M53_ymir

Challenge Category: Forensics

Challenge Name: Godam Secrets (Require to solve Secret Letter first)

Name: Sofarz @ ymiir

M53 is Malaysia Security enthusiast team that focus on CTF. One of pre-requisite to be in this team is, need to complete task. For me, I do forensics part since that what I have experience.

PS: THis is my method/solution. It might be any other solution and steps that can be used to solve this challenge.

Download the file and it appear to have Firefox profile memory.

First things first, check the key4.db where all the saved passwords being stored.

Don’t manage to crack the password. Or maybe another rabbit hole. Looking for login.json. But this folder does not appear in this folder.

Next, checking the places.sqlite where it holds all visited URL. Notice at the bottom of the data have one URL the look suspicious.

Checking on the site, it asks for key.

\

Let check formhistory since this submission in form.

SKR{hidden_text_in_color_hex_code}

Got access.

Looking around and find this flag that mention about SKR. Which our target

This word is in inverted. Let change to normal.

This pattern such as previous flag where it takes all Capital and combine as flag.

FLAG = SKR{SECRETCLUBISNOTLONGERSECRET}