Autopsy The most common tool used in forensics to extract files from images is Autopsy. Download it, install it and make it ingest the file to find “hidden” files. Note that Autopsy is built to su...

Below are some of the more commonly used plugins from Volatility 2 and their Volatility 3 counterparts. OS Information imageinfo Volatility 2 vol.py -f “/path/to/file” imageinfo vol.py -f “...

ASCII This is the string to decrypt, we see a bunch of alphanumerics characters… 4C6520666C6167206465206365206368616C6C656E6765206573743A2032616333373634383161653534366364363839643562393132373564...

Challenge This is the script that violates the web <!-- Challenge --> <div id="uganda"></div> <script> let wey = (new URL(location).searchParams.get('wey') || "do you ...

Challenge This is the script that violates the web <!-- Challenge --> <h2 id="spaghet"></h2> <script> spaghet.innerHTML = (new URL(location).searchParams.get('somebody...

Challenge This is the script that violates the web <!-- Challenge --> <h2 id="maname"></h2> <script> let jeff = (new URL(location).searchParams.get('jeff') || "JEFFF")...

We got an access via ssh: ssh -p 2222 app-script-ch1@challenge02.root-me.org When we enter with our username and password we see this in the personal directory, a file named readme.md: You have ...

We need to copy cat into /tmp, then change the name to “ls” and change the path to that folder. Now the script will read it as cat. > mkdir /tmp/isntma > cp /bin/cat /tmp/isntma > mv /tmp/...