Disko 2

This challenge requires knowing how to extract a partition and analyze it separately from the others.

1. Identify Partitions with SleuthKit

Use mmls to inspect the disk image:

mmls disko2.dd

2. Extract the Linux Partition

Use dd to extract only the Linux partition:

dd if=disko2.dd of=linux.dd bs=512 skip=2048 count=512000

• if= input disk image

• of= output partition image

• bs=512 bytes per sector

• skip=2048 starting sector

• count=512000 number of sectors

3. Analyze the Extracted Partition

strings linux.dd | grep -i "picoCTF"

made by k0d