In this challenge, we have a raw file, and hints. So let check it in volatility.
It’s WinXP, and in the description we have to find the webstite in scvhost, let’s try to check it.
I really did’t know what I have to do, until hint 2 have been show. We all know host file is the file in C:\Windows\System32\drivers\etc and I got:
Let extract and see what it have:
So the web we need to find is crattack.tistory.com, but it’s failed, I have to find deeper.
Seriously, I didn’t what to do and luckyly I remember the strings command line:
I attend to the website http://crattack.tistory.com/entry/Data-Science-import-pandas-as-pd because it appear too many times and before it have word visited so I’m very sure it’s the website we need to find. It’s have a IP: 175.126.170.110, remember file host? Let’s change a little bit.
FLAG is: SECCON{_h3110_w3_h4ve_fun_w4rg4m3_}