Full solution of Easy Husky challenge from ISITDTU Quals 2019.
tl;dr
- Volatility
- Corrupted file analysis
Challenge Points: 534
Challenge Solves: 37
Challenge Description
Full solution
Okay, let us take a look at the challenge file. It is a WindowsXP memory dump.
Let us see the command history using the cmdscan plugin.
They created a directory with the name hu5ky_4nd_f0r3n51c
Okay, let us have a look what files are present in the above-mentioned directory/folder.
The file present in the folder is f149999
So let us dump the file by using the dumpfiles plugin.
As you can see it is reversed RAR archive. Just reverse the bytes to get the proper archive.
Flag
So after obtaining the correct archive, we see that it is password protected. Luckily I guessed that the folder-name was in l33t, so it could be the password. Voila, and we got the flag.
Flag: ISITDTU{1_l0v3_huskyyyyyyy<3} {:.success}