CTF(x) - 50 - crash - Forensics

Informations

Version

By Version Comment
noraj 1.0 Creation

CTF

Description

defund was about to give this flag away until his computer crashed.

file: flag.zip

Solution

TL;DR: asciicast

  • flag.zip contains .flag.txt.swp and flag.txt
  • Extract the archive: unzip flag.zip
  • Recover/restore the file with the swap file: vim -r flag/flag.txt
  • You get some ASCII art of the flag: ctf(v1m_is_be77er_than_3macs).

Extract of VIM man page:

1
2
3
4
-r List swap files, with information about using them for recovery.
-r {file} Recovery mode. The swap file is used to recover a crashed editing session. The swap file is a
file with the same filename as the text file with ".swp" appended. See ":help recovery".
Share