Winja CTF @ Nullcon Goa 2022 – Osint Challenges Writeup

Winja CTF @ Nullcon Goa 2022 – Osint Challenges Writeup

Hello CTFers! This blog contains the write-up of 3 OSINT challenges created as part of Winja CTF (Nullcon Goa 2022 Edition). You can find the solutions to Winja CTF web challenges here.

So Let’s get started!

Lost in Space

Challenge description

Our Astronomer is lost in space!!! He needs some urgent help otherwise he would run out of oxygen. The astronomer had noted the code somewhere that he could use to unlock the spare oxygen cylinder. Can you help him find the code?

Solution

  1. Right-click on the landing page and view the page source.
  2. Scrolling down to the bottom you will find the email address ie cassielayer@gmail.com and just above there is the password

Got the creds already?! Now here’s a catch!

You need to find the website for which these credentials can be used.

We can here use a tool named holehe which can easily do the job. The tool can be found here .

Once the setup and installation are done, simply run

holehe cassielayer@gmail.com

This will output that cassielayer@gmail.com has been used on evernote.com

Now go to evernote.com and login and you will find your flag in the scratch pad


Cern

Challenge description

The world’s largest and highest-energy particle collider has got its 3-word unique name. Can you find it?

Flag format: flag{word.word.word}

Solution

The hint to this challenge is in the description ie a 3-word name. You would have already guessed that the 3-word name for the location of CERN has to be identified.

  1. go to what3words
  2. search for cern Switzerland (as we know that Cern is in Switzerland)

You will find your flag ie flag{dusty.retail.hilltop}


theUniverse

Challenge description

Have you ever wondered how massive the stars are?? If you are aware of the Rigel and VY cannis majoris, you might know this one too…
You will find your answer at 2:54.

Attachment image

harry.jpg

flag format: flag{word}

Solution

“You will find your answer at 2:54” implies that it is a youtube video. The image is provided in the attachment to direct the players to the youtube channel that has the intended youtube video. An image reverse search on Yandex can be used to find the youtube channel.

flag is flag{betelgeuse}


Hope you enjoyed solving Winja CTF. If you have any feedback, do let me know in the comments. If you wish to be a part of Winja CTF team, do reach out and we will help you out with the further process.

That’s all for this post. See you in the next one.

Until then, Happy hunting! πŸ™‚

shreyapohekar

I’m Shreya Pohekar, a Senior Product Security Analyst at HackerOne. I enjoy sharing my thoughts and insights through blogging, turning complex security topics into engaging and accessible content for my readers.

Leave a Reply