Лаборатория TJCTF 2016 - May 1, 2600 [forensics 100]

, 01 June 2016

Sometimes I miss that land of bliss.

We are given an archive with dbx file.

I've Installed undbx -  a tool to extract e-mails from Outlook Express .dbx files.

Performed unbase64 and got a file, with TAPE header (Microsoft tape format).

Downloaded and built mtftar - a tool for translating a MTF stream to a TAR stream.
./mtftar -v -f out.mtf | tar xfv -

Found a file flag.doc, where image with flag was inserted.

And got a flag: