Digital Defenders CTF: Forensics challenge (7h3_Analyst) writeup

Md Tajdar Alam Ansari
3 min readSep 27, 2023

--

The Capture the Flag (CTF) competition was organized by CySecK — the K-Tech Centre of Excellence in Cyber Security — in association with the Centre for Networked Intelligence (CNI) (located in the Indian Institute of Science, Bengaluru) and Cisco Systems India Pvt. Ltd. The aim of the CTF was to promote awareness of cybersecurity and to guide and train young adults who were currently pursuing technical education in different types of cybersecurity violation scenarios.

During this period, participants would need to attend webinars that would be delivered by technical experts from Cisco and bi0s on the following topics:

  • Web Application Security
  • Network Security
  • Cryptography
  • Forensics

In this blog we will have a look at how I solved all the challenges one by one starting with the Forensics challenges first.

7h3_Analyst

Firstly we are going to check the present profiles

Then we are going to make a list of all the running programs in the image file

Next we will run a filescan for checking the files

We need to grep the files of bi0s

We come across a zip file as hinted in description

We can dump it using the dumpfiles function

We crack the password and find it to be Batman33

The content inside is a text file containing a text

bhfshqsejovlgkqi

Upon checking environment variables we come across a password key called

biosdfir

Let us now keep it aside and check the contents of the user’s chrome history

Here we find a suspicious file which leads us to a pastebin link

https://pastebin.com/2FA017n7

We use the text in the zip and the key to decrypt what seems to be a vingenere cipher and find the password to be

azraelknightdfir

Finally we open the pastebin link using the password and find our flag

Thank you for reading!
Please follow the series for the rest of Digital Forensics Challenges!
Also don’t forget to follow the other categories of this CTF!

--

--

Md Tajdar Alam Ansari
Md Tajdar Alam Ansari

No responses yet