CTF - Info/Codes/Notes
  • Writeups SkyMas 2021
  • ☠️DeadFace
    • Dead Men Tell No Tales
    • The Count
    • Window Pains
    • Window Pains 2
    • Window Pains 3
    • Window Pains 4
    • You Shall not Pass
  • 🇵🇹Jornadas 2021
    • Return that ROPe
    • IPv6
  • 👁️BuckeyeCTF 2021
    • Canary
    • Tesseract
    • StegBot
    • SOP
    • Jupyter
    • Curly fries
    • Sozu
    • BASIC
    • Ret4win
    • Flattened
    • Defective RSA
  • 👑KillerQueen CTF
    • Web
      • Jail Web
    • PWN
      • Broke Collage Students
      • A Kind of Magic
      • Tweety Birb
      • Zoom2Win
    • Not mine :D
  • 🔺CTF Int. MetaRed 2021 - 3rd STAGE
    • PWN
      • Numerology
      • NoteServer
Powered by GitBook
On this page
  • Problem
  • Solution
  1. DeadFace

Window Pains

Volatility

PreviousThe CountNextWindow Pains 2

Last updated 3 years ago

Problem

Created by: syyntax

One of De Monne's employees had their personal Windows computer hacked by a member of DEADFACE. The attacker managed to exploit a portion of a database backup that contains sensitive employee and customer PII.

Inspect the memory dump and tell us the Windows Major Operating System Version, bit version, and the image date/time (UTC, no spaces or special characters). Submit the flag as flag{OS_BIT_YYYYMMDDhhmmss}.

Example: flag{WindowsXP_32_202110150900}

Solution

sudo vol -f physmemraw windows.info.Info

flag{Windows10_64_20210907145744}

☠️
Result of vol comma