Challenge: Get Schwifty ?(for 150 points, dynamic) [Forensics]
Evil Morty, the first democratically-elected President of the Citadel of Ricks, has killed off twenty-seven known Ricks from various dimensions, as well as capturing, torturing, and enslaving hundreds of Mortys. As a fellow Rick-less Morty, Investigator Rick gives you a file revealing Evil Morty's past and true nature. However he cannot seem to access it. Can you help recover it to stop Evil Morty ? Download link here: [link](https://drive.google.com/file/d/1XxqRFFpn9Zj7gNQ6Ahg74rTAFPbkeNq9/view?usp=drive_open) Author: maskofmydisguise
Let’s capture tis fl4g:
We are given a
GetSchwifty.7z file, we extract it to find a mountable disk image
On mounting it we see that it is empty.
So we need to analyze this disk image and try to recover deleted data, if any. We can use testdisk, data recovery tool for this.
┌─[[email protected]]-[~/Desktop/CTFs/Abs0lut3Pwn4g3_CTF/encrypt-ctf-2019/Forensics/150_Get_Schwifty/files_in_img/tmp] └─➤ ls GetSchwifty.7z GetSchwifty.img ┌─[[email protected]]-[~/Desktop/CTFs/Abs0lut3Pwn4g3_CTF/encrypt-ctf-2019/Forensics/150_Get_Schwifty/files_in_img/tmp] └─➤ sudo testdisk GetSchwifty.img
Here we see that we get a few files,
'school work(do not open)' (directory)
secret_hidden_file.png has the flag in plainsight.
super_duper_secret_hidden_file.txt contains a base64 string that decodes to
school work(do not open) had a random audio file.
Just some rabbit holes for the lighthearted ;)
hahahaha file was actually a broken
.zip file which had to be fixed using
hexedit to set the correct magic bytes. Which contains a 2nd flag, which I forgot to implement. sorry xD