking......