WinjaCTF at c0c0n [2021]: I developed an easy challenge - called “Anonymous” - the challenge was based upon browser forensics.


Intended Way - Download the zip > Extract it > Navigate the Linux directory structure > To find a directory called .config > google-chrome > Default > Open the History File in SQL Browser > Search for URLs and upon up the URL to get a file with the name - formatted like flag.

Un-Intended Ways - Too Many 😂

Detailed WriteUp

Download the ZIP and from the description it is obvious that it’s a forensics challenge. Zipped File

Navigate to /home/crazy_crocodile/.config/google-chrome/Default/ and Open the “History” file in SQLite Browser.

Note: .config/google-chrome/Default/ contains all the chrome relatead artifacts

SQLite Browser ScreenShot

Click on the Browse Data Tab > Change the Table Dropdown to urls urls Menu

Get the Drive URL or See the Filter tab to get the file name. flag-details

Final Flag:


Thanks for playing Winja CTF 2020!