On April 7, CenaEnCasa, an hyperdimensionally famous "dinner at your home" website needs your help. It seems like Jack Tipsy's (CenaEnCasa sumilleur and spirits expert) computer is "acting funny".
Evidences
A cousin of one of CenaEnCasa owners is studying computer sciences and is dabbling with forensics. Surprisingly she manages to acquire cleanly these evidences :
- Jack Tipsy - RAM dump: https://ctf.unizar.es/ratas_inminentes/data/CENAENCASA-PC23_RAM.zip
- Jack Tipsy Triage data: https://ctf.unizar.es/ratas_inminentes/data/CENAENCASA-PC23_CYLR.zip
* Here you have the hashes for all the collected evidence: https://ctf.unizar.es/ratas_inminentes/data/hashes.txt
The RAM dump has been taken with DumpIt https://my.comae.io/login.The triage data has been obtained using a (really) old versión of https://github.com/orlikoski/CyLR/releases/download/2.1.0/CyLR_win-x64.zip CyLR.
Basic Info
CenaEnCasa information systems are pretty standard: endpoints with Windows 7 (SP1, 64bits), and a Windows 2008 R2 Server. Best security practices are barely maintained in MINAF's information systems: every server and endpoint have an antivirus (they think) and have security patches (from time to time).
Your task
Answer all the challenges and help CenaEnCasa solve its security incident.
[Note1]: The flags are all case-insensitive and must be answered in plaintext (oldschool guy here).
[Note2]: The computer has Madrid as its default timezone (summer time here)
Kick the rats out of CenaEnCasa's kitchen!
Made by
This challenge has been made by Antonio Sanz (@antoniosanzalc), with support from DIEC (Telecommunications Engineering Department) at University of Zaragoza. Extra large thanks go to José Luis Salazar (crypto man) and Alvaro Alesanco (network and medical devices security guy), professors from DIEC/Unizar for their support.
Play, learn, share & have fun!