Intro to Sleuthkit for Forensics (PicoCTF #39 'sleuthkit-apprentice')

  Рет қаралды 16,450

John Hammond

John Hammond

Күн бұрын

Пікірлер: 18
@yttos7358
@yttos7358 2 жыл бұрын
For those who want to do it on the command line you can use `icat` to `cat` out the contents of a specific inode. The inode he displayed in during autopsy was 2371, you also need to tell it the offset `-o` of the filesystem partition you are looking for (use mmls again) and then feed that to `iconv` So this is what I used at the end of it `iconv
@ductive
@ductive Жыл бұрын
You can do the same without iconv.
@lab-at-home
@lab-at-home 2 жыл бұрын
That is cool. When I solved this challenge I just extracted the filesystem with binwall and looked into the files, but this tool seems to be really cool
@harsh2314
@harsh2314 2 жыл бұрын
Your reactions were relatable... most of the time it needs a simple task for us to solve the problem but we can't just get it 😂
@moustafakashen3610
@moustafakashen3610 2 жыл бұрын
LOVE YOUR CONTENT!
@lordspacecake5565
@lordspacecake5565 2 жыл бұрын
Awsome video, great tool to have.
@bladesvlogs4965
@bladesvlogs4965 2 жыл бұрын
Wow, that was impressive 👍
@h3bb1
@h3bb1 2 жыл бұрын
Hey John, thansk for the videos. They are both fun and super interesting. I wanted to ask you, do you have a video on what you are doing in the terminal at the end, when you echo out the flag and the finish command? Or is this maybe just basic terminal stuff?
@Stroopwafe1
@Stroopwafe1 2 жыл бұрын
It was in one of the earlier episodes in this series, where the solution was so simple he made those 2 commands. Can't remember exactly which one though, sorry
@shiv_sagar72
@shiv_sagar72 2 жыл бұрын
great video thnks man
@TigerWalts
@TigerWalts 2 жыл бұрын
Three hundred megabytes of hard drive capacity! What can that do for you? Three hundred file cabinets of storage capacity! That's right That's on one disk! You couldn't get close to that on a floppy disk
@rasraster
@rasraster 2 жыл бұрын
Am I missing something obvious? Couldn't he have just decoded the hex in that flag.uni.txt file, right off the bat?
@SphereofTime
@SphereofTime 9 ай бұрын
5:00
@feverwilly
@feverwilly 2 жыл бұрын
The WIndows version is better it was redone in Java in Windows.
@chiragvyas5720
@chiragvyas5720 2 жыл бұрын
Yeah that is what I also think.
@bhagyalakshmi1053
@bhagyalakshmi1053 Жыл бұрын
Codo automatically shell
@Lacsap3366
@Lacsap3366 2 жыл бұрын
All I did in this challenge was to mount the root partition as a loop device by hand and just cat out the flag.uni.txt
@jorjo1061
@jorjo1061 Жыл бұрын
Yeah same but autopsy seems cool as well
Restructuring PCAP Network Packets (PicoCTF 2022 #45 'eavesdrop')
10:51
Exploiting C strstr Function (PicoCTF 2022 #37 'rps')
14:53
John Hammond
Рет қаралды 13 М.
1% vs 100% #beatbox #tiktok
01:10
BeatboxJCOP
Рет қаралды 67 МЛН
Beginner Introduction to The Sleuth Kit (command line)
22:55
DFIRScience
Рет қаралды 65 М.
Obscure File Types & Compression (PicoCTF 2022 #10 'file-types')
17:06
Bypassing SQL Filters (picoCTF Web Gauntlet)
14:06
The Cyber Mentor
Рет қаралды 44 М.
Diffie-Helman Key Exchange (PicoCTF 2022 #32 'diffie-helman')
30:25
RECOVERING FILES with Autopsy (PicoCTF 2022 #47 'operation-oni')
14:00
Format String printf Vulnerabilities (PicoCTF 2022 #46 'flag-leak')
19:44
How to Crack Software (Reverse Engineering)
16:16
Eric Parker
Рет қаралды 820 М.
GHIDRA for Reverse Engineering (PicoCTF 2022 #42 'bbbloat')
17:44
John Hammond
Рет қаралды 225 М.
Morse Code for CTFs (PicoCTF 2022 #16 'morse-code')
12:37
John Hammond
Рет қаралды 15 М.