├── .gitignore ├── Achievements.md ├── Challenges ├── Files │ ├── by_a_thread_1.png │ ├── by_a_thread_1_alycee-tax-public.pdf │ ├── by_a_thread_2.jpg │ ├── by_a_thread_2_alycee-tax-private.pdf │ ├── clocking_overtime.PNG │ ├── contact_tracing_1.jpg │ ├── contact_tracing_2.jpg │ ├── contact_tracing_3.jpg │ ├── contact_tracing_5.jpg │ ├── contact_tracing_6_fine.jpg │ ├── contact_tracing_6_license.jpg │ ├── contact_tracing_7.jpg │ ├── curious_case_of_covid.mp4 │ ├── lies_&_treason.pdf │ ├── pretty_fly_for_a_wifi.png │ ├── wfh_part_1.mov │ └── where_is_wuhan_2.jpg ├── General │ ├── Curious Case of COVID.md │ ├── Fake News.md │ ├── Lies & Treason.md │ ├── Static on the Wire.md │ ├── Trojan Horse.md │ ├── Where in the world is Wuhan - Part I.md │ └── Where in the world is Wuhan - Part II.md ├── README.md ├── Social │ ├── By A Thread - Part 1.md │ ├── By A Thread - Part 2.md │ ├── Clocking Overtime.md │ ├── Contact Tracing - Part I.md │ ├── Contact Tracing - Part II.md │ ├── Contact Tracing - Part III.md │ ├── Contact Tracing - Part IV.md │ ├── Contact Tracing - Part V.md │ ├── Contact Tracing - Part VI.md │ ├── Contact Tracing - Part VII.md │ ├── Pretty Fly for a WiFi.md │ ├── WFH (EoM) - Part 1.md │ ├── WFH (EoM) - Part 2.md │ ├── WFH (EoM) - Part 3.md │ └── You've heard of elf on the shelf, but what about the proliferation of COVID-19.md └── Tutorial Island.md ├── Host CTF ├── CYBAR OSINT CTF EXPORT.zip ├── Files │ ├── screen_1.PNG │ ├── screen_2.PNG │ └── screen_3.PNG └── README.md ├── README.md ├── Results.md └── scoreboard.PNG /.gitignore: -------------------------------------------------------------------------------- 1 | .obsidian 2 | -------------------------------------------------------------------------------- /Achievements.md: -------------------------------------------------------------------------------- 1 | # Achievements 2 | * ✔ Friendly Old Chap: Introduced your team in #intro on the Discord channel (5 points) 3 | * **Everyone** 4 | * ✔ First Blood: First team to solve a challenge other than the tutorial (10 points) 5 | * **Yar!** 6 | * ❌ It's Lonely at the Top: Awarded to any team that is the only solver of a single challenge (100 points) 7 | * ✔ Speedrunner: First team to get 1000 points in the first 1 hour (25 points) 8 | * **The Mallows** 9 | --- 10 | * ✔ (Due to a heated crowd-sourced petition demand) Democracy Manifest: Most EPIC google search! (0 points) 11 | * **Teh_ROkER** 12 | --- 13 | * ❌ Helping: Any team to submit ANY challenge-breaking bug that we fix. Ouch. (15 point) 14 | * ❌ Spoiler Alert: Awarded to any team that puts spoilers or hints on #chat (-100 points) 15 | --- 16 | * ✔ Sasaeng: First team to complete all "Contact Tracing" challenges (15 points) 17 | * **Noroff University College** 18 | * ✔ GEOhot and Proud: First team to solve all Geospatial challenges (25 points) 19 | * **Knowing and the Known** 20 | * ✔ Social Butterfly: First team to solve all challenges in the Social category (25 points) 21 | * **Royal Emu Artillery** 22 | * ✔ Somebody Stop Them: First team to solve all challenges in the General category (25 points) 23 | * **Knowing and the Known** 24 | --- 25 | * ✔ Dancing Like an SSLStripper: First team to solve all challenges (75 points) 26 | * **Knowing and the Known** 27 | * ✔ Dancing Like a Tucan: Second team to solve all challenges (50 points) 28 | * **V01DSQUAD** 29 | * ✔ Dancing Like a Milworm: Third team to solve all challenges (25 points) 30 | * **cs** -------------------------------------------------------------------------------- /Challenges/Files/by_a_thread_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/by_a_thread_1.png -------------------------------------------------------------------------------- /Challenges/Files/by_a_thread_1_alycee-tax-public.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/by_a_thread_1_alycee-tax-public.pdf -------------------------------------------------------------------------------- /Challenges/Files/by_a_thread_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/by_a_thread_2.jpg -------------------------------------------------------------------------------- /Challenges/Files/by_a_thread_2_alycee-tax-private.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/by_a_thread_2_alycee-tax-private.pdf -------------------------------------------------------------------------------- /Challenges/Files/clocking_overtime.