第三届盘古石杯WP
-
- 手机取证
-
- 1. 分析安卓手机检材,手机的IMSI是?[答案格式:660336842291717] Analyze the Android phone: What is the IMSI? [Answer format: 660336842291717]
- 2. 养鱼诈骗投资1000,五天后收益是?[答案格式:123] Invest 1000 in "Fish farming" scam, what is return after 5 days? [Answer format: 123]
- 3. 分析苹果手机检材,手机的IDFA是?[答案格式:E377D1D7-BA02-4A79-BB9A-5C2DE5BD1F17] Analyze the iPhone: What is the IDFA? [Answer format: E377D1D7-BA02-4A79-BB9A-5C2DE5BD1F17]
- 4. Telegram应用的卸载时间是?[答案格式:2023-01-22-17:37:50] When was uninstall time of Telegram App? [Answer format: 2023-01-22-17:37:50]
- 5. 机主hotmail邮箱地址是?[答案格式:123345@hotmail.com] What is the user’s Hotmail email address? [Answer format: 123345@hotmail.com]
- APK取证
-
- 1. 分析安卓检材,远控工具包名是?[标准格式:com.app.cpp] Analyze the Android device: What is the package name of the remote control tool? [Answer format: com.app.cpp]
- 2. 远控工具中继服务器IP是?[标准格式:192.168.11.11] What is the IP of the relay server in the remote control tool? [Answer format: 192.168.11.11]
- 3. 远控工具ID服务器端口是?[标准格式:8088] What is the “ID server”‘s open port in the remote control tool? [Answer format: 8088]
- 4. 远控工具中继服务器Key是?[标准格式:HoTwGxUuV9OxSSEWRFsr1DVxQBkbbFRe0ImYMTlzyec=] What is the relay server key in the remote control tool? [Answer format:
- 5. 远控工具中收藏的远程ID是?[标准格式:123456] What is the saved remote ID in the remote control tool? [Answer format: 123456]
- 6. 远程控制该手机的手机型号是?[标准格式:huawei-Hot] What is the model of the phone controlling this phone? [Answer format: huawei-Hot]
- 7. 监听工具包名是?[标准格式:com.app.cpp] What is the package name of the eavesdropping tool? [Answer format: com.app.cpp]
- 8. 监听工具代码主入口是?[标准格式:com.app.cpp.MainActidddy] What is the main entry point in the eavesdropping tool’s code? [Answer format: com.app.cpp.MainActidddy]
- 9. 监听工具的签名算法是?[标准格式:AES123RSA ] What signing algorithm does the eavesdropping tool use? [Answer format: AES123RSA]
- 14. 监听工具保存文件存储路径的数据库名称是?[标准格式:sqlite.db] What is the database name storing file paths in the eavesdropping tool? [Answer format: sqlite.db]
- 15. 监听工具保存录像文件的文件夹是?[标准格式:file] What folder stores the eavesdropping tool’s video files? [Answer format: file]
- 16. 监听工具数据库中保存音视频文件的路径使用什么加密?[标准格式:Rsa] What encryption algorithm is used for the paths of audio and video files saved in the eavesdropping tool’s database? [Answer format: Rsa]
- 17. 录音的文件采用什么加密方式?[标准格式:RC4-123] What encryption method is used for audio files? [Answer format: RC4-123]
- 18. 录像文件加密秘钥的最后一位是?[标准格式:0x6A] What is the last byte of the encryption key for video files? [Answer format: 0x6A]
- 计算机取证
-
- 1. 分析贾韦码计算机检材,计算机系统Build版本为?【标准格式:19000】 Analyze Jia Wei Ma(贾韦码)’s computer sample: What is the system Build number? [Answer format: 19000]
- 2. 计算机最后一次正常关机的时间为?UTC +0【标准格式:2025-05-06 09:00:00】 When was the computer last shut down normally (UTC +0)? [Answer format: 2025-05-06 09:00:00]
