CTFZone Quals | OSINT | Hamsters are taking over the World
This was the OSINT challenge with the least solves in CTFZone Quals. We were given an email ronaldhamst_xyz@gmail.com and told that there is a mistake somewhere. This is all we had, I tried different combination by substituting different alphabets in the _ place but I got no valid email. Then I thought it might be that ronaldhamst_xyz is a domain so I tried ronaldhamst.xyz and it came up to an actual website.
The website contained some text along with 2 hyperlinks, one to a YouTube video and one to a blog page.
https://dzen.ru/a/XiSaoexXWwCtO2ww?utm_referer=www.google.com
After looking into it for quite a while, I considered this a dead end. That’s where I hit an idea to dork for 5 of the hamster names that were highlighted in the text.
This seemed helpful
Here we found an email address as well:
By closer inspection, I looked into its source code and found a link to a Facebook profile.
This opened to a profile named Oliver Lee
By roaming around the profile, I found a relevant post.
Now this talked about how Oliver changed this code. Direct changes in the code were not possible through commits on this tool as I checked all the contributors of this tool.
I got an idea to check if some user had forked it in last 2 weeks and thankfully I found one.
I was pretty sure this was Oliver Lee’s ID as this ID was made just few weeks ago and had only 1 fork of the repository we were looking for.
I checked the commits and changes made into the code as the Facebook post talked about how he changed this tool for his friends.
and lucky enough, it had the flag.
Decoding this through Base-64 gave me the flag.
Finally the flag was:
ctfzone{Y0u_have_fu0nd_the_flag_0f_2_hamsters}
Thank You for reading this till the end. Make sure you follow me on Medium.
