IspiraDio - CTF write-ups

Cyprus CyberSecurity Challenge 2018: L3ave no Flag behind#ExtraFlag3

Tags: forensics

Description

"Our team has determined that the LUKS file from the main exercise is an encrypted ext4 partition. You’ve been asked to access that partition to retrieve the final flag. (Hint: Make sure you check all available forensic artifacts"

Solution

The ext4 is a journaling file system for Linux. The only thing we had to do was to mount the ext4 partition into a Linux VM.

Hmm... We needed a passphrase... At first I started to look how can I crack this passphrase. But after a while I read again the description and realized that all we needed was there.

I jumped back to the Autopsy and started to go through every directory and opened every file, maybe we have missed something.

"Ena_megalo_passw0rd" So One_big_password 😜. I tryed with this and...

We have successfully mounted the ext4 partition. I looked inside and the flag was found.

CTF{That_0Th3rs_M4y_L1ve}

Conclusion

Another 50 points!

Usefullinks

ext4
cryptsetup