HackIt 2017 – Forensic 100 – USB ducker

Ya sé que voy con algo de retraso en los writeups con respecto a lo que os tengo acostumbrados pero más vale tarde que nunca ¿no? Hoy os traigo un reto que ya había visto en otros CTF’s pero en este fue la primera vez que realmente me paré a hacerlo como dios manda y a lo largo de la semana he mejorado el script que use y que luego os compartiré. Comencemos con el enunciado:

USB ducker
foren100

Description: This file was captured from one of the computers at the Internet cafe. We think that the hacker was using this computer at that time. Try to get his secret documents. ( flag format is flag{…} )

Attachment: (none)

Webpage: https://mega.nz/#!NVJ1kZCR!mDxd7V0rHtMStePa-tUEHPW-SyAxQ6f1zRDCTxX8y3M

Hint: (none)

Nos bajamos el task.pcap y lo abrimos con Wireshark:

Aunque el título ya nos daba una pista está claro que estamos ante una captura de tráfico USB y no la típica de red que nos esperaríamos de un pcap. Utilizamos el filtro «usb.bDescriptorType» para quedarnos con los paquetes que nos darán información sobre los dispositivos USB:

Vemos que hay al menos dos dispositivos con el id 1.2.0 y 1.3.0. Comprobando el contenido de estos paquetes nos encontramos con una información muy valiosa:

Como veis el dispositivo 1.3.0 parece ser un teclado de apple, si buscáis por el id del vendor (1452 o 05ac)  y del producto (0221) veréis que concretamente se trata de un teclado Alumminium en su versión ISO.

Vamos a filtrar los paquetes de ese teclado en concreto:

Como podemos ver a continuación de los paquetes de información del dispositivo nos encontramos con una gran cantidad de interrupts que se corresponden con pulsaciones de teclas y todas tienen una longitud de 35 bytes. Si miramos más a fondo veremos que existe un campo llamado «Leftover Capture Data» que Wireshark no es capaz de interpretar, esta es la información que contiene las teclas pulsadas y que vamos a extraer para poder trabajar con ellas. Para hacerlo más fácil utilice tshark en lugar de Wireshark para generar un archivo con esta información en plano utilizando el siguiente comando:

tshark -r task.pcap -Y "usb.bus_id == 1 && usb.device_address == 3 && usb.transfer_type == 0x01" -T fields -e usb.capdata > captured.txt

Como veis hemos utilizado la dirección del teclado y especificado que solo nos devuelva los interrupts. Obtenemos el siguiente archivo:

00:00:1a:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:28:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0e:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:28:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:09:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:28:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:05:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:28:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:20:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:34:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:2f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:20:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:2f:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:1a:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:21:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:37:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:05:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:04:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0a:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:2f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:08:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:06:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0c:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:37:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:2f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:2f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:09:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:2f:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0e:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:11:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:21:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0d:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:18:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:30:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:33:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:20:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:18:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:22:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:2e:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:32:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:1c:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:23:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:36:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:34:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:13:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:05:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:24:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:22:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:24:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:07:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:27:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0d:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:13:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:17:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0c:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:04:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:2f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0e:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:26:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:2e:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:15:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:10:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:30:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:2e:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:27:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:07:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:37:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:06:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:25:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:2d:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:2f:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0d:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:22:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:18:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:16:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:26:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:25:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:1f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:27:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:11:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:34:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:33:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:26:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0b:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:21:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:30:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:1c:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:21:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:34:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0e:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:33:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:2e:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:13:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:09:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:08:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:21:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:1e:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:30:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:1e:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:2d:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0e:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:16:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:24:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:16:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:1f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:06:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:22:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:14:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:21:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:37:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:1e:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:20:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:36:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:16:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:27:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:06:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:51:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:1d:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:20:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:08:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
02:00:00:00:00:00:00:00
02:00:30:00:00:00:00:00
02:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:2d:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:52:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0c:00:00:00:00:00
00:00:00:00:00:00:00:00

