We were given a firefox.mem.zip file with the hint "dumpsters are cool, but cores are cooler" Knowing this was a 100 level forensics problem, I first unzipped the file and dragged it into my favorite linux distro so I could run strings on it.
Then I ran strings on it!
I got scared of all the strings that came out so I ctrl+c'd out as fast as I could
after literally seconds of thought and planning I decided to grep the strings output for "flag{" and hope for the best.
strings firefox.mem | grep flag{
and the key came out!
flag{cd69b4957f06cd818d7bf3d61980e291}
-wardawg -bobson
Great post, thanks for the help!
ReplyDelete