Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
32 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Evil Website (forensics) | ||
|
||
We're given a directory containing lots of interesting firefox stuff. | ||
|
||
``` | ||
┌[michal@Bobik] [/dev/ttys002] [master ⚡] | ||
└[~/Downloads/Chall]> ls | ||
AlternateServices.txt containers.json firebug modifyheaders.conf serviceworker.txt | ||
SecurityPreloadState.txt content-prefs.sqlite formhistory.sqlite notificationstore.json sessionCheckpoints.json | ||
SiteSecurityServiceState.txt cookies.sqlite gmp permissions.sqlite sessionstore-backups | ||
addonStartup.json.lz4 cookies.sqlite-shm gmp-gmpopenh264 pkcs11.txt shield-preference-experiments.json | ||
addons.json cookies.sqlite-wal gmp-widevinecdm places.sqlite storage | ||
blocklist.xml crashes handlers.json places.sqlite-shm storage.sqlite | ||
blocklists datareporting key3.db places.sqlite-wal times.json | ||
bookmarkbackups extensions key4.db pluginreg.dat weave | ||
browser-extension-data extensions.json kinto.sqlite prefs.js webapps | ||
cert8.db favicons.sqlite lock revocations.txt webappsstore.sqlite | ||
cert9.db favicons.sqlite-shm logins.json saved-telemetry-pings webappsstore.sqlite-shm | ||
cert_override.txt favicons.sqlite-wal mimeTypes.rdf search.json.mozlz4 webappsstore.sqlite-wal | ||
compatibility.ini features minidumps secmod.db xulstore.json | ||
``` | ||
|
||
Unfortunately, all we had to do is notice a pretty suspicious cookie: | ||
|
||
![cookie](cookie.png) | ||
|
||
Decoding the base64 gave us a weird `Targa image data` file. | ||
You might be tempted to look for some weird ancient software just to view it, but as it turned out that the best way was to actually just import it into gimp as raw data: | ||
|
||
![solution](solution.png) | ||
|
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.