Solution de s-celles pour Layer Cake 3/3

intro forensics docker

18 décembre 2024

Pull de l’image Docker

C:\Users\user\Downloads\hackropole> docker pull anssi/fcsc2024-forensics-layer-cake-3
Using default tag: latest
(...)

What's next:
    View a summary of image vulnerabilities and recommendations → docker scout quickview anssi/fcsc2024-forensics-layer-cake-3

Création d’un répertoire pour l’analyse

C:\Users\user\Downloads\hackropole> New-Item -ItemType Directory -Path .\analysis

    Directory: C:\Users\scelles\Downloads\hackropole

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d----          18/12/2024    21:45                analysis

On rentre dans le répertoire

C:\Users\user\Downloads\hackropole> cd .\analysis

On sauvegarde l’image.

C:\Users\user\Downloads\hackropole\analysis> docker save anssi/fcsc2024-forensics-layer-cake-3 -o layer-cake-3.tar

On décompresse le fichier .tar

C:\Users\user\Downloads\hackropole\analysis> tar -xf layer-cake-3.tar

On cherche recursivement le flag

C:\Users\user\Downloads\hackropole\analysis> Get-ChildItem -Recurse | Select-String -Pattern "FCSC{"

layer-cake-3.tar:405641:exec /nix/store/rnxji3jf6fb0nx2v0svdqpj9ml53gyqh-hello-2.12.1/bin/hello -g "FCSC{c12d9a48f1635354fe9c32b216f144ac66f7b8466a5ac82a35aa385964ccbb61}" -t
blobs\sha256\8ea6eb4812d48d7aee7de57a65ba99e4d3c3958fee6eb973419cf7aace4c7fec:405618:exec /nix/store/rnxji3jf6fb0nx2v0svdqpj9ml53gyqh-hello-2.12.1/bin/hello -g
"FCSC{c12d9a48f1635354fe9c32b216f144ac66f7b8466a5ac82a35aa385964ccbb61}" -t