Hack4S3cur1ty
[OTTERCTF][Memory Forensics] 5 - Name Game 2 본문
지문을 통해 character의 username이 특정 시그니처에 나타난다는 것을 알 수 있고, yarascan을 통해 찾을 수 있다.
1 2 3 4 5 6 7 | >vol.py -f OtterCTF.vmem --profile=Win7SP1x64 yarascan --yara-rules="{64 [6-8] 40 06 [18-18] 5a 0c 00 00}" -p 708 Volatility Foundation Volatility Framework 2.6 Rule: r1 Owner: Process LunarMS.exe Pid 708 0x5ab4dfa9 64 00 00 00 00 00 00 40 06 00 00 b4 e5 af 00 01 d......@........ 0x5ab4dfb9 00 00 00 00 00 00 00 b0 e5 af 00 5a 0c 00 00 4d ...........Z...M 0x5ab4dfc9 30 72 74 79 4c 30 4c 00 00 00 00 00 00 00 21 4e 0rtyL0L.......!N | cs |
'CTFs > 2018' 카테고리의 다른 글
| [OTTERCTF][Memory Forensics] 7 - Hide And Seek (0) | 2018.12.16 |
|---|---|
| [OTTERCTF][Memory Forensics] 6 - Silly Rick (0) | 2018.12.16 |
| [OTTERCTF][Memory Forensics] 4 - Name Game (0) | 2018.12.16 |
| [OTTERCTF][Memory Forensics] 3 - Play Time (0) | 2018.12.16 |
| [OTTERCTF][Memory Forensics] 2 - General Info (0) | 2018.12.16 |
'CTFs/2018' Related Articles
more
Comments