We got some important data paged out. Can you recover it?
pagefile.sys.gz
Hints:
The first key is named 'ct', the second one - 'fz'. Find out the remaining keys.
This was an exercise in good Linux-fu. The file we had was 1GB large, so impossible to search by hand.
Given the hint, we could deduce though that there should be ct and fz strings somewhere.
Since ct is pretty common digraph (action, direct, and others), we decided to look for far rarer fz. Since this
was a Windows dump, we searched for UTF-16 strings. And... done:
λ strings -e l pagefile.sys | grep fz
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ct\fz\one\{\r3g_\h4x\0r}The flag is ctfzone{r3g_h4x0r}