Forget Me Not

Type your comment> @clubby789 said:

Spotted some interesting files but getting errors pulling them out.

Edit: Found a troll flag -_-

I also found the troll flag … :neutral:

@Y4m4t0 said:

Type your comment> @clubby789 said:

Spotted some interesting files but getting errors pulling them out.

Edit: Found a troll flag -_-

I also found the troll flag … :neutral:

Probably irrelevant, given the dates.

Edit: Done. Was right under my nose for hours!

For something I saw in the first minutes, I had never given it a chance. I worked on another subject for hours. Fortunately it’s over. :neutral:

For those having issues with the tool to remember things, check the version you are using. I found it works in 2.6 but not 2.4.

@narwhal2 said:

For those having issues with the tool to remember things, check the version you are using. I found it works in 2.6 but not 2.4.

Using 2.6.1, needed to make some adjustments in the tool for it to be able to extract files.

Could someone leave a hint on which file I should be looking at? There are so many files

I’m losing my marbles on this one. I’ve tried the tool on a number of platforms (due to errors) and finally got it running on a fresh Kali VM, using a fork that supposedly addresses the issues I was running into with the stock version. I’m able to extract most of the filesystem, though many (not all) files I’m curious about appear to be zero filled. I’ve also used a separate tool for file carving to see if I missed anything. Still no luck. Anyone willing to lend a nudge?

Ok, tried everything on the extract tool but I still get nothing. I think I will need an hint :neutral:

i found a troll flag too (this_is_not…) - if anyone has any hints for next steps, i’d appreciate it!

I might have forgotten something, but you don’t need to extract any files.

When you go through the information you can get, just make sure you double-check everything against a few different sources. Dont make the mistake I made of googling it and thinking it was a rabbit hole. Look at some other places you can search for that kind of thing which you might use if you were an incident responder.

Well there is like 3 fake flags in this challenge :neutral:

Type your comment> @xInSanity said:

Well there is like 3 fake flags in this challenge :neutral:

Me too, so confused!

This challenge could have been much more interesting or related to a more realistic scenario. It does not happen every day that you can analyze a Linux memory dump obtained in the wild. :neutral:

Hey,

I saw people talking about the version being important. I use 4.6.1. Quite a lot of the files are empty, but not all. Is this expected behaviour? And also, am i just supposed to look in random files for a flag?

@DrDingDong said:

Hey,

I saw people talking about the version being important. I use 4.6.1. Quite a lot of the files are empty, but not all. Is this expected behaviour? And also, am i just supposed to look in random files for a flag?

Not sure what version you mean. There is enough info in the download to build what you need.

You dont need to look in random files. I’d suggest you run some basic analysis and see what it gives you. If you find something interesting, look into what it is.

Frustratingly, I found the thing I needed almost instantly but it then took me days to realise. I could have got blood if I wasn’t an idiot. Don’t be me. Look at what you find.

I mean the version of the tool for analyzing which people refer to having problems with. I got it up and running and can analyze the dump and for example read the usual file which contains stuff about what has been performed. I’ll keep looking, thanks :slight_smile:

@DrDingDong said:

I mean the version of the tool for analyzing which people refer to having problems with. I got it up and running and can analyze the dump and for example read the usual file which contains stuff about what has been performed. I’ll keep looking, thanks :slight_smile:

I think I used version 2.6 or whatever is default in Kali.

You might have seen what you need to see. Look into all the information that gives.

Okay thanks, I’ll look some more :slight_smile:

Thanks to @TazWake for a hint about the very last thing. I do not quite get that very last part. The rest was good fun :slight_smile:

Anyone can help me?
I am stuck in the extract part now. Which PLUGIN should I use to get some useful hints?
All PLUGIN’s were analyzed, but there was no useful information.
Please ping me.