RingZer0-92 - Dinosaure Survive
Dinosaure Survive
Looking for information
We first start by using file
on the file
file 0b02119984a7cee0ba83d55425b9491f.E01
0b02119984a7cee0ba83d55425b9491f.E01: EWF/Expert Witness/EnCase image file format
We get that it’s EWF file.
A quick google search tells us how to open it in linux.
sudo apt-get install ewf-tools
ewfexport 0b02119984a7cee0ba83d55425b9491f.E01
We answer the questions and choose a name for the file that will be extracted.
I chose raw then enter, enter, enter.
Extracted EWF file
We’ll be getting two files once it’s extracted.
Let’s run file
and strings
on it
file file.raw
We get a lot of information about the MBR boot sector, which is not useful for us
file file.raw.info
Says it’s a ASCII Text, again not useful
Let’s string them and grep flag
find . | xargs strings | grep -i flag
flag-6b96e212b3f85968db654f7892f06122
The flag is : flag-6b96e212b3f85968db654f7892f06122