Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Ruffnekk

Pages: [1]
1
Hacking and Security / Re: help needed for a cyber challenge - level 5
« on: May 02, 2014, 01:12:47 pm »
Quote from: Factionwars on May 02, 2014, 11:20:30 am
Did you try volatility https://code.google.com/p/volatility/ and see what apps are running? I did this challenge last year and was in the first 100 but this year it sounds like it's almost the same and i don't have time for that.
No, I haven't tried that yet, but thanks for the tip. I will try it tonight ;)

2
Hacking and Security / Re: help needed for a cyber challenge - level 5
« on: May 02, 2014, 09:29:24 am »
To follow up my previous post:
Yesterday I managed to mount the disk image using OSForensics (http://www.osforensics.com/download.html). Analyzing with the same tool, I came across some deleted files that could be undeleted, but I could not find any credentials in these.
The filesystem has a lot of files, mostly .mod in a i386 directory, but I haven't gotten around viewing/analyzing those yet.
The Linux kernel system used is 3.11.0.12.13-generic (Ubuntu distro).
I'm still trying to figure out how to use the filesystem in combination with the memory image to determine which file was attached to the email... anyone?

3
Hacking and Security / Re: help needed for a cyber challenge - level 5
« on: May 01, 2014, 04:10:34 pm »
I'm also working on this challenge and I want to clarify that the raw memory dump and the image file are from the virtual mail server of the recipientĀ“s email provider. We need to find the filename of the attachment and the username and password that is stored within it, in a particular email received by "boris" and sent by "pjotr". So far, I have the ID of the email that contains the attachment, but nothing else yet. When I get home later I will download the vmdk image and try to mount it and analyze it using Sleuthkit or similar tools.

Pages: [1]