Category取证

NeverLAN CTF 一道有意思取证题

N

老外的比赛,地址 题目比较简单,取证最近做的少了,简单记录一下 Look into the past We’ve captured a snapshot of a computer, but it seems the user was able to encrypt a file before we got to it. Can you figure out what they encrypted? Your flag will be in the normal flag{flagGoesHere} syntax. 下载附件之后发现是个 linux 系统文件的复制,这种题目因为没法执行命令,相比内存取证就少了很多骚操作,就先看看用户的目录,查看一下常规的配置文件。 首先看 root 目录,有 .bashrc .profile .vimrc...

Imagin 丨 京ICP备18018700号-1


Your sidebar area is currently empty. Hurry up and add some widgets.