Skip to main content

OSINT challenges (Task-3)

Our next task from the set of OSINT challenges. Try your skills now!
TaskYou found the time capsule in your backyard. 

When you opened it, you saw the small piece of paper with the following message: 
"Hello, my friend!  I left this for you in 2015. Let me introduce myself. I'm the fan of social networks, so my brother spends one amount of dollars to buy a gift for my birthday. And how do you think, which amount? Ha-ha, he decided to use the domain price of my favorite social network, which was on one of the Tuesdays - on 18th of May (my birthday). 
If you read this, I invite you on my next birthday. Just come to my house and say the secret phrase: [$$$] dollars for [favorite_social_network] My address: ...
Best regards,  Tom ".
So what's the secret phrase to the Tom's birthday event? Put your answer to the comments or send to livasiblog@protonmail.com. Correct answer and 3 first submitters will be published at the end of August. Good luck!

Recon Village CTF 2019 - DEF CON 27

Scoreboard for Recon Village CTF 2019 (Las Vegas, USA)


This year our team attended the Recon Village CTF and took the 9th place.



Write-ups

Challenge 1 - Thailand (100 points)


The attached file is the image. Let's look closer. Nothing special - just a dog with flowers.




Let's check the image metadata using http://metapicz.com/#landing 



There is the note: "CTF-steghide-Password: catchme@123". Let's try to decode the data using https://futureboy.us/stegano/decinput.html


Finally, we get the flag.


Challenge 6 - Paraguay (200 points)



We spent a lot of time to solve this task. Firstly, we tried to decrypt it a binary data, but right answer was not expected for us.

Let's check the data that should be decoded:


0000000101100011110000000011111010011101111011111001000101001001011101000100100010101000010110100010010001011101100001010001001111101000111000101111100000000101010101010000000111111111111010011111111100110001110101011110100000110001111011011011000111100011001000010001101011100011010100100010110111000100110101111111001101100010011101011101010100011111001100001000001110001101111111011000101000010011001100010001001100000011011111111000010010111001100000000110001100010100111011111010111001101110100001000101001110010000000110100010110001001010111100010001011011000101010110101111101011001100010001100000000101011011101101000


The number of symbols is 625. Let's think, how decode this... Is it binary? No, we can't decode it in direct way. Should we add some symbols (0 and/or 1) to make the proper binary data and then decode? No.
Let's think more non-standard. What 625 symbols is? It's 25 symbols x 25 symbols (!) When we divided data by lines, we discovered that it's the image - QR-code.
So we use the online tool to get QR-code from text:


And the flag is flag:{qR_c0d3$_aR3_tHe_fUtuR3}


Challenge 7 - Ethiopia (100 points)



This task is based on computer search engines. Firstly, we thought that Shodan would give us the proper result. But the search was unsuccessful: we discovered 9 Weblogic App servers, located in Mexica, but there was no possibility to determine the proper server scanned in 2015.

Then we tried to use Zoomeye with the next request:

app:"WebLogic applications server" +country:"MX" +after:"2015-01-01" +before:"2016-01-01"


And we got 1 IP that is the flag for this task.

Challenge 8 - Colombia (100 points)


This task requires to make the OSINT and find the name of university, where Victor got the Bachelors degree.
Let's search Victor using Google.


The Linkedin page for Victor Nevinnyy provides us the flag.



Challenge 14 - Belarus (200 points)



This task requires to find the location using next photo:


Let's look closer.


So we should search English National Ballet. Let's check using Google Maps.


There are 4 locations. And one of them makes us success.



So the nearest train station is "Canning Town" and this is the flag.

