Pursue The Tracks

Catégorie: Forensics Difficulté: easy Flag: HTB{p4rs1ng_mft_1s_v3ry_1mp0rt4nt_s0m3t1m3s}

Challenge

4KB

Description

Luxx, leader of The Phreaks, immerses himself in the depths of his computer, tirelessly pursuing the secrets of a file he obtained accessing an opposing faction member's workstation. With unwavering determination, he scours through data, putting together fragments of information trying to take some advantage on other factions. To get the flag, you need to answer the questions from the docker instance.

Analyse du fichier

On a un fichier .mft donc on peut l’ouvrir avec l’outil MFT Explorer d’Eric Zimmerman pour l’étudier.

Ensuite il suffit de se connecter au serveur et répondre aux questions

→ 2023,2024

There are some documents, which is the name of the first file written?

→ Final_Annual_Report.xlsx

Which file was deleted?

→ Marketing_Plan.xlsx

How many of them have been set in Hidden mode?

→ 1

Seul le fichier credentials.txt a le flag hidden

Which is the filename of the important TXT file that was created?

→ credentials.txt

A file was also copied, which is the new filename?

→ Financial_Statement_draft.xlsx

Which file was modified after creation?

→ Project_Proposal.pdf

What is the name of the file located at record number 45?

→ Annual_Report.xlsx

What is the size of the file located at record number 40?

→ 57344

Script de résolution

from pwnlib.tubes.remote import remote

def solve(host, port):
	client = remote(host, port)
	client.recvuntil(b'> ').decode()
	client.sendline(b'2023,2024')
	client.recvuntil(b'> ').decode()
	client.sendline(b'Final_Annual_Report.xlsx')
	client.recvuntil(b'> ').decode()
	client.sendline(b'Marketing_Plan.xlsx')
	client.recvuntil(b'> ').decode()
	client.sendline(b'1')
	client.recvuntil(b'> ').decode()
	client.sendline(b'credentials.txt')
	client.recvuntil(b'> ').decode()
	client.sendline(b'Financial_Statement_draft.xlsx')
	client.recvuntil(b'> ').decode()
	client.sendline(b'Project_Proposal.pdf')
	client.recvuntil(b'> ').decode()
	client.sendline(b'Annual_Report.xlsx')
	client.recvuntil(b'> ').decode()
	client.sendline(b'57344')
	flag = client.recvall(timeout=1).decode().split(': ')[1].strip()
	print(f"Flag: {flag}")

if __name__ == '__main__':
	solve('94.237.62.195', 45890)

PrécédentPhreaky SuivantUrgent

Mis à jour il y a 1 an

hashtagChallenge

hashtagDescription

hashtagAnalyse du fichier

hashtagFiles are related to two years, which are those?

hashtagThere are some documents, which is the name of the first file written?

hashtagWhich file was deleted?

hashtagHow many of them have been set in Hidden mode?

hashtagWhich is the filename of the important TXT file that was created?

hashtagA file was also copied, which is the new filename?

hashtagWhich file was modified after creation?

hashtagWhat is the name of the file located at record number 45?

hashtagWhat is the size of the file located at record number 40?

hashtagScript de résolution