ctf/writeups2026tamu
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
writeups2026tamu/Colonel-forensics.md
deus a37637a794 added writeups exported from ctfnote
2026-04-01 21:47:42 +02:00

1 KiB
Raw Blame History

Colonel - forensics

fridgebuyer

vol

vol -f memory.dump linux.bash.Bash vol -f memory.dump linux.kmsg.Kmsg

"insmod check_service.ko key_path=validation*"

kmsg

Key 1 Error: Invalid key 51782b4b765251314e32525236364978534d35566a6b72474b67303946483266, indices 9 21 31 incorrect

Key 2 Error: Invalid key 58782b4b765251314e51525235364978534d35566a6a72524b673039466c3265, indices 0 12 23 29 incorrect

A kernel module check_service.ko was loaded twice with two different key files (validation, validation2). kmsg recorded both attempts.

Decode hex to ASCII

swap incorrect indices between keys (Key 1 as a base
and replace its bad positions (9, 21, 31) with the correct chars from Key 2)

-> Qx+KvRQ1NQRR66IxSM5VjjrGKg09FH2e

Decrypt

IV - 1234567890123456, key - ASCII bytes

python3 -c " from Crypto.Cipher import AES key = b'Qx+KvRQ1NQRR66IxSM5VjjrGKg09FH2e' iv = b'1234567890123456' ct = open('flag.enc','rb').read() print(AES.new(key,AES.MODE_CBC,iv).decrypt(ct)) "

gigem{bl3ss3d_4r3_th3_c010n31_m33k}