C
C
CTF - Info/Codes/Notes
CTF WriteUps & Info/Codes/Notes Repo 2021
Search…
⌃K

Window Pains

Volatility

Problem

Created by: syyntax
One of De Monne's employees had their personal Windows computer hacked by a member of DEADFACE. The attacker managed to exploit a portion of a database backup that contains sensitive employee and customer PII.
Inspect the memory dump and tell us the Windows Major Operating System Version, bit version, and the image date/time (UTC, no spaces or special characters). Submit the flag as flag{OS_BIT_YYYYMMDDhhmmss}.
Example: flag{WindowsXP_32_202110150900}

Solution

sudo vol -f physmemraw windows.info.Info
Result of vol comma
flag{Windows10_64_20210907145744}