Tags: forensics 



`You are a given a VM image vm.ova. The flag is CTF{password}.`



So, we have an Ubuntu 17.04 VM image.
Let's open it in a hypervisor you prefer more.
First of all we have to get into the boot menu (pres ESC on load) and boot in recovery mode.
And you are root.
We can study all the `.bash_history` in users directories (`/root` & `/home/ctf`) and we'll find something very interesting. But... It's an easy task, right?
Ok, let's see /etc/shadow contents, and we'll find out, that only the ctf password is set.




That easy? Yeah, it's a 75 points task. Now you can go and brute it using `rockyou` as dictionary.
The password will be `infosec`. So now you have only submit the SHA256 of the flag:


**That's All Folks!**

Original writeup (https://github.com/YuryDo/writeups/tree/master/BackdoorCTF2018/Forensics/VM-SERVICES1).