Distracted user

Flag: HACKDAY{u$Erh4cKdAYF0rENsiCnIV1}

Challenge

Description

Inspector Edgar is one of the heads of the London police force. He’s caught many criminals, though he’s never quite understood how he managed to do it. In truth, he’s a bit clumsy and naïve, but not malicious in the slightest.

Right before going on vacation, he jotted down his password on a scrap of paper. Upon returning, he tried to log in but, being a bit absent-minded, he forgot his username. Not the best situation for logging in, is it?

Come on, give him a hand and look at the snapshot!

Do not run it as a VM it'll change files inside !

sha256: bbd71d5e0435d0abc75d3b969318605bced8ffd847064a65ca9d930769bf61cf

flag format : HACKDAY{username}

https://challenges.s3.rbx.io.cloud.ovh.net/challenges/vm-106-disk-0.qcow2

Solution

On commence par convertir le fichier qcow2 en vmdk, cela permettra de l'étudier avec Autopsy. Ça peut prendre quelques minutes (3-4).

┌──(thaysan)-[~]
└─$ qemu-img convert -f qcow2 -O vmdk vm-106-disk-0.qcow2 vm-106-disk-0.vmdk

Maintenant, on va se balader directement dans l'arborescence du Volume 2. Dans /etc/passwd, on trouve le username : u$Erh4cKdAYF0rENsiCnIV1

PrécédentCopperwire Extraction SuivantI believe you can't fly

Dernière mise à jour il y a 5 mois

Cet article vous a-t-il été utile ?