Hello There

task

A short time ago, in an Internet close, close by… a certain Cyber Officer definitely did not create an OSINT challenge that definitely is not hiding on a certain social media site owned by Microsoft. Do show your CTF skills by finding the (hypothetical) flag or do not. There is no try.

Author: Laura

Tags: osint

notes

Let’s look for users which have the officer role assigned on the official ACM Cyber discord server

So the target person should be one of those 5 users.

One of those users immediately sticks out after looking at the profile descriptions.

That user is Laura:

We can see, that she has linked her GitHub profile for us!

It is https://github.com/lness02/.

On her GitHub profile we find this repository:

https://github.com/lness02/definitely-not-an-osint-challenge

That is definitely the correct path for this challenge (pun intended).

In the description it says:

1
2
3

not an osint challenge

nothing to see here... move along, move along

If we take a look at the source code, there is just an index.html file which is not interesting:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

<!doctype html>
<html>
    <head>
        <title>just an ordinary website</title>
        <meta name="description" content="your run-of-the-mill website">
        <meta name="keywords" content="ordinary website">
    </head>
    <body>
        <h1>just a website.</h1>
        <p>seriously, it's just a website.</p>
        <p>...</p>
        <p>I find your lack of faith... disturbing.</p>
        
    </body>
</html>

There is nothing hidden at this stage of the main branch.

However if we take a look at the commit history there is one commit that is worth a look.

It is this commit: eb55556894fb90a0bfb34095ee14b74f3613ebc2

link: https://github.com/lness02/definitely-not-an-osint-challenge/commit/eb55556894fb90a0bfb34095ee14b74f3613ebc2

We found the flag!

Although the flag is called: flag{th1s_isn't_th3_fl4g_y0u're_l00king_f0r} , it is indeed the correct flag ;)