Dangerous Volcano
Description
Hi there Bob,
There is this rival IT Security company called securityZilla, that is undermining our contracts with some dirty tactics and we don’t want to go out of business because of them.
I’m taking you off the Fancy Mamba case, and from now on your task is to find out something compromising about this firm. Their public website is https://securityzilla.secchallenge.crysys.hu.
The codename of the project is Dangerous Volcano.
Report to me when you find something,
Dan
Note: This is not a web challenge!
Also, any connection with last year’s Lost & Found challenge or with any twitter, github or flickr user profiles, is purely coincidental.
- Author: veloxer
Solution
Just from the description, it is clear, we are looking at an OSINT challenge.
Scanning through the site, we can see an email address connected to Janos Nagy: themrbigjack@gmail.com.
Without thinking I added this to my address book, a habbit I picked up after miserably failing last years OSINT challenge. Since this did nothing I started thinking and realized, I have seen something like this before. There is/was a challenge on HTB, which used the same technique, Google ID.
Scraping the ID from the hangouts website, we can use it to look for entries of the user on the google map for example, and luckily for us, we found this:
<div oid="101442286581498986047" email="themrbigjack@gmail.com" data-element-width="399" data-show-on-right="true" style="position: absolute; left: 81px; top: 679.5px; width: 399px;" data-hovercard-id="themrbigjack@gmail.com" data-hovercard-align="h" data-hovercard-owner-id="6"></div>
Using the oid from the previous html element, we can search the google map, and find this.
Looking at the image, we can see, its using a software called AnkiWeb. Its a kind of learning-card app, where you can share your Deck online with others. And by the looks of it, Mr. Big Jack just shared his top secret learning deck with us. Downloading the app, and getting the shared deck, which is visible on the image, we can flip through the deck, and the flag is ours:
cd22{HIDDEN}