OSINT - CTF - MCS

Solutions for the OSINT CTF challenges conducted by Menina de Cyber Sec and Hack in Cariri in August 2024.

The Trip of My Dreams

https://hackincariri.s3.amazonaws.com/meninadecybersec/osint/desafio+1/OSINT-easy-01.jpeg

The trip of my dreams

“The photos from the trip turned out amazing!” This is the photo of where we had a snack after a long walk through the city. The flag is the name of the establishment where the cat is coming out of. Example: MCS{PLACE_OF_THE_PHOTO}

Points: 50

The image below has the first clue for location, which is the Instagram of the place.

After a quick search on Instagram and looking at the profile, you can find the full address and the name of the place Cafe Paulette.

Which City

It’s important to know a bit of history, sometimes to not repeat mistakes, sometimes to replicate successes. This city hosted a large part of Hacking history and is your first clue to finding the character at the center of this story. The flag will be the name of the person in the format FIRSTNAME_LASTNAME. Example: MCS{FIRSTNAME_LASTNAME}

Points: 300

https://hackincariri.s3.amazonaws.com/meninadecybersec/osint/desafio+4/wherelegendborn.png

Using Google Images, you can find the location of the photo and quickly search on Google to learn some hacking history. This leads to the name Kevin Mitnick.

The Eiffel Tower is Beautiful!

My trip to Paris was a bit strange. As a good hacker, I brought the flag as a souvenir from there. But you’ll have to retrieve it yourself, take this photo as a clue. The flag should be submitted in the format MCS{YOUR_FLAG_HERE}

Points: 350

https://hackincariri.s3.amazonaws.com/meninadecybersec/osint/desafio+5/morri.jpeg

Analyzing the image metadata, you can find a username @abellio356.

After that, using tools to search for usernames like Instant Username Search, you can identify some possible profiles on networks.

On the profile of X, a message in Base64 stands out.

After decoding it, you can find the flag.

What Game Was That?

Name of the stadium where the match was played? The flag would be the concatenation of the date and the stadium name. Example: MCS{DDMMYYYY_STADIUM}

Points: 150

https://hackincariri.s3.amazonaws.com/meninadecybersec/osint/desafio+2/OSINT-easy-02.jpeg

To discover which game this was, you first had to identify the team names by their abbreviations LIV and PEÑ through a brief Google search.

Then, by analyzing matches between these two teams, it was possible to find the date of the match and the location.

Hack In Cariri

I know what Hack in Cariri did on January 19th, but do you? The flag must be submitted in the format MCS{YOUR_FLAG_HERE}

Score: 800

This flag involved joining the WhatsApp community of the CTF. Upon analyzing the data, there was a possible hint.

After that, it was just a matter of going to Instagram and searching for the post from that day to find the flag.

Brazil 🇧🇷

Samuel recently visited some places in Brazil; he always leaves good reviews. The flag must be submitted in the format MCS{YOUR_FLAG_HERE}

Score: 200

https://hackincariri.s3.amazonaws.com/meninadecybersec/osint/desafio+3/ponte.png

Using Google image search, it was possible to find the exact image and the name of the location.

Analyzing the comments on the location name, it was possible to find the flag.

Menina de Cybersec

And what has Menina de Cybersec been up to? Are you keeping up with our events? The flag must be submitted in the format MCS{YOUR_FLAG_HERE}

Score: 800

This flag involved joining the CTF Discord server, where the flag could be found.

All challenges completed: