stolen-data Points: 150 Someone accessed the server and stole the flag. Use the network packet capture to find it. Solving Okay – let’s load the pcap file into wireshark and have a further look. First I tried to download all interessting files… html and so on, but this was a dead end. After that I looked in the statistics and
recent-memory Points: 250 Use the memory image in the Google drive link below. An attacker left behind some evidence in the network connections. Follow the attacker’s tracks to find the flag. https://drive.google.com/drive/folders/1ubSx3pwHOSZ9oCShHBPToVdHjTev7hXL Solving Okay let’s analyze the memory file, I will use volitality3 for this. With this command we can get all net sessions stored in the memory. python vol.py
data-backup Points: 250 The backup of our data was somehow corrupted. Recover the data and be rewarded with a flag. Solving My first attempt is to restore the file from the backup with foremost or binwalk -e. So I tried it with binwalk and got some files. Also a PDF file, that contains the flag. jctf{fun_w17h_m461c_by735}
corrupted-file Points: 400 Can you find a way to fix our corrupted .jpg file? Solving First we check the corrupted file with file: $~: file flag_mod.jpg flag_mod.jpg: data Okay, then let’s look with hexedit or something similar, to look for further hints. Okay – I see the JFIF tag in there, but why could we open the image? I checked