Help on Recovering deleted files in Mirai

i used grep and saw that there was a file in the usbstick..

but how am i gonna read that file..??

punish3r

Tagged:

Comments

  • The clue that helped me was that I should remember everything is a file on linux. ;)

  • edited January 2018

    @punish3r said:
    i used grep and saw that there was a file in the usbstick..
    but how am i gonna read that file..??

    Think about what you can do with strings and grep

  • I tried everything i can get in my mind.. still unable to read the file..

    punish3r

  • @punish3r said:
    I tried everything i can get in my mind.. still unable to read the file..

    This one took me a while because i wasn't familiar with linux set up. Take some time to research about commands on how to see partitions/disks and figure out how linux actually handles files. Like blkappy said, everything is a file on linux. Can PM if needed.

    Kwicster

  • Actually you don't have to recover them exactly, like with a forensic technique, you have to read them somehow. Also take in mind what @blkappy said.

    Arrexel

  • I have been through this different ways but with the result, incorrect hash. I can grep and output to a file the contents of something but the hash inside is no good. I can use the larger kitty command to display the same contents of the drive but again, the hash is no good. Any other nudges would be great.

  • You will have to research how to recover deleted files .. and take a close look

    DeCipher

  • @Kr0n1kK1ll3r said:
    I have been through this different ways but with the result, incorrect hash. I can grep and output to a file the contents of something but the hash inside is no good. I can use the larger kitty command to display the same contents of the drive but again, the hash is no good. Any other nudges would be great.

    you're missing a character, make sure you copied the whole string you suspect is the 32 character hash

  • just a simple basic linux command for viewing file. "everything is a file in linux"

  • @gpd said:

    @Kr0n1kK1ll3r said:
    I have been through this different ways but with the result, incorrect hash. I can grep and output to a file the contents of something but the hash inside is no good. I can use the larger kitty command to display the same contents of the drive but again, the hash is no good. Any other nudges would be great.

    you're missing a character, make sure you copied the whole string you suspect is the 32 character hash

    You're right. What I am copying is only 31 chars. Just need to find the 32nd char lol. It prints out all the files on that drive it just doesn't look too pretty.

  • As soon as I copied a portion of the output into another window the first char appeared. All good now.

  • i have a 32 character hash but when i try to crack it say unknown hash..

    punish3r

Sign In to comment.