GeorgeBanu
  • About me
  • Pentesting CheatSheets
    • Information Gathering
    • Ports Enumeration
      • FTP-21
      • SSH-22
      • Telnet-23
      • SMTP - 25,465,587
      • DNS-53
      • NetBIOS, SMB - 139,445
      • SNMP-161
      • MySQL-3306
      • RDP-3389
      • WinRM-5985
    • Web Cheat Sheet
    • Privilege Escalation
      • Linux Enumeration
      • Linux Privesc Techniques
    • Tricks
    • Template
  • TryHackMe Writeups
    • Starter
    • Dreaming
    • ColddBox: Easy
    • Ollie
    • Blog
    • KoTH Hackers
    • Brooklyn Nine Nine
    • Chill Hack
    • Undiscovered
    • Archangel
    • Jason
    • GLITCH
    • VulnNet: Node
    • Road
    • VulnNet:Internal
    • W1seGuy
  • CyberEDU Writeups
    • flag-is-hidden
    • file-crawler
    • reccon
    • this-file-hides-something
    • wifiland
    • old-tickets
    • inodat
    • pattern
    • ultra-crawl
  • eJPT
Powered by GitBook
On this page
  • Description
  • Solve
  • References
  1. CyberEDU Writeups

this-file-hides-something

PreviousrecconNextwifiland

Last updated 1 year ago

Description

There is an emergency regarding this file. We need to extract the password ASAP. It's a crash dump, but our tools are not working. Please help us, time is not on our side.

PS: Flag format is not standard.

Solve

First let's download the zip file and extract the content inside the archive. Inside, there's a file that holds temporary memory information, meaning it's not permanently stored. Volatility helps us investigate volatile memory, which is memory that disappears when the computer is turned off. For this challenge I used volatility 3 on a windows machine (I had some issues using on a linux environment).

Lsadump plugin is used to dump LSA secrets from the registry. In volatility3 use lsadump to get the flag.

  • Flag

Str0ngAsAR0ck!

References

LogoLSA Secrets in Windows