forensicsmedium

Koloboki

hackerlab

Task: investigate a Windows memory dump and determine why an image matters in the case. Solution: recover browsing artifacts from memory, pivot from a Pastebin URL to a MEGA-hosted PNG, then rotate and inspect the image edge to read the hidden flag text.

$ ls tags/ techniques/

image_analysis memory_dump pastebin volatility3 browser_history windows7 internet_explorer temporary_internet_files mega visual_stego

memory_triagebrowser_artifact_recoveryurl_pivotingremote_artifact_retrievalvisual_hidden_text_extraction

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub to get started.

$ssh [email protected]