01 March 2015

Boston Key Party CTF 2015: Heath Street Writeup


During my time at KGB I learned how to hide all the stuff from alpha-dog. But damn it, I somehow lost some of the most important files... : 100




$ file secretArchive.6303dd5dbddb15ca9c4307d0291f77f4 secretArchive.6303dd5dbddb15ca9c4307d0291f77f4: Linux rev 1.0 ext4 filesystem data, UUID=035b2734-be8c-46dd-af8f-1b3523dcd9d2 (extents) (huge files)

it's ext4 img file
i've tried to mount it first and got some txt files and one zip file, i've wasted some time trying to crack the zip pwd then i though about recovering deleted files

$ extundelete --restore-all secretArchive.6303dd5dbddb15ca9c4307d0291f77f4 WARNING: Extended attributes are not restored. Loading filesystem metadata ... 2 groups loaded. Loading journal descriptors ... 928 descriptors loaded. Writing output to directory RECOVERED_FILES/ Searching for recoverable inodes in directory / ... 368 recoverable inodes found. Looking through the directory structure for deleted files ... Restored inode 2086 to file RECOVERED_FILES/secret5088 Restored inode 2100 to file RECOVERED_FILES/secret5102 Restored inode 2128 to file RECOVERED_FILES/secret5130 ...... ...... 0 recoverable inodes still lost.

one new file showed up ".secret31337"

$ file .secret31337 .secret31337: KGB Archiver file with compression level 3 $ kgb .secret31337 Extracting archive KGB_arch -3 .secret31337 ... 0KB .secret: extracted 0KB -> 0KB w 0.01s. (142.86% czas: 7 KB/s) $ cat .secret flag{Komitet_gosudarstvennoy_bezopasnosti}


2 comments:

  1. Where did you get KGB Archiver from ?

    ReplyDelete
    Replies
    1. http://packages.ubuntu.com/lucid/utils/kgb

      Delete