- 3. 计算机网卡的MAC地址为?【标准格式:00-0B-00-A0-00-00】 What is the MAC address of the computer’s network interface card? [Answer format: 00-0B-00-A0-00-00]
- 4. 计算机用户“贾韦码” 安全标识符SID为?【标准格式:S-X-X-X-X-X-X-X】 What is the SID of user "贾韦码"? [Answer format: S-X-X-X-X-X-X-X]
- 5.计算机默认浏览器为?【标准格式:Mozilla Firefox】 What is the default browser on the computer? [Answer example: Mozilla Firefox]
- 6. 计算机默认浏览器版本为?【标准格式:000.0.0000.00】 What is the version of the default browser? [Answer format: 000.0.0000.00]
- 7. 机主通过浏览器搜索国外社交软件为?【标准格式:Whatsapp】 What international social app did the owner search for? [Answer example: Whatsapp]
- 8. 机主的邮箱账号为?【标准格式:pgscup@pgs.com】 What is the owner‘s email account? [Answer format: pgscup@pgs.com]
- 9. 计算机装过一款反取证软件为?【标准格式:EnCrypt.exe】 What anti-forensic software was installed on the computer? [Answer example: EnCrypt.exe]
- 10. 计算机通过Xshell远程连接的ip地址为?【标准格式:127.0.0.1】 What IP address did the computer connect to via Xshell? [Answer format: 127.0.0.1]
- 11. 机主曾买过一个美国的TG账号,请给该账号的原两步验证密码?【标准格式:8位数字】 The owner purchased an US Telegram account. Provide its original two-step verification password. [Answer format: 8 digits]
- 18. 对macOS系统进行解析,登陆的电子邮件服务是谁提供的?【标准格式:pgscup】 Analyze the macOS system. Who provides the email service you log in to? [Standard format: pgscup]
- 19. 被加密文件的扩展名是什么?【标准格式:123】 What is the file extension of the encrypted files? [Answer format: 123]
手机取证
1. 分析安卓手机检材,手机的IMSI是?[答案格式:660336842291717] Analyze the Android phone: What is the IMSI? [Answer format: 660336842291717]
取证工具直接能拿到IMSI
2. 养鱼诈骗投资1000,五天后收益是?[答案格式:123] Invest 1000 in “Fish farming” scam, what is return after 5 days? [Answer format: 123]
根据聊天记录得到:1000+175*5=1875
3. 分析苹果手机检材,手机的IDFA是?[答案格式:E377D1D7-BA02-4A79-BB9A-5C2DE5BD1F17] Analyze the iPhone: What is the IDFA? [Answer format: E377D1D7-BA02-4A79-BB9A-5C2DE5BD1F17]
直接查镜像
4. Telegram应用的卸载时间是?[答案格式:2023-01-22-17:37:50] When was uninstall time of Telegram App? [Answer format: 2023-01-22-17:37:50]
查应用日志,最后直接有卸载日志
5. 机主hotmail邮箱地址是?[答案格式:123345@hotmail.com] What is the user’s Hotmail email address? [Answer format: 123345@hotmail.com]
用户账号里面,只存在一个hotmail邮箱
APK取证
1. 分析安卓检材,远控工具包名是?[标准格式:com.app.cpp] Analyze the Android device: What is the package name of the remote control tool? [Answer format: com.app.cpp]
从聊天记录里面找到银联会议.apk应该为远控工具,导出apk使用jadx解析
2. 远控工具中继服务器IP是?[标准格式:192.168.11.11] What is the IP of the relay server in the remote control tool? [Answer format: 192.168.11.11]
使用adb将检材里的应用数据导出,并传到安卓模拟器(这里复制时复制错了进入adb移动一下就行)
打开应用,能直接看到
3. 远控工具ID服务器端口是?[标准格式:8088] What is the “ID server”‘s open port in the remote control tool? [Answer format: 8088]
同上
4. 远控工具中继服务器Key是?[标准格式:HoTwGxUuV9OxSSEWRFsr1DVxQBkbbFRe0ImYMTlzyec=] What is the relay server key in the remote control tool? [Answer format:
同上
5. 远控工具中收藏的远程ID是?[标准格式:123456] What is the saved remote ID in the remote control tool? [Answer format: 123456]
能看到收藏的ID
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
