lesion.io Blog
  • Roadmap
  • Docs
    • Templates
      • Data Inventory
      • Access Control
      • Cybersecurity Roles & Responsibilities
      • Asset Inventory
      • Acceptable Use Policy
      • Change Management
      • Vendor Risk Assessment Form
      • Password Protection Policy
  • About Us
    • Manifesto
    • Metrics
  • CTF Team
    • CISA ICS CTF 2024
      • Virbank
        • Mission: Inconceivable - 1
        • Mission: Inconceivable - 2
        • Extend Your Stay - 1
        • Extend Your Stay - 2
        • Extend Your Stay - 3
        • Extend Your Stay - 4
        • Follow The Charts - 1
        • Follow The Charts - 2
        • Read Askew Manuscripts - 1
        • Read Askew Manuscripts - 2
        • Read Askew Manuscripts - 3
        • Read Askew Manuscripts - 4
        • Read Askew Manuscripts - 5
      • Anville
        • Genisys of the Problems - 1
        • Genisys of the Problems - 2
        • Genisys of the Problems - 3
        • Modeling Trains - 1
        • Modeling Trains - 2
        • Modeling Trains - 3
      • Castelia
        • Page
      • Driftviel
        • Page 1
Powered by GitBook
On this page

Was this helpful?

  1. CTF Team
  2. CISA ICS CTF 2024
  3. Virbank

Read Askew Manuscripts - 2

PreviousRead Askew Manuscripts - 1NextRead Askew Manuscripts - 3

Last updated 7 months ago

Was this helpful?

  1. We are now tasked with finding the Password used to exfiltrate the information.

  2. I looked into the sockets and didnt find any active connections at that time.

  1. I checked IExplorer traffic and looked through various files and didn't find anything.

  2. I eventually found that I could dump information from notepad. Using this module we are able to find a message that was left for one of the hackers.

  1. In the URL we find a parameter that contains a base64 encoded string that contains the password which is the flag.