Intergalactic Recovery [easy]: HackTheBox Forensics Challenge (RAID 5 Disk Recovery)
Video walkthrough for retired @HackTheBox (HTB) Forensics challenge (originally featured in Cyber Apocalypse 2022 CTF) "Intergalactic Recovery" [easy]: "Miyuki's team stores all the evidence from important cases in a shared RAID 5 disk. Especially now that the case IMW-1337 is almost completed, evidences and clues are needed more than ever. Unfortunately for the team, an electromagnetic pulse caused by Draeger's EMP cannon has partially destroyed the disk. Can you help her and the rest of team recover the content of the failed disk?"
We'll use PwnTools to XOR the two uncorrupted RAID 5 drives, recovering the destroyed disk. Next, we'll use mdadm to rebuild the RAID 5 array. Finally, we'll mount the array and extract a PDF document, containing the flag. Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Forensics #DFIR #OffSec #CyberApocalypse #CyberApocalypse22
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/challenges/317
https://www.hackthebox.com/events/cyber-apocalypse-2022
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-specific Resources↣
https://medium.com/jeremy-gottfrieds-tech-blog/why-every-bit-is-not-equal-a-primer-in-computer-memory-7cb0be4fe115
https://www.prepressure.com/library/technology/raid
https://www.ontrack.com/en-gb/data-recovery/raid/explained/5
https://www.forensicfocus.com/forums/general/raid-5/
https://sleuthkit.discourse.group/t/raid-forensic-analysis/407
https://www.cyberciti.biz/faq/what-happens-when-hard-disk-fails-in-raid-5
https://mustafakalayci.me/2020/05/01/raid-5-and-xor
https://www.thomas-krenn.com/en/wiki/Mdadm_recovery_and_resync
https://ctftime.org/task/21470
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Basic file checks: 0:45
Computer Memory (volatile vs non-volatile): 3:04
Redundant Arrays of Inexpensive Disks (RAID): 6:30
RAID 5 parity and XOR: 11:08
XOR working disks to recover corrupted disk (PwnTools): 14:49
Map images to devices (losetup): 17:00
Rebuild RAID 5 array (mdadm): 17:56
Mount array and extract PDF: 19:18
Fix image sequence (-.-): 19:56
End: 22:02
-
3:08:57
Spittin' Chiclets
7 hours agoBoston vs. Toronto Game 7 Livestream
13.8K4 -
DVR
Akademiks
8 hours agoKendrick Lamar spins the Block on Drake AGAIN!! Disses him again and even BIG AK gets a bar!
98.9K59 -
1:24:41
LFA TV
17 hours agoLAST CALL WITH MIKE CRISPI | FT. JEREMY HERRELL & SHAWN FARASH | 5.4.24 8PM
35.6K30 -
1:49:51
Darkhorse Podcast
23 hours agoNever Alone: The 223rd Evolutionary Lens with Bret Weinstein and Heather Heying
57.6K56 -
2:22:22
Jewels Jones Live
1 day agoWEAPONIZATION | A Political Rendezvous - Ep. 75 - 5/4/2024
64.3K45 -
1:35:13
Roseanne Barr
1 day ago $12.26 earnedGuns And Chardonnay | The Roseanne Barr Podcast #46
151K323 -
1:11:58
Steven Crowder
2 days agoPALESTINE COMMIES: Mug Club Undercover First to Infiltrate Marxist Protesters at George Washington
592K1.76K -
1:28:55
Graham Allen
2 days agoRussell Brand Speaks Out On His Baptism......FINALLY Some Good News!!
161K406 -
1:10:02
CutJibNewsletter
3 days agoNo One is Above the Lore - Cut Jib Newsletter Speaks!
25.9K2 -
54:08
Real Coffee With Scott Adams
16 hours agoEpisode 2464 CWSA 05/04/24
88.9K102