Digital Defenders CTF: Forensics challenge (7h3_Analyst) writeup
The Capture the Flag (CTF) competition was organized by CySecK — the K-Tech Centre of Excellence in Cyber Security — in association with the Centre for Networked Intelligence (CNI) (located in the Indian Institute of Science, Bengaluru) and Cisco Systems India Pvt. Ltd. The aim of the CTF was to promote awareness of cybersecurity and to guide and train young adults who were currently pursuing technical education in different types of cybersecurity violation scenarios.
During this period, participants would need to attend webinars that would be delivered by technical experts from Cisco and bi0s on the following topics:
- Web Application Security
- Network Security
- Cryptography
- Forensics
In this blog we will have a look at how I solved all the challenges one by one starting with the Forensics challenges first.
7h3_Analyst
Firstly we are going to check the present profiles
Then we are going to make a list of all the running programs in the image file
Next we will run a filescan for checking the files
We need to grep the files of bi0s
We come across a zip file as hinted in description
We can dump it using the dumpfiles function
We crack the password and find it to be Batman33
The content inside is a text file containing a text
bhfshqsejovlgkqi
Upon checking environment variables we come across a password key called
biosdfir
Let us now keep it aside and check the contents of the user’s chrome history
Here we find a suspicious file which leads us to a pastebin link
We use the text in the zip and the key to decrypt what seems to be a vingenere cipher and find the password to be
azraelknightdfir
Finally we open the pastebin link using the password and find our flag
Thank you for reading!
Please follow the series for the rest of Digital Forensics Challenges!
Also don’t forget to follow the other categories of this CTF!