Challenge 15 - South Africa (300 points)


Let's check the attached image:


After closer look we discovered several keywords: wetherspoon shakespeare 70. After googling we got the probable place, where the photo was taken: 

https://d1i2hi5dlrpq5n.cloudfront.net/~/media/images/pubs/0239/shakespeares-head-(5).jpg?vs=1&d=20170807T144321Z&w=855&crop=1&cropx=50&cropy=50&hash=DE5EE9097FFC3CB823797EC19D9876856A596845



The address of this pub is Africa House, 64–68 Kingsway, Holborn, London, WC2B 6BG.
So we searched the companies using this address (changed the house to 70) - we got the company Mishcon de Reya . After browsing the site we discovered several Strategy Managers, but the proper person is Lena Kearney


And her page has the name of catering company:


The flag - Sinclair's Catering.

Challenge 18 - United Kingdom (300 points)



In this task it's required to reconstruct the key using its part.
The key beginning "AKIA" gives us the hint that this task is related to AWS. So there are the access ID with missing 2 symbols and the private key at the second line. So we made our python script using  aws-iam-get-username-by-access-key.bash and got the missing parts for access ID - vz. So the flag - AKIA2SR3ZZCIQ7LT5QVZ.

Challenge 22 - Australia (200 points)



In our opinion, it's the funniest task.

For all participants, the organizers prepared black badges.


There are binary data at the back site. The decoded data is "https://pa". So we decided that we should find other badges to get the full link. 
We got the photo of staff's red badge:


With this part of data, we got the URL beginning: "https://pastebin.com". And finally we met the speaker with blue badge:



And the full link is "https://pastebin.com/CQ5Bg9X7". 



Challenge 24 - Norway (300 points)


Firstly, we searched the name of the student. We found Ben Price .


We found his Twitter account using project name as the search query: Archaeology Ex Machina: employing virtual reality technology to enhance archaeological landscape investigation.


Then we made search for diggah.net and found his email with password at the Pastebin:

 diggah@diggah.net       m0nkeyfun


Popular posts from this blog

Write-Ups: RiceTeaCatPanda CTF 2020

RiceTeaCatPanda (https://riceteacatpanda.wtf/)  is a CTF (Capture The Flag competition) that crosses a variety of random ideas and challenges to solve, including but not limited to cryptography, web, binary, forensics, general computer skills, data analysis, AI hacking, and talking! CryptographyDon't Give The GIANt a COOKie (100)
Solution: String 69acad26c0b7fa29d2df023b4744bf07 is md5 hash.  So we need to decrypt it.


Cryptography15 (100)
Solution:This is alphabetical substitution. Use https://quipqiup.com/ with clue "tovm = rtcp" and get flag.

Flag: rtcp{c4R3Ful_w1tH_3X1f_d4T4} 
Cryptographynotice me senpai (100) Solution: String tlyrc_o_0pnvhu}{137rmi__i_omwmcontains rtcp, so we try to use Rail fence cipher. Count of symbol ! in the task is 6, and count of symbol ? is 9. So we use key = 6 and offset = 9.

Flag: rtcp{im_1n_lov3_wi7h_y0ur_mom}

CryptographyWrong Way (150)


Solution: Use cyberchef https://gchq.github.io/CyberChef/ with "Base64 offset" recipe.
It …

Write-ups AUCTF 2020

Write-ups: AUCTF 2020
[OSINT] Who made me
Task:
One of the developers of this CTF worked really hard on this challenge.
note: the answer is not the author’s name
Author: c

Solution:
After search by keywords "AUCTF 2020" we found repositories on GitHub.
Checking the commits we found the flag:


[OSINT] Good Old DaysTask:
An OSINT challenge using wayback archive
Prompt: This site used to look a lot cooler.
Author: c

Solution:
After checking the Wayback Machine site https://web.archive.org/ we found the record in the sitemap for CTF site.

[OSINT] ALIedAS About Some ThingTask:
See what you can find.
AUCTFShh
Author: c

Solution:
First we tried to check AUCTFShh as the username.We used https://namechk.com/ for this activity.
Steam account https://steamcommunity.com/id/AUCTFShh gave us the alias youllneverfindmese.



Looking again NameCheck site for youllneverfindmesewe found Pastebin page with link.



[OSINT] OxyrTask: One of the developers of devs-r-us.xyz has been a little sketchy lately.…