Tuesday, April 16, 2013

Ihack2013 - Forensic Writeup Challenge 300 Point - VM Forensic

As requested by Mr Ramadhan, here's the writeup!
The question was
So each team was given with this file 695f616d5f7468655f6861786f72.7z.
Extract it will gives them another folder and in it there's a file named ihaxor.
What kind of file is that? Again, use FILE command.
Yes. Its a tar archive. Extract it again will give you a virtualbox image. Import it in your virtualbox machine.

Hello Slitaz! Its a slitaz VM. Dont know the password? Please,google it.

Ok now I'm in. What's next? Most of the teams were confused with the files exist in this slitaz. Everyone keep thinking the way to be a root user..But its not the right way to solve it! Why those folders existed? Yeah, of course I put it as a troll LOL!

Read the question "Dont think too hard". As a Pro Hacker, please..a basic step. Look for ALL files available first.

Yeah. There's a .ash_history  file. Look at that file. Its a common thing once you get into someone's PC in order to do some forensic investigation.
Viewed the file and will noticed that there's a weird file named wipipipipi.txt. Did you guys try to look for that file??
Woot!! I found the file. Its in the /log folder. (and its one of the folder that a forensic investigator should look at )
Found,lets look what is inside.
TADAAAAAA!!! there's your flag!
flag is f0r3ns!c.is.3asy

muahahahaha..easy right?! Trolled hard?yeah you got trolled. Stop claiming yourself as a hacker now. LOL