Fluffy No More was a Forensics 300 point challenge at CSAW 2014. The backstory seemed kind of funny and I thought I’d give it a shot!
The attached tarball contained a few additional tarballs:
- Full /etc directory contents
- Full /var/log directory contents
- Full /var/www directory contents
- A MySQL database dump file
The task was to determine the attacker’s ingress point as well as discover a key for the CTF challenge. I cover both points in the sections below.