[NeoQuest2017] "MULTISPORT!" and a pink spacesuit


Continuing our series ritabou tasks from past competitions the cyber security NeoQuest2017
This time we will consider the fifth mission: ESPION

Job contained as much as 3 (over200 points). For this reason, this task has become a must-have for those who desire to be "taller"

"MULTISPORT!"


In the midst of planetary exploration of our instruments signaled the approaching storm! To get to the ship to wait out her there, we didn't have time, to ask for help was not one – the planet is uninhabited. However, we found shelter built, apparently, someone from the last expedition. To enter we need to confirm that you are its Creator, filling out a virtual form. Nothing about this mysterious tenant was unable to learn, but digging in the garbage around the house (and that in war all means are good!), we found an SD card with photos. Maybe they will help us to answer the questions? All hope for them, and that the owner was registered even in some earthly social networks, they're just a wealth of information.

To the job give us a website where you need to fill in a questionnaire about the person: name, place of residence, profession, the name of the dog, etc. Along with a link is an archive containing 200 photos from various sources on the Internet: completely different topics from food to nature, from the animals to the spacecraft.

What are we here to find? The first thing I have uploaded all photos in Picasa: scrolling through most of them, was seen a very interesting photo contain EXIF GPS:



This is clearly a sign! Quickly taking advantage of utility (thanks Betepok) to find accounts in social networks (VK, Instagram), containing photos Geotaged:

the 
python3 ./photobygeo.py -d 200 28.5233 -80.6819 1486512191 1486555391

Has been found necessary character!
Having studied his profile the following data were obtained:

the 
Name: Ivan
Name: Titov
Date of birth: 09.03.1994

For a long time thinking "What crap! it is necessary to do next?" on the wall was seen the message about the sale: "Sell space equipment from NeoSpace, a new model SNQ-17 (this year)!", with a photo of rose ("You don't see?! It's tsiklamenovy!" (C) any other girl) of the suit.

Image search in search engines yielded no results => indexing is still performed. However, the search text is found this advertisement:



Here we learn the place of residence, metro and phone:

the 
Country: Russia
City of residence: Ekaterinburg
Nearest metro station: Botanical
Phone: +7(996)7861065

Further, according to the phone number, punched it on other social networks, and encountered first on THIS page. We get:

the 
Nickname: NeoSpaceHacker
School: 130
Institute: Massachusetts Institute of Technology (MIT)
Profession: Programmer

Quote from the profile "I am a programmer and love to code in esoteric programming languages. Their projects put on public domain!" as it suggests to us that our way is on SourceForge, or GitHub on the ground of such user there, but on the second THERE.

Inside is BestProgrammEver, created for esoteric JAPANESE — Brainfuck:

the 
program displays: Space is never ends!

Further in this direction was a dead end, unlikely to search for IT-the forums will give us the name of his pet :)

Remembering that lost the SD card was a large number of images (Yes!) go to the following network: BINGO
After viewing all the photo cards we get the rest of the information:

the 
Cottage is located in Verkhnyaya Sysert'
The name of his cat: the Graviton (a good idea for nicknames IMHO)
Credit card number: 4024 0071 2387 4108

So, in fact, OSINT, and obeyed the earth!
Article based on information from habrahabr.ru

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

March Habrameeting in Kiev

Изображение
March Habrameeting in Kiev. More under the cut The meeting will be held on March 23, from 11:00 until 16:00 , coworking journal on Lev Tolstoy square. On Saturday (for those who are in the calendar have got): It is assumed seven reports (one specified). List of speakers: Ilya Kowalewski "What is Qt and what you can do with him", Namespace Oleksandr Krakovetskyy, "where's the money in mobile development?", sashaeve MS MVP Denis Aramov "cryptography Algorithms — everything is simple and how to use in practice for clients", working in EPAM Systems Ukraine Sergey Imirek "project management Methodology PRINCE2: overview and comparison with PMBOK", PM at Ciklum Dmitry Kostyuk, "the Creation of clouds — a personal experience", kostyukdv , technical Director of HostPro Dmitry Bulanov "the directory Service is: standard-standard tasks", hb860 MS MVP Andrew Cheredaryk "HP-UX platform fo
Далее...

PostgreSQL load testing using JMeter, Yandex.Tank and Overload

Изображение
a Few words to start so, this manual is suitable for those looking for a versatile Toolkit for testing large pool of systems and solving most problems on stress testing. This article is intended for beginners in this business, so I will try to Refine and simplify the process. Discuss briefly each of the elements in our bunch and move on to their primary installation and configuration: the Apache JMeter – load testing tool, which is able to carry out tests for JDBC connections, FTP, LDAP, SOAP, JMS, POP3, IMAP, HTTP and TCP out of the box and many other protocols and solutions using various plugins. the Yandex.Tank is a cloud – based tool for load testing uses different load generators, including and JMeter. the Yandex.OverLoad – the service for easy monitoring and analysis of servers under load. the Installation and configuration the key to success for proper installation of JMeter is the correct java installation. At this stage it is worth saying that all the manip
Далее...

Monitoring PostgreSQL with Zabbix

Изображение
PostgreSQL is a modern, dynamic DBMS with a very large set of possibilities which allow to solve a wide range of tasks. Using PostgreSQL as a rule refers to a very critical segment of the it infrastructure associated with the processing and data storage. Given the special place of the DBMS infrastructure and the criticality of tasks, the question of monitoring and appropriate control of the DBMS. In this respect, PostgreSQL has a wide internal means of collecting and storing statistics. Collected statistics allows to obtain quite a detailed picture about what is happening under the hood during operation of the DBMS. These statistics are stored in special system tables, views, and constantly updated. Performing regular SQL queries to these tables it is possible to obtain a variety of information about databases, tables, indexes and other DBMS subsystems. Below I describe the method and tools for monitoring PostgreSQL monitoring system Zabbix. I love this monitoring system becaus
Далее...