Policy Violation Pt.1

1. Install ewf tools

sudo apt install ewf-tools

1. create folder to mount image and mount .e01 file

mkdir image
ewfmount Image.E01 image

1. Extract files with tsk_recover

mkdir imageExtract

cd image

tsk_recover -e ewf1 ../imageExtract

1. Looking through the directories two PDFs in the $RECYCLE.BIN directory look interesting. I know you can embed exploits into pdfs, so i upload them to virustotal and it shows the CVE

The flag format is crew{CVE-2008-2992_Date:MM.D.YY}

google the CVE find this page: https://www.cvedetails.com/cve/CVE-2008-2992/

I first try the report date, it doesent work so i try the publish date and thats the flag!

Flag

crew{CVE-2008-2992_Date:11.04.08}