Easy Husky - ISITDTU Quals 2019


tl;dr - Volatility + Corrupted file analysis
Full solution of Easy Husky challenge from ISITDTU Quals 2019.

Challenge Points: 534
Challenge Solves: 37
Solved by: stuxn3t & Nihith

Challenge Description:

Okay, let us take a look at the challenge file. It is a WindowsXP memory dump.

Let us see the command history using the cmdscan plugin.

Cmdscan

They created a directory with the name hu5ky_4nd_f0r3n51c

Okay, let us have a look what files are present in the above-mentioned directory/folder.

Filescan

The file present in the folder is f149999

So let us dump the file by using the dumpfiles plugin.

ghex

As you can see it is reversed RAR archive. Just reverse the bytes to get the proper archive.

So after correcting the archive, we see that it is a locked archive. Hmm, have to search for the password.
Luckily I guessed that the folder-name was in l33t, so it could be the password. Voila, and we got the flag.

ISITDTU{1_l0v3_huskyyyyyyy<3}


 Comments

 Unable to load Disqus, please make sure your network can access.