# This-file-hides-something ## Challenge Description There is an emergency regarding this file. We need to extract the password ASAP. It's a crash dump, but our tools are not working. Please help us, time is not on our side. PS: Flag format is not standard. [Challenge File](https://api.cyberedu.ro/v1/contest/dctf21/challenge/bf7cde20-89b7-11ec-b6ba-fdc8d6daa06e/download/2001) ## Writeup - We are given with a ``elf`` file . We need to extract the memory image out of it and analyse with ``volatility`` . - We're interested into the first LOAD section, that's where main memory reference is. We can get the correct offset using objdump  - This section contains the RAM information we care about. We remove the bytes we don’t need - So memory dump is in crashdump.elf, starting at offset 0x25d0 and counting 0x80000000 bytes - Now let's extract the RAM  - we use volatility to determine the image profile  - Using hasdump plugin we got the ntlm hash of the password and tried to crack it using crackstation but couldn't get the password   - So using mimikatz plugin we were able to get the password(Mimikatz is a plugin that pulls plain-text passwords out)  - password : ```Str0ngAsAR0ck! ``` ## Flag **Str0ngAsAR0ck!**