title: Writeup DamCTF 2021 - Imp3rs0nAt0r-1
date: Nov 08, 2021
tags: DamCTF Writeups OSINT Cheatsheet Volatility3 Forensic ShieldsCTF Prog HeroCTF MidnightFlag

DamCTF2021 - Imp3rs0nAt0r-1

Some dumb college student thought he was leet enough to try and hack our university using a school computer. Thankfully we were able to stop the attack and we confiscated the equipment for forensic analysis.

Can you help us figure out what their next moves are?

File : UsrClass.dat

To read the file I downloaded ShellBags Explorer

shellbags explorer

After loading the file, I found an interesting directory : E:/hacking/2020faExploit_scripts, I noticed a .git indicating that the project may use github. So I made a quick search on Google:


It directly found a github account and a project named h4ckerman-3000-bot, this project is a simple discord bot but the token of the bot was left in the project files.

import discord
import os
import random

client = discord.Client()

epic_hacking = [

async def on_ready():
    print('We have logged in as {0.user}'.format(client))

async def on_message(message):
    if == client.user:

    if message.content.startswith('!hack'):
token = base64.b64decode(b'T0RReU1qUTNPRFl6TWpVek56STVNamt3LllKeWljZy45SjI0aC11LUs1SmRQNFFPa2NRSmlOeXlaRHc=').decode()

I found this project on github that allowed me to connect to a bot account on Discord :

So I used the client to create an invite to the discord server where the bot was connected :


I then joined the server and found in the message history the flag :


Here is our flag : dam{Ep1c_Inf1ltr4t0r_H4ck1ng!!!!!!1!}