These writeups are for the OSINT challenges I solved while competing in UTCTF 2024 with my team, Bonzi_Brigade. This event took place from 30th March - 01st April. Our team scored 4045 points in total and came 135th our of 854 teams.

OSINT 1

Author:

mzone (@mzone on discord)

Solves:

202 

Description:

It seems like companies have document leaks all the time nowadays. I wonder if this company has any.

(NOTE: It turns out there's also an actual company named Kakuu in Japan. The real company is not in scope. Please don't try and hack them.)

Hints:

Hint 1: You're looking for a leaked document. You won't find it on their website.

Hint 2: Accounts online associated with the scenario should be (fairly) distinguishable.

A site was hosted for the company Kakuu Corporation and was provided with the challenge. Visiting this site we find that there is a list of employees provided.

With these names we can pass them over to Sherlock to check for accounts that may belong to any of these employees.

python3 sherlock.py <username>

Checking out the Mastodon account for Cole Minerton we see that there is a mention of Kakuu Coporation.

Now that we know that this is the right account we can visit the LinkTree provided on the Mastodon account and see what is available.

We will see that there are accounts on Twitter, Reddit, YouTube, and Mastodon linked.

Checking out the YouTube account we find that there is a Discord link provided.

Following this link gives us access to a Discord server called Cole’s Hangout. Scrolling through the chat we will see that Cole mentioned getting a client to sign a contract and uploaded a document.

The flag is provided on the second page of this leaked document.

Flag:

utflag{discord_is_my_favorite_document_leaking_service}

OSINT 2

Author:

mzone (@mzone on discord)

Solves:

141 

Description:

Can you find where the person you identified in the first challenge lives? Flag format is City,State,Zip. For example, if they live at UT Austin submit Austin,TX,78712.

Do not include any spaces in your submission. The submission is also case sensitive, and works with or without utflag{}. 

Hints:

Hint 1: Follow the storyline.

Hint 2: All in scope accounts follow the same naming convention. Once you've reached a centralized location any sites you need can be reached in at most 3 clicks.

Coming back to the Mastodon account for Cole Minerton, we see that he has mentioned having a great time at Angel Fire and he plans to visit tomorrow. Since he is planning to visit the next day, it is likely that he lives in the area.

Searching for Angel Fire, we will find that there is a village in the State of New Mexico by that name.

Cole made another post to Mastodon at some fuel pumps before going on a long distance drive.

The image provided has some clues to the location where the picture was taken. First we can confirm that it is likely to be New Mexico as there is a lottery advertisement for the state.

Secondly, We see that there is a street sign showing Cimarron Ave. This gives us a state and street.

Going to Google Maps and searching for Cimarron Ave we see that there are three places in New Mexico with that name.

Dropping into street view we can look around the areas identified. Looking in the following location we see an area that looks familiar:

Google Maps street view in Raton

This provides us with a location of Raton, New Mexico. Searching for the zip we see that it is 87740.

Flag:

Raton,NM,87740

OSINT 3

Author:

mzone (@mzone on discord)

Solves:

96

Description:

Can you find the person's IP address? Flag format is XXX.XXX.XXX.XXX

Hints:

Hint 1: If you wound up on another (unrelated) discord server, then one of the sites you visited is too new.

Hint 2: All in scope accounts follow the same naming convention. Once you've reached a centralized location any sites you need can be reached in at most 3 clicks.

Looking at the YouTube video Cole has posted, we see a comment where he mentions that he is interested in speedrunning a game called TinyIsland. Cole mentions that there is no wiki yet and that he will create it.

Checking out the Reddit account listed on LinkTree we see that Cole is the new moderator of the tinyislandsurvival subreddit. On the right side of this page we that there is a wiki listed.

On the page we see that we have the option to view the history.

Looking at the history we see posts from Coleminerton and then an IP address appears in the contributions.

Flag:

181.41.206.31