{"id":960,"date":"2022-09-13T16:39:47","date_gmt":"2022-09-13T16:39:47","guid":{"rendered":"https:\/\/shreyapohekar.com\/blogs\/?p=960"},"modified":"2022-09-13T16:39:50","modified_gmt":"2022-09-13T16:39:50","slug":"winja-ctf-nullcon-goa-2022-osint-challenges-writeup","status":"publish","type":"post","link":"https:\/\/shreyapohekar.com\/blogs\/winja-ctf-nullcon-goa-2022-osint-challenges-writeup\/","title":{"rendered":"Winja CTF @ Nullcon Goa 2022 – Osint Challenges Writeup"},"content":{"rendered":"\n

Hello CTFers! This blog contains the write-up of 3 OSINT challenges created as part of Winja CTF (Nullcon Goa 2022 Edition). You can find the solutions to Winja CTF web challenges here<\/a>.<\/p>\n\n\n\n

So Let’s get started!<\/p>\n\n\n\n

Lost in Space<\/h2>\n\n\n\n

Challenge description<\/h3>\n\n\n\n

Our Astronomer is lost in space!!! He needs some urgent help otherwise he would run out of oxygen. The astronomer had noted the code somewhere that he could use to unlock the spare oxygen cylinder. Can you help him find the code?<\/p>\n\n\n\n

Solution<\/h3>\n\n\n\n
  1. Right-click on the landing page and view the page source.<\/li>
  2. Scrolling down to the bottom you will find the email address ie cassielayer@gmail.com and just above there is the password<\/li><\/ol>\n\n\n\n

    Got the creds already?! Now here’s a catch!<\/p>\n\n\n\n

    You need to find the website for which these credentials can be used.<\/p>\n\n\n\n

    We can here use a tool named holehe<\/code> which can easily do the job. The tool can be found here<\/a> . <\/p>\n\n\n\n

    Once the setup and installation are done, simply run<\/p>\n\n\n\n

    holehe cassielayer@gmail.com<\/pre>\n\n\n\n
    This will output that cassielayer@gmail.com<\/strong> has been used on evernote.com<\/p>\n\n\n\n
    Now go to evernote.com and login and you will find your flag in the scratch pad<\/p>\n\n\n\n
    \"\"<\/figure>\n\n\n\n
    \n\n\n\n
    Cern<\/h2>\n\n\n\n
    Challenge description<\/h3>\n\n\n\n
    The world’s largest and highest-energy particle collider has got its 3-word unique name. Can you find it?<\/p>\n\n\n\n
    Flag format: flag{word.word.word}<\/p>\n\n\n\n
    Solution<\/h3>\n\n\n\n
    The hint to this challenge is in the description ie a 3-word name. You would have already guessed that the 3-word name for the location of CERN has to be identified.<\/p>\n\n\n\n
    1. go to what3words<\/li>
    2. search for cern Switzerland (as we know that Cern is in Switzerland)<\/li><\/ol>\n\n\n\n
      You will find your flag ie flag{dusty.retail.hilltop}<\/strong><\/p>\n\n\n\n
      \n\n\n\n
      theUniverse<\/h3>\n\n\n\n
      Challenge description<\/h3>\n\n\n\n
      Have you ever wondered how massive the stars are?? If you are aware of the Rigel and VY cannis majoris, you might know this one too\u2026
      You will find your answer at 2:54.<\/p>\n\n\n\n
      Attachment image<\/p>\n\n\n\n
      \"\"
      harry.jpg<\/figcaption><\/figure>\n\n\n\n
      flag format: flag{word}<\/p>\n\n\n\n
      Solution<\/h3>\n\n\n\n
      “You will find your answer at 2:54” implies that it is a youtube video. The image is provided in the attachment to direct the players to the youtube channel that has the intended youtube video. An image reverse search on Yandex can be used to find the youtube channel. <\/p>\n\n\n\n
      \n