CTF(x) - 50 - crash - Forensics

Saturday 27 August 2016 (2016-08-27)

Saturday 14 September 2024 (2024-09-14)

noraj (Alexandre ZANNI)

ctf, forensics, security, writeups

🇬🇧

Information#

Version#

By	Version	Comment
noraj	1.0	Creation

CTF#

Name : CTF(x) 2016
Website : http://ctfx.io/
Type : Online
Format : Jeopardy
CTF Time : link

Description#

defund was about to give this flag away until his computer crashed.

Solution#

TL;DR:

flag.zip contains .flag.txt.swp and flag.txt
Extract the archive: unzip flag.zip
Recover/restore the file with the swap file: vim -r flag/flag.txt
You get some ASCII art of the flag: ctf(v1m_is_be77er_than_3macs).

Extract of VIM man page:

-r          List swap files, with information about using them for recovery.

-r {file}   Recovery mode.  The swap file is used to recover a crashed editing session.  The swap file is a
            file with the same filename as the text file with ".swp" appended.  See ":help recovery".