Log-Forensics [Defcamp Quals 2023]

writeup by: zenbassi

Challenge Description

We know for sure that an attacker attempted to dump the user’s passwords on the targeted system. Using your favourite text editor or Terminal commands please help us find answers to the following questions.

Intuition & Solution

We basically just used grep, find and vim to go through logs and terminal command hystory to find most of the answers. Some of the answer we could figure out just by searching on the internet.


all flags proof