All posts by WtF

[HackingWeek 2015] [Forensic 3] Write Up


The supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).

Find the password for the admin user that is located somewhere in memory.

dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)

Continue reading [HackingWeek 2015] [Forensic 3] Write Up

[HackingWeek 2015] [Crypto4] Write Up


Session Start: Thu Feb 05 20:49:04 2015
Session Ident: #mastercsi
[20:49] * Now talking in #mastercsi
[20:49] * Topic is ''
[20:49] * Set by admin!~admin on Sat Nov 22 00:06:50
[20:49] and I got an old RSA key that Alice used
[20:49] alice, alice's? you gotta be kidding me?
[20:49] haha no
[20:49] but there was just half, I had to complete with random values to make it work
[20:49] it seems to work anyway, if you have something to decipher...
[20:49] wait, I have her public key lying around somewhere, and even an encrypted file. I've always wondered what it was ...
[20:49] maybe it's the same key?
[20:50] I sent you the thing, take a look
[21:22] * Disconnected
Session Close: Thu Feb 05 21:22:11 2015

The validation key is the message encrypted with the private key of Alice, rebuild it using the following files:
mykey.pem (If you have some issues trying to download this file : right click -> save as …)

Continue reading [HackingWeek 2015] [Crypto4] Write Up

[HackingWeek 2015] [Crypto2] Write Up


Bob uses a RSA public key with the public exponent e = 65537 and modulus:

N = 55089599753625499150129246679078411260946554356961748980861372828434789664694269460953507615455541204658984798121874916511031276020889949113155608279765385693784204971246654484161179832345357692487854383961212865469152326807704510472371156179457167612793412416133943976901478047318514990960333355366785001217

The challenge validation key is given by the md5sum of the value of its private key d.

Continue reading [HackingWeek 2015] [Crypto2] Write Up