Snapcat
We were given a corrupted disk image. We were supposed to get information off of it. I looked at the disk image using a hex editor, and noticed that it had pictures on it. I saw jpeg headers. So, I used a program called Foremost on my SIFT VM to carve the images out of the disk.img file.
$ foremost -t jpg –o ~/Desktop –c etc/foremost.conf disk.img
-t: specifies what type of file that I want to be carved out.
-o: specifies the directory where I want the output file
-c: specifies where the foremost config file is
disk.img is the name of the img that I was carving files out of.
One of the pictures that was output had this flag.
i_can_has_cheezburger
No comments:
Post a Comment