forensicsPromedium

The Trilogy of Death Volume I: Corel

srdnlen

Task: QCOW2 disk image of CorelLinux (dead 1999-2000 distro). Solution: Extract partitions, find .wcm WordPerfect macro with anomalous timestamp in /var/log/, bypass FAKE decoy XOR keys via known-plaintext attack on flag prefix.

$ ls tags/ techniques/

known_plaintext xor disk_image timestamp_analysis qcow2 ext2 corellinux wordperfect wcm_macro dead_os

qcow2_to_raw_conversionpartition_extractiontimestamp_anomaly_detectionwordperfect_macro_analysisknown_plaintext_xor_attackred_herring_identification

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[forensics][Pro]The Trilogy of Death Volume III: The Poisoned Apple— srdnlen
[misc][Pro]Who4reu— TaipanByte
[forensics][Pro]Colonel— tamuctf
[forensics][Pro]Time Capsule— tamuctf
[forensics][free]Lavender— alfactf