👁️🗨️Lets Go Hunting
Lets Go Hunting
This is a set of OSINT challenges hosted during CDDC 2021.
These challenges were possibly some of the easier challenges, going by the solve count. However, we only solved both of them on the second day of the CTF, due to going on a wrong track on day 1.
Broken System
Points: 200
Challenge text:
The CryptIT Banking and Consulting company suspects that the GlobalDominationCorporation is attacking its email systems. They need your help to fix the misconfiguration.
Solution
A quick google search found the website cryptit.biz. After some recon, we found the following text in a TXT record.
One thing that we noticed was the presence of spf, due to the "v=spf1" in the TXT record. After much trial and error, the flag was found in the TXT record of one of the common subdomains used for email security (due to the challenge text mentioning email systems being involved).
Flag found! CDDC21{10x_f0r_yOur_Serv!ce}
Track Him Down
Points: 500
Challenge text:
TeslaReactor7 seems to be one of the GlobalDominationCorporation cybots. One of TheKeepers founded a strange video on his Youtube channel. Can you track him down?
Solution
A youtube channel search found the channel named Tesla Reactor, with a single video on his channel. The video appears to be from the CTF organizers, confirming that this is indeed the correct channel.
We got his email address by going to the "About" tab of the channel.
One of my teammates was aware of an old trick, where you could get someone's google ID by adding them to your gmail contacts and trying to email them, where the id would be printed in the network tab of the browser dev console.
Using the google id, a user's google maps reviews can be seen by going to the URL: google.com/maps/contrib/googleidhere e.g. google.com/maps/contrib/105865555829030607150
Flag found! CDDC21{tR4cK1nGFr4NZy}
Last updated