Vulpes Vulpes


By: smashmaster

Tags: misc HSCTF-2023

Problem Description:

The red fox (Vulpes vulpes) is the largest of the true foxes and one of the most widely distributed members of the order Carnivora, being present across the entire Northern Hemisphere including most of North America, Europe and Asia, plus parts of North Africa. It is listed as least concern by the IUCN. Its range has increased alongside human expansion, having been introduced to Australia, where it is considered harmful to native mammals and bird populations. Due to its presence in Australia, it is included on the list of the "world's 100 worst invasive species".


Reveal Hints plug and chug

Just SQLite Databases

You’ll pretty quickly notice that this is a firefox profile from the name and the names of the files. Now, how do we make sense of them? Well let’s ask ourselves this question first.

Why reinvent the wheel when you already have a good database system?

Because of this firefox just striaght up uses sqlite for not very sensetive data we can yeet the files into this online sqlite viewer. Here are the contents of two interesting databases formhistory.sqlite and places.sqlite (browsing history). You may need to switch to look at a different table but this sqlite viewer shows row counts which makes it convinient. Form History History aka Places: Browsing through the places database for complete browsing history urls. We find this encrypted pastebin that we don’t know the password of. Most likely we’re not supposed to bruteforce and I wasn’t able to find anything else from this mode of forensics so I switched to a different strategy.

Dumping into a real Firefox profile

I simply made a new profile and copied files on top. It worked. Now we can look into the tampermonkey and see they have their own password manager as a userscript. Firefox with the profile loaded

Since the browser thinks we are the user we can just navigate to the page manually and fill in flag. Firefox with the profile loaded