c0c0n XI DomeCTF Write-Up- GERMANY- Team RedRaptor !!

Here’s our story towards the Second Position. In this write-up I will focus on how we captured GERMANY from the day long challenging CTF race which gave us sleepless night organized by AppFabs and Kerala Police Cyberdome. :)

  1. GERMANY:

Our next country to capture was GERMANY.

We are sure about his involvement in the crime. But we need proof.!! I think you can help us! -https://we.tl/t-wq3Xqn5WcQ –

Crime…Yay, its forensics.

The link made us download a zip file ctf0–2.raw.7z a “297 MB” file and it did took some time to get downloaded. !!

Extracted the file and we got file.raw

So, now its time to do some forencis. We used Volatality (vol.py) an advanced memory forencis framework to dig up the raw file.

Once we got the profile information, leveraging the possibilities of Volatility, we dumped the embedded files and was able to find a password protected flag.txt as below.

Ok. We are at the door of Germany, and now we need the key to open the door to flag.

Let’s see what’s in the clipboard

Let’s try this password,…… BINGO. Yes it is :D and that’s how we captured Germany.

domectf{ILko4kCKG6Bo4qtTnm7gm4gR1QhmDWUN}

Yeah!! We were the runners-up for the CTF challenge and congrats to the Gem and Sreelakshmy from RedX team for making it to the top.

A great loud thanks to my teammate Joseph Nygil and special thanks to Chetan, Sreehari and Rakesh S.