Skip to main content

Tag: rdp

justCTF 2020 Remote Password Manager

Remote Password Manager [fore, 347 points, 12 solves] TLDR; The challenge consists of a single vmem file (VM memory dump). After some analysis, one of the things that stand out was that the `mstsc.exe` process was running. After a little bit of poking around, the flag could be found in one of the images preserved in the process memory. The starting point of the challenge is a vmem file. It is a virtual memory file used by various hypervisors to store RAM on VM suspension.