Skip to content

Latest commit

 

History

History
40 lines (23 loc) · 2 KB

Shellter_SHX#17.md

File metadata and controls

40 lines (23 loc) · 2 KB

CTF Name: Shellter SHX#17

Category Forensics

Challenge #1: Recover

Downloading the challenge file, we can just use strings on it and grep for 'password'. This reveals most of the flag, but using grep again for the content inside the brackets uncovers the entire flag.

Challenge #2: os.environ.get

I actually tried to mount and explore this drive image, but it wasn't leading anywhere, so back to strings! I ran strings on the whole drive and exported it into a .txt file, and then started to search for various keywords. Since we know the issue is with os.environ.get, we can assume it has to do with a problem with something related to "PATH=". Searching for this as a keyword, we can find a string of hex characters with a tiny hint that says "HEX2ASCII".

So, converting from hex to ascii we get our flag!

Challenge #3: Suspicious Behavior

This challenge uses the same drive image as the prior challenge, and I haphazardly came upon this while searching for some keywords. Using "OS=" as a keyword, I found a suspicious string of what looked to me like hexidecimal characters, and sure enough, when converting them into ascii, we got our flag locating the malware!