Szczygielka's hacking notes
  • 🚀Welcome
  • 💻Hack The Box Writeups
    • Linux Machines
      • Busqueda
      • Zipping
      • Clicker
      • Pilgrimage
    • Windows Machines
      • Aero
      • Visual
  • 🚩CTFs Writeups
    • KnightCTF 2024
      • OS, Password, IP Addr, Note, Execution, Path of the Executable, Malicious - Forensics
      • Flag Hunt! - Steganography
      • Oceanic - Steganography
      • README - Web
    • TetCTF 2024
      • TET & 4N6 - Misc/Forensics
    • 0xL4ugh CTF 2024
      • Wordpress - 1 - Forensics
      • Wordpress - 2 - Forensics
      • Gamer - 5 - Forensics
    • 1753CTF 2024
      • Resume - Misc
    • UTCTF 2024
      • OSINT 1 - Forensics
      • OSINT 2 - Forensics
      • Contracts - Forensics
      • Survey - Forensics
      • simple signature - Crypto
      • Anti-dcode.fr - Crypto
      • bits and pieces - Crypto
    • RITSEC CTF 2024
      • Curiosity Helped the Cat - Forensics
      • Failed File Transfer - Crypto
      • Dastardly Evil Scientists - Crypto
      • Secret Door - Misc
      • Guess – Reversing
    • Cyber Apocalypse 2024: Hacker Royale
      • Russian Roulette - Blockchain
      • Recovery - Blockchain
      • Primary Knowledge - Crypto
Powered by GitBook
On this page
  • Task
  • Solution
  1. CTFs Writeups
  2. UTCTF 2024

OSINT 1 - Forensics

PreviousUTCTF 2024NextOSINT 2 - Forensics

Last updated 1 year ago

Task

It seems like companies have document leaks all the time nowadays. I wonder if this company has any.

(NOTE: It turns out there's also an actual company named Kakuu in Japan. The real company is not in scope. Please don't try and hack them.)

Hints:

You're looking for a leaked document. You won't find it on their website.

Accounts online associated with the scenario should be (fairly) distinguishable.

Solution

We get the following URL address:

http://puffer.utctf.live:8756

Let's visit the website:

In the Team section we find information about the Kauu Corporation employees:

Let's start with the employee for whom the fewest results appeared, that is Cole Minerton.

The second result found for this person takes us to:

https://linktr.ee/coleminerton

Let's go to this URL address:

The website appears to contain various social media and profiles of one person. After visiting the profile of Mastodon, we can see that we are on the right way because Cole posted that Kakuu Corporation allows for "unlimited" paid time off:

So let's keep looking for something interesting. On his YouTube channel we can find a link to the Discord server:

Let's join it. On the server text channel, we can find trustly_contract.pdf file:

After downloading it and analysis we can find the flag in the text:

Flag:

utflag{discord_is_my_favorite_document_leaking_service}

To get more information about the employees I used the SpiderFoot tool, which can be found . SpiderFoot is an OSINT automation tool. I run a scan in SpiderFoot for each employee, based on their first name and surname. I obtained the following results:

🚩
here
http://puffer.utctf.live:8756