Stability

Challenge author
Dillon Korman (SIGPwny)
Write-up author
Dan (Batman's Kitchen)
Points
200
Category
forensics

Hey, my friend just told me he forgot his super important password to one of those crypto money things. Fortunately, he logged onto my computer one time when he was looking at it. Can you help me find his password?

https://drive.google.com/file/d/0B42xuEQ8CPHjR1NtbnlYMHBKazg/view

We are given a large memory dump of an Ubuntu VM. The challenge is hinting at "crypto money things" so I'm thinking bitcoins. The easiest place to start with a memory dump would be Volatility, but before that I decided to simply take a look at the strings and see what is in there.

strings + "crypto money things" = bitcoin, signature, blockchain ... and there we go.

strings -n 7 Ubuntu-Snapshot.vmem | grep -C 5 blockchain

and we get something that looks like a password, and it's also a flag.