Pitter, Patter, Platters is a forensics challenge worth 200 points.
The description of this puzzle is:
'Suspicious' is written all over this disk image. Download suspicious.dd.sda1
This puzzle provides a disk image
% file suspicious.dd.sda1 suspicious.dd.sda1: Linux rev 1.0 ext3 filesystem data, UUID=fc168af0-183b-4e53-bdf3-9c1055413b40
First, I tried mounting this image and poking around on the filesystem:
sudo mount -o ro suspicious.dd.sda1 /mnt
Poking around on the filesystem, there is a file
suspicious-file.txt in the root directory with the following content:
Nothing to see here! But you may want to look here -->
There is also a directory
tce which includes a tarball
mydata.tgz. This archive contained a user’s shell history, some packages, and other stuff that didn’t end up being useful. I wasted a good hour or so reviewing files on this disk and didn’t end up finding anything resembling a flag.
I was kind of at a loss at this point, but thinking about what clues I do have and the type of puzzle this is, I think that the flag may be hidden in slack space or stuffed into some other unused area on the disk that isn’t showing up normally. It is also odd that the clue has an arrow pointing to nothing.
Next, I opened this disk with Active@ Disk Editor and searched for
Nothing to see here. This revealed the flag:
One thought on “picoCTF 2020 Pitter, Patter, Platters Writeup”
Pingback: picoCTF Writeups – DMFR SECURITY