search
LinkedinGithub

Wimble

hashtag
File Attachment :

file-download
6MB
wimble.7z
arrow-up-right-from-squareOpen

the challenge attachemnt contains a file called fetch which is a windows imaging image file (WIM) which is a file-based disk image format used by Microsoft. WIM files are designed to capture the entire contents of a disk or partition

to view the contents of WIM files first we'll extract the fetch file using 7-zip

we can notice that the files extracted are prefetch files, so to view there contents we will use the winprefetchview program. you can download it from here

https://winprefetchview.soft32.com/free-download/winprefetchview.soft32.comchevron-right

after installing open the program go to options -> advanced options -> browse to the directory where we have extracted the WIM file

searching file by file i have found the FLAG at the file WORDPAD.EXE-942EAA71.pf

hashtag
Flag :

PreviousOpposable ThumbsNextThe Cyber Cooperative CTF 2023

Last updated