ok let’s start hunting
First let’s see what he wants
Hello everyone, today’s challenge is about OSINT and how to benefit from it. This is the only picture I have. The goal is to give me access to Marina’s information in her private server, for example, in below
http://<IP>/<code_html>
soo we need get server and in the last some kind of fuzz
We set the goal, let’s see what we have
He did not ask for the source of the photo or its geographical location, so let’s see what we can do
i try Steghide but nothing try Binwalk
In fact, I wasted a lot of my time reading it this Copyright
i was thinking is there anything in this but nah nothing it’s was just read the string of this image
This also its was simple solution but i was overthinking
soo Therefore, I wanted to explain to you the most important things that can be done in such challenges
After reading the strings we found this email, I read the strings more than once but didnt find any thing just this
I used some tools to check whether the email was registered in one of the social media accounts, but there was no result, which increased the difficulty a little
So, I had an idea after reading the email that it had name and numbers
Maurus16127274@gmail.com
I searched for this name and numbers on all social media platforms
We caught something
I took into consideration the previous image, so I downloaded this image and try find something but no results
soo i looking in following and followers and likes
and We caught something
Until now, I was not convinced that the two accounts had anything to do with the challenge, so I came up with an idea outside the box
It occurred to me to look for the date the accounts were created and the email to register with them and see if they are close or not
first @Maurus1612727 and @Aleksandr821697
so lets back to challnge
It turns out that the language is Russian so after translation
i found this
This is a photo of me and my wife. I got married at 22, I’m 27 now and I may have a big house, but I don’t know why my friend Maurus likes to use simple passwords. This password is often used by Maur@s1989.
Soo i try login in gmail and its work
i find this msg
to aleksandr821697Привет, мой друг Александр, пожалуйста, позаботься о моих аккаунтах, потому что я не знаю, как обращаться с социальными сетями. Через две недели я собираюсь в Италию с женой и не хочу, чтобы кто-нибудь что-либо о ней знал. Я доверяю вам и сообщу вам ее имя и некоторую информацию о ней.
Name: Znevan
Date of birth: Hxd ljw orwm xdc cqn jpn kh lanjcrwp j fxamurbc
Pin: rfc dgpqr jcrrcpq gq cgrfcp y jmucpayqc mp snncpayqc jcrrcp, ylb rfc lcvr rfpcc lskzcp ypc bgegrq.
All information above is encrypted or encoded. However, I believe encryption is different. And my password method too
<NAME>_<Date_of_birth>_<Enter_the_PIN_Value>.html
Ahmed_1970_y911.html
http://128.199.4.167/Ahmed_1970_a000.html
another example
http://128.199.4.167/Ahmed_1970_Z999.html
nice catch we get the ip now and he give us example for the flag
from this example we can see its
ip/name_date_{alphabet}{3number}
let’s decode or decrypt this message
for the name its was just rot
and this is the Date of birth but i have another way to get the date
Here he Replies to tweet he say
I married Marina three years ago, when she was 23 years old.
soo this tweet was in 2024 and he married Marina three years ago in 2021 , when she was 23 years old. soo now well be 26
2024–26=1998
nice now we know the name and the date
ip/name_date_{alphabet}{3number}
http://128.199.4.167/Marina_1998_ab.html
a= all alpha bet
b= 3 number
soo i creat simple code python to creat world list to fuzzing
It’s really a big catch
Congratulations, you have won the OSINT challenge. This is information about Marina
