Level 1 - Disk Archaelogy

Domain(s): Forensics

Unknown to the world, the sinister organization PALINDROME has been crafting a catastrophic malware that threatens to plunge civilization into chaos.

Your mission, if you choose to accept it, is to infiltrate their secret digital lair, a disk image exfiltrated by our spies. This disk holds the key to unraveling their diabolical scheme and preventing the unleashing of a suspected destructive virus.

First, decompress the file.

tar -xvf challenge.tar.xz

We see an .img file that appears to contain Linux filesystem data.

file challenge.img

We can use Autopsy to look through the files in challenge.img and look for any files left in the unallocated space.

Create a case on Autopsy using the challenge.img file we just extracted, and enable the PhotoRec file carver extension.

You should be able to see that a file named f00000008.elf was carved. Right click and extract the file. As it is a linux binary, run the binary on linux and the flag is printed out. You may have to install some dependencies with the following command first.

apt-get install musl-dev

Flag: TISC{w4s_th3r3_s0m3th1ng_l3ft_ubrekeslydsqdpotohujsgpzqiojwzfq}

NextLevel 2 - XIPHEREHPIX's Reckless Mistake

Last updated 1 year ago