# Operation Oni

## Description
Download this disk image, find the key and log into the remote machine.
Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory.
[Download disk image](https://artifacts.picoctf.net/c/376/disk.img.gz)
Remote machine:
`ssh -i key_file -p 60303 [email protected]`

## Solving

1. Mounting the disk image (it is a msdos mbr partition... whole disk)
1. Create temporary dir for mounting `mkdir test`
1. Look into the partitiontable `fdisk -l <file>`
1. After calculating the offset mount:

`mount -o loop,ro,offset=105906176 disk.img test`

1. Look for ssh keyfiles

`find . -name '*id*'`

1. Use the ssh key and try to login.

ssh -i root/.ssh/id_ed25519 -p 60303 [email protected]
1. You will get the flag.

Original writeup (https://www.it-sec.fail/picoctf-2022-forensics-operation-oni/).