Cyprus CyberSecurity Challenge 2018: L3ave no Flag behind#ExtraFlag3

Tags: forensics


"Our team has determined that the LUKS file from the main exercise is an encrypted ext4 partition. You’ve been asked to access that partition to retrieve the final flag. (Hint: Make sure you check all available forensic artifacts"


The ext4 is a journaling file system for Linux. The only thing we had to do was to mount the ext4 partition into a Linux VM.

Hmm... We needed a passphrase... At first I started to look how can I crack this passphrase. But after a while I read again the description and realized that all we needed was there.

I jumped back to the Autopsy and started to go through every directory and opened every file, maybe we have missed something.

"Ena_megalo_passw0rd" So One_big_password 😜. I tryed with this and...

We have successfully mounted the ext4 partition. I looked inside and the flag was found.



Another 50 points!