CSAW 2018 🐼 Rewind Writeup
This is a forensics challenge worth 200 points.
We are given a tar archive for the challenge that we can extract.
root@kali:~/csaw/rewind# tar -xvf rewind.tar.gz
rewind.zip
We can now extract this zip archive.
root@kali:~/csaw/rewind# unzip rewind.zip
Archive: rewind.zip
inflating: rewind-rr-nodent.log
inflating: rewind-rr-snp
We can take a look at what these files are with the file utility.
root@kali:~/csaw/rewind# file *
rewind-rr-nodent.log: data
rewind-rr-snp: QEMU suspend to disk image
We can first try to search for the flag within the image with a regular expression.
root@kali:~/csaw/rewind# grep -a "flag{.*}" rewind-rr-snp
...
flag{RUN_R3C0RD_ANA1YZ3_R3P3AT}
...
Success! That was all that was required to complete this challenge.
Overall, this was an extremely simple challenge that only required extracting two archives and performing a simple search for the flag in the image.