DEV Community

Cover image for OSINT/Creeping 1-4 @ Hacktober CTF 2020 write-up
Jason Rebelo
Jason Rebelo

Posted on

OSINT/Creeping 1-4 @ Hacktober CTF 2020 write-up

hacktoberCTF

Hacktober CTF logo

This post is part of my Hacktober CTF 2020 writeups series. To check out the entire series, read the post below.

Creeping 1 (10 points)

Ali Tevlin is quite active on Ghost Town and we believe he's behind some of the recent attacks on De Monne Financial. See what you can find out about him on the internet - it might give us an idea about why he's targeting De Monne Financial.

What company does Ali Tevlin work for? Submit the flag in this format: flag{Little Shop of Horrors}

challenge author: syyntax

Key information

Let's establish some key information we have been given.

  • Name: Ali Tevlin
  • Username: alitevlin
  • Active on Ghost Town (https://www.ghosttown.xyz)
  • Involved in recent De Monne Financial attacks

Ghost Town

We can easily find his profile on ghosttown. However, there was nothing related to his current position on there as far as I am aware.

Intel

The intel page mentions that he is employed at De Monne Financial's rival.

Solution

We simply look up his username on a google search and find his facebook profile.

We know it's the correct profile because the same person appears in the available pictures.

solve

Good thing our person of interest is very active on Facebook, and shares information willingly!

Here's the flag: flag{F. Kreuger Financial}

Creeping 2 (10 points)

Based on what you've been able to discover about Ali Tevlin, tell us what his position is at his current company.

Submit the flag in the following format: flag{Chief Executive Officer}

challenge author: syyntax

Solution

From that same Facebook profile, and visible on the previous image, we are able to extract this information, too.

Here's the flag: flag{Senior Acquisitions Supervisor}

Creeping 3 (10 points)

For claiming to be part of a hacker group as dangerous as DEADFACE, I'm surprised how much sensitive information Ali posts online. Based on the information you've been able to gather on Ali Tevlin, what date was he born?

Submit the flag in the following format: flag{dd mmm yyyy}.

challenge author: syyntax

Solution

Once again, that Facebook profile proves beneficial. In his about section, we find his birthdate.

solve

Here's the flag: flag{17 jun 1973}

Creeping 4 (30 points)

Ali Tevlin went on vacation in August. Based on his social media activity, which town did he stop in first? Submit the flag as flag{City, State}.

Example: flag{Albany, NY}

challenge author: syyntax

Key information

Let's once again establish the information we've been given.

  • vacation in August
  • social media activity will help
  • need to find location of the first stop

The logical step here is to re-use the Facebook profile, look for posts or pictures that date back to August and see what we can find.

Solution

Taking a look at Ali's pictures we find this one:

mothman

Ali posted this picture in August:

august

Since this picture includes some sort of statue, it is likely that we will find information about that statue with a simple reverse image search.

reverse_img_srch

Google immediately recognises it and tells us that it's the Mothman Statue, located in Point Pleasant, West Virginia.

Here's the flag: flag{Point Pleasant, WV}

Conclusion

That's it for the Creeping challenge. Some pretty straight forward and simple OSINT.

If you're interested in other writeups for this CTF, check out the post below.

Top comments (0)