Gunjan Mehta

Day 5 of Advent of Cyber 2023.

Gunjan Mehta's photo
Gunjan Mehta
·

3 min read

Problem statement summary.

Having conquered the server room door, the team faces a new challenge: recovering vital data from rediscovered backup tapes. The internal tool fails, but hope lies in an ancient DOS-compatible computer tucked away in the IT room. Frost-eau, a snowman with a mechanical arm, defers to your expertise. The computer, with its CRT monitor, springs to life as you insert the tapes. Frost-eau, nostalgic but hesitant, urges you to lead.

Together, you navigate the DOS interface, its command prompts and archaic charm rekindling memories of a bygone era. Frost-eau, mechanical fingers hovering, guides you through the labyrinth of commands. The clatter of the keyboard and hum of the floppy disk drive become a symphony of data resurrection. Progress indicators flicker on the screen, and Frost-eau's grin grows as the old tool proves its worth. In this digital time capsule, you and Frost-eau revive crucial data, blending past and present in a triumph over technological challenges.

Objective:

  • Experience how to navigate an unfamiliar legacy system.

  • Learn about DOS and its connection to its contemporary, the Windows Command Prompt.

  • Discover the significance of file signatures and magic bytes in data recovery and file system analysis.

    What is DOS?

    DOS means Disk Operating System, which was a popular operating system in the early days of personal computing. MS-DOS (Microsoft Disk Operating System) and PC-DOS (IBM's version) are notable examples. While not directly related to cybersecurity, understanding DOS in this context is important for historical and legacy systems, especially when dealing with older technology or recovering data from outdated systems.

    DOS CheatSheet:

    Common DOS commands and Utilities:

    | CD | Change Directory | | --- | --- | | DIR | Lists all files and directories in the current directory | | TYPE | Displays the contents of a text file | | CLS | Clears the screen | | HELP | Provides help information for DOS commands | | EDIT | The MS-DOS Editor |

Travelling back in time:

In the DOS environment, familiarize yourself with essential commands:

  1. Clear the screen with CLS and list directory contents using DIR, displaying file details.

  2. Use TYPE followed by the file name to view its contents, e.g., TYPE PLAN.TXT.

  3. Change the directory with CD followed by the directory name; CD ... goes back to the parent directory.

  4. Retrieve all available commands with HELP.

Your task: Restore AC2023.BAK in the root directory using the backup tool in C:\TOOLS\BACKUP. Navigate to this directory and run BUMASTER.EXE C:\AC2023.BAK. Encounter a file signature error, prompting a check in README.TXT. View it with EDIT README.TXT for troubleshooting details on file signatures.

Exit the EDIT program, and learn about file signatures' significance in cybersecurity. Magic bytes, like MZ in DOS executables, serve as identifiers crucial for system functionality and security. Explore practical examples, like creating a DOS executable and inspecting its magic bytes.

Returning to the main task, apply this knowledge to resolve the file signature issue in AC2023.BAK for successful data restoration.

Task 1

How large (in bytes) is the AC2023.BAK file?

Answer: 12,704

Task 2

What is the name of the backup program?

Answer: BackupMaster3000

Task 3

What should the correct bytes be in the backup's file signature to restore the backup properly?

Answer: 41 43

What is the flag after restoring the backup successfully?

Answer: THM{0LD_5CHOOL_C00L_d00D}

#cybersecurity