NCS Competition 2021 Writeup
  • HHousen National Cyber Scholarship Competition 2021 Writeup
  • Forensics
    • FE02 - 100pts
    • FE03 - 100pts
    • FH01 - 500pts
    • FE04 - 100pts
    • FM01 - 250pts
    • FM02 - 250pts
    • FM03 - 250pts
    • FE01 - 100pts
  • Crypto
    • CM01 - 250pts
    • CM02 - 250pts
    • CX01 - 1000pts
    • CH01 - 500pts
    • CH02 - 500pts
  • Binary
    • BM01 - 250pts
    • BM02 - 250pts
    • BM03 - 250pts
    • BX01 - 1000pts
    • BX02 - 100pts
    • BE01 - 100pts
    • BE02 - 100pts
    • BH01 - 500pts
  • Networking
    • NM01 - 250pts
    • NE01 - 100pts
  • Web
    • WX01 - 1000pts
    • WE01 - 100pts
    • WE02 - 100pts
    • WH01 - 500pts
    • WH02 - 500pts
    • WM01 - 250pts
    • WM02 - 250pts
    • WM03 - 250pts
    • WM04 - 250pts
    • WM05 - 250pts
  • Challenge Name
Powered by GitBook
On this page
  • Briefing
  • Solution
  • Flag

Was this helpful?

Edit on Git
  1. Forensics

FE03 - 100pts

PreviousFE02 - 100ptsNextFH01 - 500pts

Last updated 4 years ago

Was this helpful?

Briefing

Download the file and find a way to get the flag from the docker image. Contents: fe03.tar.gz

Challenge Files:

Solution

  1. Run tar -xf fe03.tar.gz to extract the GZIP TAR file. The contents are a docker container.

  2. The c46eb315a38f7abc53c600748ca1bb022b571acb74e5d6d6efe16a79914742bf.json file lists that one stage of the build script is the following: {"created":"2021-03-14T14:22:31.349307153Z","created_by":"/bin/sh -c #(nop) ADD file:9ae478ef983cfd7a1762156ecbf2c745eb4f54af8480753e39fcbc4296bc2cdb in /home/secret/flag.txt "}.

  3. We can go though each folder and extract the corresponding layer.tar file. Check to see if the path /home/secret/flag.txt exists in each extracted layer.tar folder. This is faster than writing a script to do it since there are only 14 layers.

  4. The flag is in the 20f27a62bd4b6360e6d71ee3b6e3d4e23d27f8316853b5f115134dc496b76921/layer.tar file. Read the flag.txt file to get the flag.

Flag

8191-SiMpLeFilESysTemForens1Cs

fe03.zip