Skip to content
ivan tung

Beginning of a Journey

Description

CTF: Whitehacks 2022

Author: Hartanto

Difficulty: Easy

Welcome to OSINT! The challenges in this category will enable you to learn more about OSINT, and reflect on your internet activity traces.

Here’s your first challenge. One of our friends, Lewis, is a Computer Science student at SMU School of Computing and Information Systems who is majoring in cybersecurity. Unfortunately, we haven’t heard from him in a couple of weeks.

Let’s see if we can find something on his Twitter account. Not really sure what is his username though. But I do recall his full name is Lewis Chan and that his birthday is on the 6th of January. Oh, and he really hates cryptocurrency. I think he said that it is a Ponzi scheme or something.

Note: Making any contact with any individuals is out of the scope of this challenge. You wouldn’t want to alert someone that you’re investigating them right?

Solution

Pwned by @skytect

Since he has a Twitter account, let’s try doing a simple Twitter search. If we scroll down a little, we’re able to find a very sus profile.

twitter search

In the profile, there’s a very sus pinned tweet.

Remember, when posting an image, make sure you have alt tags for accessibility.

There seems to be only one image on the account.

Doge

If we Inspect Element the image’s source code, we get:

<img
  alt="Cybersecurity meme about password managers. WH2022{s0c1al_m3d14_4dv3ntur35}"
  draggable="true"
  src="https://pbs.twimg.com/media/FI-aw7IaUAAbbUn?format=jpg&amp;name=small"
  class="css-9pa8cd"
/>

We find the flag in the alt attribute.

WH2022{s0c1al_m3d14_4dv3ntur35}