Operation Orchid
First, just $gunzip [file] in /tmp dir and it will give disk.flag.img.
I created a dir called "foo" to store the mounted disk.
sudo mount disk.flag.img /tmp/foo -o offset=$(( [start of slot] * [byte sector]))^ a command that i found to mount disk. ( I selected the last one as this was the only one that had flag.txt.enc inside of it )
I went into super user using sudo su and typed ls -alpr to see everything in the root dir.
cat .ash_history to see what the "user" did previously to see if i can get anything
I saw a line on "openssl aes256 ... " which I came across before in another challenge and to decrypt it i had to change the in file and out file ( producing the flag ) , as well as -d ( to decrypt )
Finally I got the flag :D
Last updated