hackim 2017 write ups

Nullcon HackIM 2017 CTF – OSINT

February 2017    Nullcon HackIM 2017

OSINT 1 | 100 Points

 

Screenshot_3

Answer: Hints in questions are “I Serve”, “Clear Water”, “Fingerprint”

Clear Water is a City in Florida, First day I wasted in Google Maps as all the hints provided by them are related to google maps. I thought it may be a latitude/longitude…..I tried each and everything possibilities from google maps but no success.

 

Second day I got this tweet from @upgoingstar. He mentioned about infosec online tools and database.

Screenshot_26

 

I tried all the database including SHODAN.IO. That is the place.  ( Here we can relate the hints “I serve” with “What’s my fingerprint” ) Correct it may be a server running on Clear Water city.

Shodan.io is having city based search. It will list all the server running on the “clear water” and luckly only one server is running on clear water city. I checked the details and got the fingerprint.

Link: https://www.shodan.io/host/24.96.78.131

Screenshot_27

Flag: flag{ee:06:bb:c1:48:bc:64:bf:69:d3:ff:6f:b0:89:6a:84}

OSINT 2| 200 Points

Screenshot_1

osint200 (1)

 

Hints: “7033”, “I have a request”

We have one website and an image. I started with image content…Googled the number 7033 and got RFC 7033 webfinger protocol. In the RFC documentation page default request are mentioned (Hint: I have one request) I copied the request and tried in the target website. Boom. Got some information.

Screenshot_28 Screenshot_4

 

 

SSDEEP(523bd1e47b08cfd4d92cddcbff8e541d)
flag{ssdeep}

 

Answer: Here I trusted Google once again. I googled the hash and got this “ViCheck.ca – Malware Hash Index“.

Its a malware hash database. I searched the hash “523bd1e47b08cfd4d92cddcbff8e541d” and got ssdeep flag.

Screenshot_30

 

Flag : flag{3072:uFvAPdnvdoz91j/q2p4N1m1QmKoEe2TE4lvrNh:uFvAPdnvdoz91rq2p4rm1QdoEe2TE4l/}