OSMOSIS CTF 2024 - Writeups

About : OSMOSIS Institute is the governing body of OSMOSIS — An Association for Open-Source Intelligence (OSINT) Professionals. So here I am sharing on how I’m solved some of the challenges.

Warmup

1) The “Tool And Resource”

Material

Material for this challenge and a few others chall can be obtained at the Tools And Resource page :

Solution

To solve this, im using online photo forensic tools (https://29a.ch/photo-forensics/#forensic-magnifier), using the Magnifier with Histogram Equalization function on the yellow spot, you can get the Flag.

Flag : FLAG{HErE}

2) Who Is Calling

Material

Solution

To find the press released date for the mobile phone in the material, first we need to identify what is the model of the phone, I was an Mobile Phone Repair Technician before, so it was quite easy to identify the phone model. Either Iphone 4 or Iphone 5

Find the press released date for both model and tried as a flag and you got it, the flag is : FLAG{26/06/2010} <– Iphone 4

3) A Great Detective

Material

Solution

This challenge solution is so straight, just focus on the magnifier glass handler in the material, you will clearly see the name of the owner “Holmes”, a great detective last name is “Holmes”? who was it? one and only “Sherlock Holmes”

Flag : FLAG{Sherlock Holmes}

Day 1 Of The CTF

1) The E-mail

Material

TheHeader.pdf (just put the header,the rest of the file is the same in the chall description)

Solution

To solve this challenge, we need to find the city of the origin where the email come from, as you can see in the material, the email header got an ip address , use an ip lookup tools on the ip address and you will get the origin city, submit as the flag and you solve the chall.

Flag : FLAG{Dallas}

2) Im Feeling A Dark Vibe

Material

Solution

To find the flag which is the infamous date that associated with the material, I reverse the material a got some lead that said The “X” marks on the road located at Daelas Plaza was the mark where the Assassination of John F. Kennedy happen. So search for the Assassination of John F. Kennedy on google, you will get the date of the assasination

Flag : FLAG{22/11/1963}

3) The Alert

Material

https://www.mrsosint.com/

Solution

Visit the site, On the The Briefing Room tabs there is a topic called The Unicorn, The OG and The Academy, read The OG section to get the info regarding The OG. information that we could collect from the reading such as She (A woman), Led The Academy (Could be kind of CEO or Chief of the academy, Look for her in Linkedin (She have linkedin account). What academy is also mention on The Academy section which is the Osmosis Association.

With the info collected, jump in to linkedin and find the academy account, look into the people tabs, find any staff with the CEO or Chief title. Found her !.

Use her full name as the flag. Flag : FLAG{Cynthia Hetherington}

Day 2 in The CTF

###1) Pranskters

Material

1) https://yourwellhallresortandspa.my.canva.site

2)

Solution

To solve this challenge, we need to find the password of the website. The password must be somewhere inside the cat image some kind of steghanography. Use Steg tools to decode the image, result in image below. As you can see the head of the output is the one and only strings that readable so maybe that is the password. I try using it as a password, and yup got it.

FLAG{MB4g.kC”}

2) The Website

Material

https://yourwellhallresortandspa.my.canva.site/

Solution

Solution for this chall is quite easy, in the website, just scroll down until you see the page that have many guitar as mentioned in the chall description.

Flag : FLAG{Tech Glitch}

Day 3 In The CTF

1) Plan B

Material

Solution

For this challenge, i use a bit gamble way, Since the flag is the country. I paste the material in GeoSpy, this tools usually can easilly detect the origin country of the image.

Flag : FLAG{THAILAND}

Mr.Osint

Material

https://mrosint.com/

Solution

To solve this challenge, visit the link given in the challenge description you will lead to the website consist of a few bunch of numbers, look like a message, take the number and bake it using cyberchef, decrypt the message.

The message ask us to find the flag on the secret directory called robots.txt, so let move on the diretory and yup got the flag.

Flag : FLAG{Found Me!!}

3) Who Is The Real Diva

Material

https://dfirdiva.com/free-affordable-training-news-monthly-july-aug-2024/

Solution

For this chall, we need to find the new zimmerman without the glasses and DFIR Experts, in the page, look at the left side, you can see twitter post that DFIR Diva retweet. One of the post mentioned @AlexisBrignoni, i visit the account mentioned, the Profile images is quite interesting, an Sunglasses with DF on left side and IR on the right side. Maybe he is the one. Let Try and Error.

Use his name as our Flag and yup got it. Flag : FLAG{Alexis Brignoni}.

4) The Books

Solution

For this chall, visit osmosis association organization website and go to the Events tabs. Right after the CTF Ended, there is one upcoming event.

FLAG{OSMOSISCon Award Nominations Close}

Bonus

Bonus 1

Solution

Use the same material in the warmup section The Toolbox image, Zoom in on the toolbox to find the first name of the toolbox onwer

FLAG{Frankie}

Bonus 2

Solution

Go to List of signature wikipedia website, use CTRL+F function to find the file type that use ÿØÿà magic number and we got the flag

FLAG{.JPEG}

Bonus 3

Solution

Search for Virtual Librarian on google give us many link associate to that keywords, but only one link caught my eyes which is http://www.virtuallibrarian.com/. Visit the website

FLAG{1992}

Bonus 4 [First 🩸}

Solution

Copy paste the chall questions in google will result a few link associate to it.

The second link, The Linkedin one, mentioned someone known as Margarita G, find her linkedin account and use her name as the Flag and yup solve it. FLAG{Margarita Giron}.