2016 RC3 writeup -- Dirty Bird (Forensic 400)
The file we got is a ".img" file. I opened it by a tool found online called "AccessData FTK Imager".
I found a directory called "secretfiles" and extracted the directory. There were three files in it: document.txt, README.md, Workbook1.xlsx.gpg and the most suspicious one was Workbook1.xlsx.gpg. This file was protected by GnuPG encryption so I needed to find the keys.
After a while, I found that there was a directory named ".gnupg" and the secretkey was in it. I imported the key and used GPG4Win to decrypt the file.
Finally, I got Workbook1.xlsx and opened it with password "password123". The trick here was that the password given in document.txt was misspelled. The flag was in the second sheet.
flag: RC3-2016-SNEAKY21
reference: How to Decrypt Files Using GPG
I found a directory called "secretfiles" and extracted the directory. There were three files in it: document.txt, README.md, Workbook1.xlsx.gpg and the most suspicious one was Workbook1.xlsx.gpg. This file was protected by GnuPG encryption so I needed to find the keys.
After a while, I found that there was a directory named ".gnupg" and the secretkey was in it. I imported the key and used GPG4Win to decrypt the file.
Finally, I got Workbook1.xlsx and opened it with password "password123". The trick here was that the password given in document.txt was misspelled. The flag was in the second sheet.
flag: RC3-2016-SNEAKY21
reference: How to Decrypt Files Using GPG
留言
張貼留言