picoCTF Solutions
picoCTF 2022ForensicsMedium

Operation Orchid

Published: July 20, 2023

Description

Flag.txt was encrypted into flag.txt.enc using OpenSSL AES256. Recover the password from bash history, export the encrypted file, and decrypt it locally.

Setup

Download disk.flag.img.gz

Load the image into Autopsy and examine `/root/.bash_history` to learn the openssl command used for encryption (password `unbreakablepassword1234567`).

Export flag.txt.enc from the filesystem and copy it to your working directory.

Run `openssl aes256 -d` with the recovered password to obtain flag.txt.

openssl aes256 -salt -in flag.txt.enc -out flag.txt -k unbreakablepassword1234567 -d
cat flag.txt

Solution

  1. Step 1Inspect bash history
    The commands show exactly how the file was encrypted, including the password. That's all you need to undo the process.
    Learn more

    Bash history (~/.bash_history) records every command typed in a terminal session and persists across reboots. It is one of the first places a forensic investigator examines when analyzing a disk image, because it shows exactly what commands a user ran - including commands with sensitive arguments like passwords, API keys, and file paths.

    The critical mistake here is passing the password directly on the command line with -k password. This exposes the password in at least three places: the shell history file, the process list (readable by other users while the command is running via ps aux), and potentially shell log files. The safer approach is to use -pass file:keyfile or let OpenSSL prompt interactively, which keeps the password out of both history and process listings.

    In real forensics, bash history often reveals attacker tooling, downloaded scripts, data exfiltration commands, and privilege escalation attempts. Attackers sometimes try to clear history with history -c or by setting HISTSIZE=0, but the on-disk .bash_historyfile may still contain entries if the session wasn't terminated cleanly.

  2. Step 2Decrypt the file
    Run the inverse openssl command (`-d`) on flag.txt.enc to produce flag.txt and read the picoCTF flag.
    Learn more

    AES-256 (Advanced Encryption Standard with a 256-bit key) is the current gold standard for symmetric encryption. It is used by governments, militaries, and commercial software worldwide. Unlike DES or 3DES, AES has no practical known attacks against the algorithm itself when used correctly - the weakness demonstrated here is entirely in key management, not the cipher.

    OpenSSL's aes256 subcommand uses AES in CBC mode by default with a password-based key derivation function (EVP_BytesToKey) and a random salt (when -salt is specified). The salt is prepended to the ciphertext so that decryption can derive the same key. The -d flag switches from encryption to decryption mode.

    The irony of naming a password unbreakablepassword1234567 while storing it in bash history illustrates the real-world principle that the strength of encryption is only as good as the security of the key. AES-256 is mathematically unbreakable with a good key, but a key stored in plaintext in a recoverable file provides no protection at all.

Flag

picoCTF{h4un71ng_p457_1d02...}

This teaches you to look for operational artifacts (bash history) when analyzing disk images.

Want more picoCTF 2022 writeups?

Browse picoCTF 2022Full library

Useful tools for Forensics

Related reading

What to try next