→ Codegate Quals - Forensic 100

| No TrackBacks
Well, here we have a archived copy of Windows Users folder (525321B9CEDAF3C8D35FC9071D5DD237).
This is a very easy task, that can be solved in three steps:
  1. Let's find a stolen file, make .xls search in given folders (especially in \Users\proneer\AppData\Roaming\Microsoft\Office\Recent), and you will have: [Top-Secret]_2011_Financial_deals.lnk
  2. Open .lnk-file in SweetScape 010 Editor, then apply a LNK-template, and you take a:
    At offset 34h FileSize -> 2450h -> 9296 bytes
    At offset 24Ah LocalBasePath -> C:\INSIGHT\Accounting\Confidential\[Top-Secret]_2011_Financial_deals.xlsx
    Of course, you can use a really TRUE HACK way, and parse .lnk-file by hands (this article is good point to start).
  3. Last step: prepare the flag.

    import hashlib
    print hashlib.md5('C:\INSIGHT\Accounting\Confidential\[Top-Secret]_2011_Financial_deals.xlsx|9296').hexdigest()

    Flag is d3403b2653dbc16bbe1cfce53a417ab1

No TrackBacks

TrackBack URL: http://smokedchicken.org/m/mt-tb.cgi/67

About this Entry

This page contains a single entry by Юрий Леонычев published on February 26, 2012 11:56 PM.

Forbiddenbits - Task 3 was the previous entry in this blog.

Codegate Quals - Forensic 200 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.