Hack4S3cur1ty

[OTTERCTF][Memory Forensics] 3 - Play Time 본문

CTFs/2018

[OTTERCTF][Memory Forensics] 3 - Play Time

h4ck4s3cur1ty 2018. 12. 16. 05:19



크롬 검색 기록에서 사설게임서버를 검색한 흔적을 찾을 수 있었고, pstree와 netscan을 통해 게임이름과 아이피를 찾을 수 있다.



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
>vol.py -f OtterCTF.vmem --profile=Win7SP1x64 pstree
Volatility Foundation Volatility Framework 2.6
Name                                                  Pid   PPid   Thds   Hnds Time
-------------------------------------------------- ------ ------ ------ ------ ----
0xfffffa801b5cb740:LunarMS.exe                      708   2728     18    346 2018-08-04 19:27:39 UTC+0000
 
>vol.py -f OtterCTF.vmem --profile=Win7SP1x64 chromesearchterms
Volatility Foundation Volatility Framework 2.6
Row ID Keyword ID URL ID Lowercase                                                        Entered Text
------ ---------- ------ ---------------------------------------------------------------- ----------------------------------------------------------------
     2          2      5 top 100 maplestory servers                                       top 100 maplestory servers
 
 
>vol.py -f OtterCTF.vmem --profile=Win7SP1x64 netscan
Volatility Foundation Volatility Framework 2.6
Offset(P)          Proto    Local Address                  Foreign Address      State            Pid      Owner          Created
0x7d6124d0         TCPv4    192.168.202.131:49530          77.102.199.102:7575  CLOSED           708      LunarMS.exe
cs


저작자표시

'CTFs > 2018' 카테고리의 다른 글

[OTTERCTF][Memory Forensics] 5 - Name Game 2  (0) 2018.12.16
[OTTERCTF][Memory Forensics] 4 - Name Game  (0) 2018.12.16
[OTTERCTF][Memory Forensics] 2 - General Info  (0) 2018.12.16
[OTTERCTF][Memory Forensics] 1 - What the password?  (0) 2018.12.16
[Seccon Beginners 2018][Pwn] condition  (0) 2018.05.28
'CTFs/2018' Related Articles more
Comments