Points: 200 Description: There was a zip file on the desktop. I can't remember the password for it.We saw a zip file named: "null password.zip" on the desktop. When opened, there are 2 files which are encrypted. So it was clear that we needed to crack the zip.
First we looked at some hints from the challenge creator ;)
#Hint for FOR2 "User was too dumb to store the password in the protected zip file itself" #HackIM #ForensicChallenge @nullcon @null0x00
— Prince Komal Boonlia (@boonlia) January 25, 2014
#Hint for FOR2 "Why would someone put two files if it could have been done with one file" #HackIM #ForensicChallenge @nullcon @null0x00
— Prince Komal Boonlia (@boonlia) January 25, 2014
So, Beard-0 (https://twitter.com/Maxthatsme) looked at a freshly booted VM of the image (since I was lazy + forgot to save the initial snapshot and was already working on another Forensic challenge) and looked at the Temp folder in AppData/Local, there he found a folder name Rar$DI99.160 inside which had one of the file "Null final1.pdf". From this we looked at known attacks on zip files and found https://en.wikipedia.org/wiki/Known-plaintext_attack
Chose the "Null final1.pdf" zip file as plaintext file.
No comments:
Post a Comment