Nullcon Hackim 2018: OSINT1
| Event | Challenge | Category | Points | Solves |
|---|---|---|---|---|
| Nullcon Hackim 2018 | OSINT 2 | OSINT | 200 | ¯\(ツ)/¯ |
Description
Annual audits have flagged an employee who is sharing data outside the company in some secret manner. A quick OSINT revealed his personal email id, i.e. zakripper@mail.com.
Can you find the secret?
TL;DR
After few research I found a Flickr account with two childs telling a secret.
I downloaded the picture and just did a strings on it.
Lullar
First, I looked for doxing people via email address. Then I found the Lullar website.
Fif 1 - Lullar website
I entered the email address and look for ALL social media, a lot of 404 not found.
Flickr
But after a while, I found a Flickr account with this picture:
Fif 2 - Flickr
Picture analysis
After downloaded it I just made a strings on it:
$ strings 28359721879_4ed9886805_o.jpg
...
*@#|
{G@ Na
;o+%m[
l&e_zJ|..
syPpj
hackim18{'7h1515453cr3tm35543'}
syPpj
Flag
hackim18{‘7h1515453cr3tm35543’}
Maki