Let’s get right into it.
If you read the description it said:
Can you prove yourself to be elite?
Can you find the picture attached on the internet? I guess we’ll have to see.
That will be the KEY for sure!!
The flags are arranged in order, that is all flags will be clearly indicated whether it is the first, second, third, or fourth flag where you’ll find them.
The first one was quite easy, more of a sanity check.
Task 1: This should get you started. {https://tinyurl.com/shortCTF}
On going to the link, it was a blog with a poem with a flag in it.
Task2: For this task read the description and download the image
Getting Interesting Now!!
Upon downloading the image, you would get a hint straight away.
This was the official picture announcing this CTF, all you had to do was to go to twitter ofcourse and since the CTF was from p3rf3ctr00t. That was pretty straight forward.
Going to the post: One of the replies was really outstanding and also the username:
Going to the profile of that person, we see that he doesn’t have many tweets just 7 of them, let’s start by the thread which was actually pinned. We see a blog of random thoughts.
Going to the blog, again we see another poem. In between the lines of the poem the flag was there, but this time it was encoded:
If you didn’t know what this was, we can use cyberchef and we use the magic operation to tell cyberchef to decode for us.
We see it is base64 encoded, the flag was in the results.
Task3: You have to prove yourself!
What does this mean, suppose the twitter page of the guy has some more details, I mean it doesn’t hurt since we are doing OSINT right?
Going back to the twitter page, we see the guy tweeting about another platform:
Maybe he is on LinkedIn too:
So we already know the username is MeruOsint, perhaps that’s the username he’s using there too. Since LinkedIn accepts 2 names, let’s use meru osint instead, we get a page saying that the guy is a student of Meru University, weird right? Viewing the about on his page, we get a flag
This was not it, OSINT is all about looking for even the tiniest details, so upon reading the whole poem, we see the correct flag now, which is labelled as the third flag.
Last challenge Now!
I saved the best for last :)
Task4: Good luck with this one
We go back to the twitter page now, since we have exhausted all the tweets, maybe looking at his bio would help.
We see that he is a newbie developer and he is also on github.
Nice let’s get to github. We use the same username to search in github:
In users we see there is a user by that name:
Going to that page:
I will just go right into it, I don’t want this writeup to be lengthy.
We see in contributions that the user has done 15 contributions which was in January, On clicking the green dot.
We see what he did. In most repositories you will find nothing. Except one repo “simple-things”
Also: On going down the contributions
We see he committed the first issue which says Random Things to Add to the code ”simple-things”. On clicking it:
We see the fourth flag but again it is encoded. Going back to cyberchef and using magic:
We get the final flag:
That was a nice and easy challenge.
Writeups for the challenges in Binary Exploitation, Malware Analysis and Reverse Engineering can be found below:
