Tangle Coalbox – Lethal ForensicELFication Cranberry Pi terminal

As we speak to Tangle Coalbox, they ask if we can help them with an investigation.
“Elf Resources assigned me to look into a case, but it seems to require digital forensic skills.
Do you know anything about Linux terminal editors and digital traces they leave behind?
Editors can leave traces of data behind, but where and how escapes me!”

Were given a hint to check out this website and to be honest, that’s the only hint we need.

When we start the terminal, we see this.

So the task here is too “Find the first name of the elf of whom a love poem was written. Complete this challenge by submitting that name to run to answer.”

First thing I did, as I checked the .bash_history, and we can see there was a folder created called .secrets/her/

Also, if we cd to .secrets/her/ we find a file called “poem.txt” which is the love poem we need to find out who created it.

“How sweet…………” Let’s get back to the challenge here. Using the hint URL given if we use the command “cat .viminfo”, we get tons of information, but one thing that stands out is this.

“# Command Line History (newest to oldest):
:wq
|2,0,1536607231,,”wq”
:%s/Elinore/NEVERMORE/g
|2,0,1536607217,,”%s/Elinore/NEVERMORE/g”
:r .secrets/her/poem.txt
|2,0,1536607201,,”r .secrets/her/poem.txt”
:q”

Which shows Elinore created the poem.txt. So, the answer is “Elinore” and if we use Elinore with the run to answer… We get the congratulations!

Thank you for solving this mystery, Slick.
Reading the .viminfo sure did the trick.
Leave it to me; I will handle the rest.
Thank you for giving this challenge your best.
-Tangle Coalbox
-ER Investigator
Congratulations!

Leave a Comment

Your email address will not be published. Required fields are marked *