Wimble

File Attachment :

the challenge attachemnt contains a file called fetch which is a windows imaging image file (WIM) which is a file-based disk image format used by Microsoft. WIM files are designed to capture the entire contents of a disk or partition

to view the contents of WIM files first we'll extract the fetch file using 7-zip

we can notice that the files extracted are prefetch files, so to view there contents we will use the winprefetchview program. you can download it from here

after installing open the program go to options -> advanced options -> browse to the directory where we have extracted the WIM file

searching file by file i have found the FLAG at the file WORDPAD.EXE-942EAA71.pf

Flag :

FLAG{97F33C9783C21DF85D79D613B0B258BD}

PreviousOpposable Thumbs NextThe Cyber Cooperative CTF 2023

Last updated 1 year ago

Was this helpful?