Posts STF [Who are the possible kidnappers?]
Post
Cancel

STF [Who are the possible kidnappers?]

Posted Dec 10, 2020 2020-12-10T01:48:00+08:00 by Li Zibin (ShallowDream)
Updated Dec 11, 2020 2020-12-11T02:15:55+08:00

16 SOLVES

Description

Perform OSINT to gather information on the organisation’s online presence. Start by identifying a related employee and obtain more information. Information are often posted online to build the organization’s or the individual’s online presence (i.e. blog post). Flag format is the name of the employee and the credentials, separated by an underscore. For example, the name is Tina Lee and the credentials is MyPassword is s3cure. The flag will be govtech-csg{TinaLee_MyPassword is s3cure}

Addendum:

  • Look through the content! Have you looked through ALL the pages? If you believe that you have all the information required, take a step back and analyse what you have.
  • In Red Team operations, it is common for Red Team operators to target the human element of an organisation. Social medias such as “Twitter” often have information which Red Team operators can use to pivot into the organisation. Also, there might be hidden portal(s) that can be discovered through “sitemap(s)”?

I guess if you can log in with the password, then you should look at the flag format again!

Note: engaging/contacting Ms. Miller is not in scope for this ctf.

Document provided

  • None

Tools used

  • Google Chrome

Evaluating current resources

Linking back to the previous previous challenge (What is he working on? Some high value project?), we know that the organization name is Korovax.

The description also hints us that the we might need to find a blog/blog post regarding Korovax. Hence, we can format our Google search like this:

Korovax "blog"

which forces Google to include the term blog in their search result.

This gives us this result.

upload-image

Korovax Blog

upload-image

Clicking into the posts yielded me with nothing. So I went about checking the sitemap and robots.txt to see if there are any other hidden pages.

upload-image

upload-image

A lot of interesting pages not shown in the blog showed up, and after checking each and every link, the one the was most useful to us was:

https://csgctf.wordpress.com/oh-ho/

upload-image

The post mentioned about archived tweets, so my first thought was Twitter, but wasn’t sure who I should look out for.

I then headed to the Teams tab to see who were in the Team, and gave me the following personnels: Oswell E Spencer, Sarah Miller and Samuel the Dog.

upload-image

Twitter hunting

My best bet was Sarah Miller, since searching Oswell E Spencer gives me so many Resident Evil results.

upload-image

There were also a lot of Sarah Millers on Twitter, after looking through most of the Sarah Millers, the most relevant Sarah Miller I’ve found was @scba.

upload-image

Remember she said archived tweets and the keywords blue something communications? It seems like we are missing a word here.

So, we can utilise Twitter’s advance search function to search our keywords from a specific user.

upload-image

upload-image

And we got our result.

upload-image

Back to our flag format, with the information we have now, the final flag is govtech-csg{SarahMiller_Blue sky communications}

Thoughts

A lot of effort was put into this challenge as the search results were too much to handle. I would call myself lucky to bump into @scba in the first page of the Google Search.

CTF, STF
OSINT twitter
This post is licensed under CC BY 4.0 by the author.

Recent Update

Contents

STF [What is he working on? Some high value project?]

STF [Contact Us!]

Comments powered by Disqus.