Task:
Firstly I opened this dump in FTKImager to look for deleted files. It showed nothing just a lot of files, some pictures and .svn repository files. I used The Sleuth Kit to get deleted files by the command
It was placed in some PNG image in a text chunk. By the way I think it was also easy to get strings from the memory dump and look for a flag among them.
So the flag was ASIS_b34c5b5b1b78cf9f352099aa35610ced.
We have received a usb flash backup. Which file the flag is in?
file
Firstly I opened this dump in FTKImager to look for deleted files. It showed nothing just a lot of files, some pictures and .svn repository files. I used The Sleuth Kit to get deleted files by the command
fls -r -d for-75.imgwhich showed a lot of junk and a couple of files which seemed quite good options to get a flag.
r/r * 8221: files/ejabberd/xmlrpc-1.13/src/tcp_serv.erlHowever it wasn't solution. I've also tried to find xmlrpc and ejabberd-modules and compare to get a difference, but it seemed too difficult to let a lot of teams solve this task. So I opened dump in hex editor and started to search for a flag by matching "ASIS_". Second match was the flag to this challenge.
r/r * 8232: files/ejabberd/xmlrpc-1.13/ebin/tcp_serv.beam
So the flag was ASIS_b34c5b5b1b78cf9f352099aa35610ced.
No comments:
Post a Comment