Hack4S3cur1ty
[OTTERCTF][Memory Forensics] 4 - Name Game 본문
지문을 통해 Lunar-3 채널에 로그인 했다는걸 알 수 있고, yarascan을 통해 계정이름을 찾을 수 있다.
1 2 3 4 5 6 7 | >vol.py -f OtterCTF.vmem --profile=Win7SP1x64 yarascan -Y "Lunar-3" -p 708 Volatility Foundation Volatility Framework 2.6 Rule: r1 Owner: Process LunarMS.exe Pid 708 0x5a0c1070 4c 75 6e 61 72 2d 33 00 00 7a 33 00 00 00 00 00 Lunar-3..z3..... 0x5a0c1080 00 1d 00 00 00 01 00 00 00 0b 00 00 00 0b 00 00 ................ 0x5a0c1090 00 30 74 74 33 72 38 72 33 33 7a 33 00 00 00 00 .0tt3r8r33z3.... | cs |
'CTFs > 2018' 카테고리의 다른 글
| [OTTERCTF][Memory Forensics] 6 - Silly Rick (0) | 2018.12.16 |
|---|---|
| [OTTERCTF][Memory Forensics] 5 - Name Game 2 (0) | 2018.12.16 |
| [OTTERCTF][Memory Forensics] 3 - Play Time (0) | 2018.12.16 |
| [OTTERCTF][Memory Forensics] 2 - General Info (0) | 2018.12.16 |
| [OTTERCTF][Memory Forensics] 1 - What the password? (0) | 2018.12.16 |
'CTFs/2018' Related Articles
more
Comments