Forget Me Not

Ah yes... let it all out :)

«13

Comments

  • Type your comment> @jugulaire said:

    GOGOGO !

    Haven't found the way to go yet!

  • Type your comment> @Vibhu025 said:

    Is the zip file bigger than 100 MB

    Yes

  • Congrats on the FB bjornmorten

  • I got the idea, the tools required but i'm unable to get it work ..
    Should i use an hypervisor such as KVM ?

    Jugulairel

  • Anyone having issues building this?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I got the file to work in the tool. But with no idea how to proceed. Does anyone have any tips?

  • @Y4m4t0 said:

    I got the file to work in the tool. But with no idea how to proceed. Does anyone have any tips?

    As a general rule, run the plugins and analyse the data.

    Did you get it working following the instructions on the tool wiki page?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I used the tools to extract info.
    After that i tried to squash out some things.
    Without any succes

    Jugulairel

  • edited February 14

    Spotted some interesting files but getting errors pulling them out.

    Edit: Found a troll flag -_-

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • 5 files of interest to us appear and plain text may not be a flag.

    Spiderixius

  • edited February 14

    NVM

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @clubby789 said:

    Spotted some interesting files but getting errors pulling them out.

    Edit: Found a troll flag -_-

    I also found the troll flag ... :neutral:

  • edited February 15

    @Y4m4t0 said:

    Type your comment> @clubby789 said:

    Spotted some interesting files but getting errors pulling them out.

    Edit: Found a troll flag -_-

    I also found the troll flag ... :neutral:

    Probably irrelevant, given the dates.

    Edit: Done. Was right under my nose for hours!

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • For something I saw in the first minutes, I had never given it a chance. I worked on another subject for hours. Fortunately it's over. :neutral:

    Spiderixius

  • For those having issues with the tool to remember things, check the version you are using. I found it works in 2.6 but not 2.4.

  • @narwhal2 said:

    For those having issues with the tool to remember things, check the version you are using. I found it works in 2.6 but not 2.4.

    Using 2.6.1, needed to make some adjustments in the tool for it to be able to extract files.

  • Could someone leave a hint on which file I should be looking at? There are so many files
  • edited February 17

    I'm losing my marbles on this one. I've tried the tool on a number of platforms (due to errors) and finally got it running on a fresh Kali VM, using a fork that supposedly addresses the issues I was running into with the stock version. I'm able to extract most of the filesystem, though many (not all) files I'm curious about appear to be zero filled. I've also used a separate tool for file carving to see if I missed anything. Still no luck. Anyone willing to lend a nudge?

  • Ok, tried everything on the extract tool but I still get nothing. I think I will need an hint :neutral:

  • i found a troll flag too (this_is_not...) - if anyone has any hints for next steps, i'd appreciate it!

    daverules

  • I might have forgotten something, but you don't need to extract any files.

    When you go through the information you can get, just make sure you double-check everything against a few different sources. Dont make the mistake I made of googling it and thinking it was a rabbit hole. Look at some other places you can search for that kind of thing which you might use if you were an incident responder.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Well there is like 3 fake flags in this challenge :neutral:

    Respect if i helped you ;)

  • Type your comment> @xInSanity said:

    Well there is like 3 fake flags in this challenge :neutral:

    Me too, so confused!

  • This challenge could have been much more interesting or related to a more realistic scenario. It does not happen every day that you can analyze a Linux memory dump obtained in the wild. :neutral:

  • Hey,

    I saw people talking about the version being important. I use 4.6.1. Quite a lot of the files are empty, but not all. Is this expected behaviour? And also, am i just supposed to look in random files for a flag?

    Hack The Box

  • @DrDingDong said:

    Hey,

    I saw people talking about the version being important. I use 4.6.1. Quite a lot of the files are empty, but not all. Is this expected behaviour? And also, am i just supposed to look in random files for a flag?

    Not sure what version you mean. There is enough info in the download to build what you need.

    You dont need to look in random files. I'd suggest you run some basic analysis and see what it gives you. If you find something interesting, look into what it is.

    Frustratingly, I found the thing I needed almost instantly but it then took me days to realise. I could have got blood if I wasn't an idiot. Don't be me. Look at what you find.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I mean the version of the tool for analyzing which people refer to having problems with. I got it up and running and can analyze the dump and for example read the usual file which contains stuff about what has been performed. I'll keep looking, thanks :)

    Hack The Box

  • @DrDingDong said:

    I mean the version of the tool for analyzing which people refer to having problems with. I got it up and running and can analyze the dump and for example read the usual file which contains stuff about what has been performed. I'll keep looking, thanks :)

    I think I used version 2.6 or whatever is default in Kali.

    You might have seen what you need to see. Look into all the information that gives.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Okay thanks, I'll look some more :)

    Hack The Box

Sign In to comment.