Wimble
File Attachment :
the challenge attachemnt contains a file called fetch which is a windows imaging image file (WIM) which is a file-based disk image format used by Microsoft. WIM files are designed to capture the entire contents of a disk or partition
to view the contents of WIM files first we'll extract the fetch file using 7-zip
we can notice that the files extracted are prefetch files, so to view there contents we will use the winprefetchview program. you can download it from here
after installing open the program go to options -> advanced options -> browse to the directory where we have extracted the WIM file
searching file by file i have found the FLAG at the file WORDPAD.EXE-942EAA71.pf
Flag :
FLAG{97F33C9783C21DF85D79D613B0B258BD}Last updated
Was this helpful?