CSAW 2018 🐼 Rewind Writeup

in ctf, writeup, csaw, forensics

This is a forensics challenge worth 200 points.

We are given a tar archive for the challenge that we can extract.

[email protected]:~/csaw/rewind# tar -xvf rewind.tar.gz 

We can now extract this zip archive.

[email protected]:~/csaw/rewind# unzip rewind.zip 
Archive:  rewind.zip
  inflating: rewind-rr-nodent.log    
  inflating: rewind-rr-snp

We can take a look at what these files are with the file utility.

[email protected]:~/csaw/rewind# file *
rewind-rr-nodent.log: data
rewind-rr-snp:        QEMU suspend to disk image

We can first try to search for the flag within the image with a regular expression.

[email protected]:~/csaw/rewind# grep -a "flag{.*}" rewind-rr-snp

Success! That was all that was required to complete this challenge.

Overall, this was an extremely simple challenge that only required extracting two archives and performing a simple search for the flag in the image.