Analizando un poco más esta captura podemos ver que la tecla pulsada esta situada en el tercer valor hexadecimal pero que también existe el valor 02 en algunas lineas, esto parece corresponderse con la tecla shift/mayúsculas, basándonos en esto generamos el siguiente script (después de muchas pruebas y errores):

mappings = {
        "04":["a","A"],
        "05":["b","B"],
        "06":["c","C"],
        "07":["d","D"],
        "08":["e","E"],
        "09":["f","F"],
        "0A":["g","G"],
        "0B":["h","H"],
        "0C":["i","I"],
        "0D":["j","J"],
        "0E":["k","K"],
        "0F":["l","L"],
        "10":["m","M"],
        "11":["n","N"],
        "12":["o","O"],
        "13":["p","P"],
        "14":["q","Q"],
        "15":["r","R"],
        "16":["s","S"],
        "17":["t","T"],
        "18":["u","U"],
        "19":["v","V"],
        "1A":["w","W"],
        "1B":["x","X"],
        "1C":["y","Y"],
        "1D":["z","Z"],
        "1E":["1","!"],
        "1F":["2","@"],
        "20":["3","#"],
        "21":["4","$"],
        "22":["5","%"],
        "23":["6","^"],
        "24":["7","&"],
        "25":["8","*"],
        "26":["9","("],
        "27":["0",")"],
        "28":"\n",
        "29":"ESC",
        "2A":"BKSPC",
        "2B":"  ",
        "2C":" ",
        "2D":["-","_"],
        "2E":["=","+"],
        "2F":["[","{"],
        "30":["]","}"],
        "31":["\\","|"],
        "32":"(INT 2)",
        "33":[";",":"],
        "34":[",",'"'],
        "35":["`","~"],
        "36":[",","<"],
        "37":[".",">"],
        "38":["/","?"],
        "39":"CAPSLOCK",
        "3A":"F1",
        "3B":"F2",
        "3C":"F3",
        "3D":"F4",
        "3E":"F5",
        "3F":"F6",
        "40":"F7",
        "41":"F8",
        "42":"F9",
        "43":"F10",
        "44":"F11",
        "45":"F12",
        "46":"PRTSCR",
        "47":"SCRLOCK",
        "48":"PAUSE",
        "49":"INS",
        "4A":"HOME",
        "4B":"PGUP",
        "4C":"DEL",
        "4D":"END",
        "4E":"PGDOWN",
        "4F":"RIGHT",
        "50":"LEFT",
        "51":"DOWN",
        "52":"UP",
        "53":"NUMLOCK"
        }

nums = []
keys = open('captured.txt')
for line in keys:
        nums.append(line.strip().upper())
keys.close()
output = list()
for n in nums:
    push=n.split(":")
    if push[2] == "00":
        continue
    else:
        key=push[2]
    if push[0] != "02":
        islist=mappings[key]
        if type(islist) is list:
            output.append(mappings[key][0])
        else:
            output.append(mappings[key])
    else:
        output.append(mappings[key][1])
final=dict()
empty_line=list()
final[0]=[]
counter=0
for i in output:
    if i == "\n":
        counter += 1
        final[counter]=["\n"]
    elif i == "DOWN":
        if counter < len(final):
            counter += 1
    elif i== "UP":
        if counter != 0:
            counter -= 1
    else:
        final[counter].append(i)

output=""
for x in final.keys():
    for y in final[x]:
        output+=y
print output

Y digo después de muchas pruebas y errores porque habitualmente cuando tengo visto este tipo de pruebas se limitan como mucho a meter letras, números y símbolos pero en este caso nos hemos encontrado con que también se utilizaban las flechas …. En este script no se plantean las flechas de derecha e izquierda pero por el resto debería de reconocer prácticamente todo el teclado con un layout USA.

Ejecutamos el script y obtenemos el siguiente resultado donde se puede ver la flag:

w{w$ju},,pt]=j%;9+ps&#,i
k#>bn$:6pjim0{u,h;fks!s-
flag{k3yb0ard_sn4ke_2.0}
b[[e[fuI7d[=>*(0],$1c$ce
3,ci.[%=%&k(lc*2y4!}%qz3

Espero os haya gustado este nuevo writeup, aun tengo un par más de ellos pendientes y los iré publicando poco a poco ya que estoy trabajando en algunas otras cosas que creo que os parecerán interesantes. ¡Estaros atentos!

Como siempre, gracias por vuestra visita, saludos!

Esta entrada fue publicada en ctf, forense, hackit, writeups. Guarda el enlace permanente.

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.