Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp
not your home directory.
- We can decompress the disk image with
gunzip disk.flag.img.gz
and then mount it withsudo kpartx -av disk.flag.img
. - In the mounted volume, there is a file
/root/flag.txt.enc
and.ash_history
. Looking at.ash_history
we see the following:
touch flag.txt
nano flag.txt
apk get nano
apk --help
apk add nano
nano flag.txt
openssl
openssl aes256 -salt -in flag.txt -out flag.txt.enc -k unbreakablepassword1234567
shred -u flag.txt
ls -al
halt
-
So, it looks like
flag.txt.enc
was encrypted and salted using aes256 with keyunbreakablepassword1234567
. -
We can decrypt the
flag.txt.enc
and print the flag withopenssl aes256 -d -salt -in flag.txt.enc -out flag.txt -k unbreakablepassword1234567; cat flag.txt
(notice the additional-d
option).
picoCTF{h4un71ng_p457_0a710765}