# This-file-hides-something ## Challenge Description There is an emergency regarding this file. We need to extract the password ASAP. It's a crash dump, but our tools are not working. Please help us, time is not on our side. PS: Flag format is not standard. [Challenge File](https://api.cyberedu.ro/v1/contest/dctf21/challenge/bf7cde20-89b7-11ec-b6ba-fdc8d6daa06e/download/2001) ## Writeup - We are given with a ``elf`` file . We need to extract the memory image out of it and analyse with ``volatility`` . - We're interested into the first LOAD section, that's where main memory reference is. We can get the correct offset using objdump ![](https://i.imgur.com/LvAIFRp.png) - This section contains the RAM information we care about. We remove the bytes we don’t need - So memory dump is in crashdump.elf, starting at offset 0x25d0 and counting 0x80000000 bytes - Now let's extract the RAM ![](https://i.imgur.com/mC4bSRJ.png) - we use volatility to determine the image profile ![](https://i.imgur.com/0Snr1he.png) - Using hasdump plugin we got the ntlm hash of the password and tried to crack it using crackstation but couldn't get the password ![](https://i.imgur.com/ypA30RT.png) ![](https://i.imgur.com/JVUnpba.png) - So using mimikatz plugin we were able to get the password(Mimikatz is a plugin that pulls plain-text passwords out) ![](https://i.imgur.com/xC9Arql.png) - password : ```Str0ngAsAR0ck! ``` ## Flag **Str0ngAsAR0ck!**
Last changed by  
Goutham Rajesh
124

Read more

Evaluation Task :(

Q1. Name of the computer. DESKTOP-G5R87FV load the eo1 file in ftk,from partition 2 Windows/system32/config extracted all registry files. loaded the system registry in Eric Zemmerman registry exploarer looked at bookmark and checked the computer name Q2. Name of the primary user. snoop(snooptastic461@gmail.com) loaded the software registry file in reg exploarer checked current version and profile list Q3. What OS and version is being used? OS-Windows 10 Pro , version - 2009 , Display Version - 21H2

4/8/2022
Crack 1t

Challenge Description Can you crack this bafe38f09170ebc16dad1bbf11fe55a4 Write Up Its a md5 hash you can crack it using hashcat tool or use any online website that can crack md5 hash here i have used crackstation website Flag inctfj{Hackerboy}

12/30/2021
RAW

Challenge Description Gary loves music. He tries to imagine while listening to music (2930x2930) :) -Challenge File Write Up From the challenge name it gives us a hint to change the extension of file to raw Now try to open the raw file in any image editor or online image editor that can open raw file with the given size. Here I have opened it in photoshop

12/30/2021
Journey to the Center of the Earth

Challenge Description Can you dig down to the center of the Earth? -Challenge File Write Up This is easy challenge just we need to unzip 50 zip files Can solve this challenge by writing a script in any programming language. #!/bin/bash

12/19/2021
Read more from Goutham Rajesh
Published on HackMD