Challenge file: Google drive
Author: g4rud4
Short Writeup
- Decrypt the message file found in the Outlook Express using the private key Stored on the device.
- PATH: Program Files/GPG/ (Key)
- PATH: Crimson/Local Settings/Temporary Internet Files
- Decrypt the saved passwords file(logins.json) using pwdecrypt and necessary files(cert8.db, key3.db, permissions.sqlite) all stored in the same folder.
$ jq . < logins.json
$ jq -r -S '.logins[] | .hostname, .encryptedUsername, .encryptedPassword' logins.json | pwdecrypt -d .- Use the decrypted password details for logging in to website he accessed.
Writeup