หน้าเว็บ

วันอาทิตย์ที่ 7 ธันวาคม พ.ศ. 2557

SECCON CTF 2014: Get the key.txt (Forensics) Write-up


Description:
forensic100.zip
Solution: 
         Download forensic100.zip and check file type first, It return Linux rev 1.0 ext2 filesystem data, and I find some command to mount this image and I try mount command # mount -t ext2 -o ro,loop forensic100 ./mnt, Go into mnt folder and check file type of  file 1, Result is 1: gzip compressed data, was "key.txt", key.txt!, Next step uncompress it with zcat command and I found a flag.


root@ubuntu:/home# file forensic100 
forensic100: Linux rev 1.0 ext2 filesystem data, UUID=0b92a753-7ec9-4b20-8c0b-79c1fa140869
root@ubuntu:/home# mount -t ext2 -o ro,loop forensic100 ./mnt
root@ubuntu:/home# cd /mnt
root@ubuntu:/home/mnt# ls
1    114  13   145  160  176  191  206  221  237  32  48  63  79  94
10   115  130  146  161  177  192  207  222  238  33  49  64  8   95
100  116  131  147  162  178  193  208  223  239  34  5   65  80  96
101  117  132  148  163  179  194  209  224  24   35  50  66  81  97
102  118  133  149  164  18   195  21   225  240  36  51  67  82  98
103  119  134  15   165  180  196  210  226  241  37  52  68  83  99
104  12   135  150  166  181  197  211  227  242  38  53  69  84  lost+found
105  120  136  151  167  182  198  212  228  243  39  54  7   85
106  121  137  152  168  183  199  213  229  244  4   55  70  86
107  122  138  153  169  184  2    214  23   25   40  56  71  87
108  123  139  154  17   185  20   215  230  26   41  57  72  88
109  124  14   155  170  186  200  216  231  27   42  58  73  89
11   125  140  156  171  187  201  217  232  28   43  59  74  9
110  126  141  157  172  188  202  218  233  29   44  6   75  90
111  127  142  158  173  189  203  219  234  3    45  60  76  91
112  128  143  159  174  19   204  22   235  30   46  61  77  92
113  129  144  16   175  190  205  220  236  31   47  62  78  93
root@ubuntu:/home/mnt# file 1
1: gzip compressed data, was "key.txt", from Unix, last modified: Wed Oct  1 13:00:52 2014
root@ubuntu:/home/mnt# zcat 1
SECCON{@]NL7n+-s75FrET]vU=7Z}
root@ubuntu:/home/mnt# 

Flag: SECCON{@]NL7n+-s75FrET]vU=7Z}

ไม่มีความคิดเห็น:

แสดงความคิดเห็น