CTFtime.org / Securinets CTF Quals 2016 / mem Dump / Writeup

      We Can Check The File Using file or Strings or hexdump or xxd To Get Some Informations About File
      This Memory Dump We Can Investigat it, I've Found A Solution Using Volatility Forensics Framework
      We Can Get Some Precess And Dll's And Administrator Password .......

      ./volatility -f memdump.mem --profile=WinXPSP2x86 psscan
      ./volatility -f memdump.mem --profile=WinXPSP2x86 pslist
      ./volatility -f memdump.mem --profile=WinXPSP2x86 dlllist
      .....

      Sorry For This Short Writeup because Players CTF Have Not Problem To Use Volatility FrameWork

      In This Challenge The Flag Like a KeyLogger Name Thats Why Nothing Seeying In Process list
      We Can Scan Command Line To Get Keylogger : who_names_keyloggers_like_this.exe

        Flag Is : who_names_keyloggers_like_this
        Warm Regards,
        By Soufiane Boussali

Original writeup (https://github.com/MrMugiwara/WriteupsCTF/blob/master/CTFsecuriNets2016/MemDump.md).

mem Dump

Comments

Sign in with