osint
@0pt1muspr1me
Solved by : Starry-Lord
Transforming time into flags…
As an OSINT challenge I started by checking the username @0pt1muspr1me on common social media platforms, and eventually found 0pt1muspr1me's Github profile.
2 repos there with a couple commits
Obviously that zip file is password protected, so I started by trying fcrackzip:
fcrackzip -Duvp rockyou.txt flag.zip
fcrackzip -b -c “aA1” flag.zip
This didn’t work D:
There was more in the README.md
Starting to transform time into flags! Yay!! But that string was undecipherable.
I started trying that string as a part of a url on repl.it, pastebin, to no avail.
That led me to look into what is bpython and it turns out this is linked on the website
Trying that string gave me a paste of a file named password.py
# password.py 2022-03-26 09:56:27
import time
import string
import random
import pyminizip
clock = int(time.time())
random.seed(clock)
length, letters = 32, string.ascii_letters
result_str = ''.join(random.choice(letters) for i in range(length))
archive_name = 'flag.zip'
pyminizip.compress("flag.txt", "flaggers", "flag.zip", result_str, 9)
So this is the code that created our flag.zip file, found on github.
In line 7, we see that the random function is seeded by the value of clock.
In practice, this means we can reproduce the exact same result_str var as the one from the creation time of the flag.zip,
that is IF we know the time frame it was created at.
It turns out we do! during the competition I went back to bpa.st and checked the longevity for a paste and found my answer: 1 day 1 week or 1 month (this one worked)
2022-03-26 09:56:27
- 30 days =
2022-02-24 09:56:27 # Unix Timestamp to replace clock var 1645696587
We can convert date and time to unix timestamps easily on cyberchef.
A range between 2022-02-24 07:56:27(1645689387) and 2022-02-24 09:56:27 (1645696587) should fall exactly in the time period when the flag.zip was created.
We can now supply the unix timestamp values we want to try as below:
# passwordpwn.py
import time
import string
import random
import pyminizip
#clock = int(time.time())
clock = range(1645689387, 1645696587)
for i in clock:
random.seed(i)
length, letters = 32, string.ascii_letters
result_str = ''.join(random.choice(letters) for i in range(length))
print(result_str)
#archive_name = 'flag.zip'
#pyminizip.compress("flag.txt", "flaggers", "flag.zip", result_str, 9)
By supplying a range and iterating through it, I managed to print a list of possible password and make a wordlist out of it, then crack the zip in a couple seconds 😎
python3 passwordpwn.py > passlist
Blink’s Secret
Solved by : Ava and Starry-Lord
content of note.txt:
After
a big fire accident in mr.Blinking man’s house, we managed to collect a note with a meme with his own image on it. The note says as follows:
I
missed a secret which was posted on his social media. I want to find that secret but I don't know where it is. I have some hints regarding where the secret is..
The user name is 15 letters long
The
user name comprises of my name and zip code of my current residence
Format
Name_zipcode
If
the name is thomas mueller then write the name as ThomasMueller
meme:
So we have to find this face’s name!
Turns out this is Drew Scanlon from San-Francisco and finding his name wasn’t too much of a problem
At this point, 11 letter plus a full zip code was past 15 letters and wasn’t making sense to me. I still tried to find the account on twitter by placing all zip codes for the SF area until I eventually deleted all numbers and got lucky:
This hints towards deletion, so I checked web archives and found this:
DrewScanlon_941's twitter web archive
Wow!! What a wonderful day !!! І wish I could eхtend this day as much as possible...
This is unicode, and since this was really too suspicious I went digging for unicode steganography.
That’s when Ava found about an online tool for that purpose and we solved it.
uploaded 29.03.2022