added writeups exported from ctfnote
This commit is contained in:
deus
parent
77ed881028
commit
a37637a794
30 changed files with 1487 additions and 0 deletions
37
Colonel-forensics.md
Normal file
37
Colonel-forensics.md
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
# Colonel - forensics
|
||||
fridgebuyer
|
||||
|
||||
### vol
|
||||
|
||||
vol -f memory.dump linux.bash.Bash
|
||||
vol -f memory.dump linux.kmsg.Kmsg
|
||||
|
||||
"insmod check_service.ko key_path=validation*"
|
||||
|
||||
### kmsg
|
||||
|
||||
Key 1 ```Error: Invalid key 51782b4b765251314e32525236364978534d35566a6b72474b67303946483266, indices 9 21 31 incorrect```
|
||||
|
||||
Key 2 ```Error: Invalid key 58782b4b765251314e51525235364978534d35566a6a72524b673039466c3265, indices 0 12 23 29 incorrect```
|
||||
|
||||
A kernel module check_service.ko was loaded twice with two different key files (validation, validation2). kmsg recorded both attempts.
|
||||
|
||||
### Decode hex to ASCII
|
||||
swap incorrect indices between keys (Key 1 as a base
|
||||
and replace its bad positions (9, 21, 31) with the correct chars
|
||||
from Key 2)
|
||||
|
||||
-> Qx+KvRQ1NQRR66IxSM5VjjrGKg09FH2e
|
||||
|
||||
### Decrypt
|
||||
IV - 1234567890123456, key - ASCII bytes
|
||||
|
||||
python3 -c "
|
||||
from Crypto.Cipher import AES
|
||||
key = b'Qx+KvRQ1NQRR66IxSM5VjjrGKg09FH2e'
|
||||
iv = b'1234567890123456'
|
||||
ct = open('flag.enc','rb').read()
|
||||
print(AES.new(key,AES.MODE_CBC,iv).decrypt(ct))
|
||||
"
|
||||
|
||||
**gigem{bl3ss3d_4r3_th3_c010n31_m33k}**
|
||||
Loading…
Add table
Add a link
Reference in a new issue