forensicsmedium

Silk Road

hackerlab

Task: a 4 GB VirtualBox VM disk image (Debian, user 'ross') themed around Silk Road with 3 hidden flag fragments. Solution: extract ext4 from VMDK with 7z, recover fragment 1 from bash_history (failed deletion), fragment 2 from PNG tEXt Author metadata in Trash, fragment 3 from Firefox backup logins decrypted with firepwd.py.

$ ls tags/ techniques/

steganography ext4 bash_history vmdk disk_forensics png_metadata keepassxc virtualbox firefox_decrypt veracrypt silk_road ross_ulbricht opsec trash_analysis multi_fragment_flag

vmdk_extraction_with_7zext4_analysis_without_mountingbash_history_forensicspng_text_chunk_metadata_extractionfirefox_password_decryption_firepwdmulti_fragment_flag_assemblytrash_artifact_analysisbinary_file_comparison

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub to get started.

$ssh [email protected]