→ Codegate Quals - Forensic 200

| No TrackBacks
Here was a archived Users folder too (C1E4775363DE0885E8360ED9A13A86B8).
So, Forensic 200 task also had a straight way solution. We know that possible place for sensitive information is in browser profile or may be in browser crashdump.
Really, in \Users\proneer\AppData\Roaming\Mozilla\Firefox\Profiles\ you can find a profile 075lfxbt.default.
Mozilla stores in profiles huge amount of juicy info, but in our case we are interested in one special file sessionstore.js (you can read Mozilla article about session store).
This file contains session info in JSON format. You can see very interesting data there:

{"url":"http://forensic-proof.com/", ... 
input[@name='s']:"1_UNI/**/ON_SELECT"} ... 
{"state":"running","lastUpdate":1329009797205 ... 

Well, we have a injection value:"1_UNI/**/ON_SELECT" and timestamp:"1329009797". Convert timestamp to date and time: 2012-02-12 10:23:17+09:00 (Seul timezone).

And our flag is 1_UNI/**/ON_SELECT|2012-02-12T10:23:17+09:00

No TrackBacks

TrackBack URL: http://smokedchicken.org/m/mt-tb.cgi/68

About this Entry

This page contains a single entry by Юрий Леонычев published on February 27, 2012 12:53 AM.

Codegate Quals - Forensic 100 was the previous entry in this blog.

Codegate Quals - Network 200 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.