OSINT challenges are some of my favorites in a CTF; however, they can be difficult to complete without being given a lot of information.
Open Source Intelligence (OSINT) uses online tools, public records, and social media to find information about a target, usually about an individual or organization. For example, if you’ve ever Googled someone before you met them for your safety, that’s OSINT!
The challenges I’m sharing in this post came from CSI CTF–a jeopardy-style event that had a variety of challenges that was held in mid-July of 2020. This CTF had some awesome sponsors that provided some great prizes, including HackTheBox subscriptions, TryHackMe subscriptions, Digital Ocean VPS credits, and much more.
This post serves as an overview of the CTF event, along with specifics on certain challenges, which both current CTF participants and those who are looking to try them out in the future may find interesting. P.S. If you didn't see it yet, check out part 1 as well!
Pirates of Memorial Challenge
The challenge I started with was called “Pirates of the Memorial.” In this instance, we are given the image featured below and are challenged to see if we can find the original photographer:
Upon our initial observation, it appears as if it’s a picture that was posted on Instagram. As you can see, in the lower left corner, it looks like an account is tagged–the person icon is what shows up when someone is tagged in a photo on instagram.
With a reverse image search on Google, we can see this is a picture of Victoria Memorial in Kolkata, India. The search term “victoria memorial” in the screenshot below is filled in by Google after the image is uploaded and it completes the search.
Most of where you find this image will not have the original photographer credited. If you scroll down far enough where it is posted in one of the search results, https://twitter.com/vivbajaj/status/1263046172282949632, then you will see a tweet by the original photographer, giving us his Instagram account @arunopal17:
If you go to the Instagram account, you will see the picture posted on October 15, 2019 with the flag in the comments.
Flying Places Challenge
Flying Places was the next challenge I did in the OSINT category.
We are given a picture with the description, “A reporter wanted to know where this flight is headed. Where does he (the reporter) live?” First, we have to find out where this picture is posted online, and then we see if we can find a comment from a reporter asking where the flight is going.
Below shows the picture we are given:
Doing a reverse image search like we did in the previous challenge, we are led to a tweet by Jack Ma (https://twitter.com/JackMa/status/1239388330405449728) and in one of the replies we see a reporter from San Francisco asking where the flight is headed.
All that was needed to solve this challenge was a reverse image search and a little bit of reading through the replies.
One of the challenges that I didn’t solve was Commitment–but I learned about a new tool that I can use next time, which also would have helped with challenges in other CTFs.
All it said was “hoshimaseok is up to no good. Track him down.” This gives us barely anything to go on except that we are looking for a user called “hoshimaseok.” All I found when searching the username in Google was a link to the reddit post for CSICTF, and a user with that name posted that they would be signing up. I couldn’t figure out where to go from there. The official writeup for this challenge said the tool to use in this case is called Sherlock.
OSINT is one of the more rarely seen categories in CTFs, so I really enjoyed the clever OSINT challenges in CSI CTF. I’m looking forward to next year!