Easy Husky - ISITDTU Quals 2019

Abhiram Kumar


Categories: CTF-Writeups Tags: Windows Memory Analysis ISITDTU-CTF Volatility

Full solution of Easy Husky challenge from ISITDTU Quals 2019.


Challenge Points: 534

Challenge Solves: 37

Solved by: stuxn3t & Nihith

Challenge Description


Full solution

Okay, let us take a look at the challenge file. It is a WindowsXP memory dump.

Let us see the command history using the cmdscan plugin.


They created a directory with the name hu5ky_4nd_f0r3n51c

Okay, let us have a look what files are present in the above-mentioned directory/folder.


The file present in the folder is f149999

So let us dump the file by using the dumpfiles plugin.


As you can see it is reversed RAR archive. Just reverse the bytes to get the proper archive.


So after obtaining the correct archive, we see that it is password protected. Luckily I guessed that the folder-name was in l33t, so it could be the password. Voila, and we got the flag.

Flag: ISITDTU{1_l0v3_huskyyyyyyy<3} {:.success}