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/clocking_overtime.PNG -------------------------------------------------------------------------------- /Challenges/Files/contact_tracing_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/contact_tracing_1.jpg -------------------------------------------------------------------------------- /Challenges/Files/contact_tracing_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/contact_tracing_2.jpg -------------------------------------------------------------------------------- /Challenges/Files/contact_tracing_3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/contact_tracing_3.jpg -------------------------------------------------------------------------------- /Challenges/Files/contact_tracing_5.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/contact_tracing_5.jpg -------------------------------------------------------------------------------- /Challenges/Files/contact_tracing_6_fine.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/contact_tracing_6_fine.jpg -------------------------------------------------------------------------------- /Challenges/Files/contact_tracing_6_license.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/contact_tracing_6_license.jpg -------------------------------------------------------------------------------- /Challenges/Files/contact_tracing_7.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/contact_tracing_7.jpg -------------------------------------------------------------------------------- /Challenges/Files/curious_case_of_covid.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/curious_case_of_covid.mp4 -------------------------------------------------------------------------------- /Challenges/Files/lies_&_treason.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/lies_&_treason.pdf -------------------------------------------------------------------------------- /Challenges/Files/pretty_fly_for_a_wifi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/pretty_fly_for_a_wifi.png -------------------------------------------------------------------------------- /Challenges/Files/wfh_part_1.mov: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/wfh_part_1.mov -------------------------------------------------------------------------------- /Challenges/Files/where_is_wuhan_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Challenges/Files/where_is_wuhan_2.jpg -------------------------------------------------------------------------------- /Challenges/General/Curious Case of COVID.md: -------------------------------------------------------------------------------- 1 | # Curious Case of COVID 2 | Category: GENERAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{151 access}` 7 | 8 | Points: 725 9 | 10 | Difficulty: Very Difficult 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Real (Trace Labs Missing Person) 15 | 16 | ## Summary 17 | Connect physical attributes that are moving/blurry with real locations in the wild. Use directional and navigational skills to orient oneself into the position of the vehicle, and then identify y our position. 18 | 19 | ## Description 20 | We've received a report that a roomba has been detected travelling through Texas, USA. All we know is that they're likely between Houston, San Antonio or Austin. Which one, we don't know. 21 | 22 | All we have is a video taken from inside the moving vehicle. You need to piece together the sourroundings to give us the exact road name they were travelling on. 23 | 24 | Here is the recorded video: https://mega.nz/folder/E1lXzZYa#lZawGxAgr57-IKJPR8znhQ 25 | 26 | For example, 16 Maple street would be: {16 Maple} 27 | 28 | Flag format: `CYBAR{x x}` 29 | 30 | [NOTE]: There are 5 attempts allowed for this challenge. If in doubt, PM a mod! 31 | 32 | ## Solution 33 | Search all rollercoasters (yes, you probably tried bridges and sprinklers too!) until you find one that is similar, in the area of Houston, San Antonio or Austin. Can chop up video frame by frame to identify their general charastersitcs. Then assess design and street view attributes, before looking at folioge, street signs and lightpoles to line up the distance with the video. Once this is done, identify your location and note that if is the particular street as TEXAS 151 Access Road. 34 | 35 | ### Long Version: 36 | One of the videos has her singing in the car and a rollercoaster in the background, it was the San Antonio Sea World rollercoaster. 37 | 38 | Yeah I thought it was a bridge but inverted the colors and saw the zigzag in the middle. Went thru all bridges and rollercoasters in TX but noticed from a google search it looked similar at Sea World. 39 | 40 | https://www.google.com/maps/@29.4557201,-98.6885318,3a,57.5y,236.21h,89.36t/data=!3m6!1e1!3m4!1seoQf_Fu56zlyX8994uEu0g!2e0!7i16384!8i8192 41 | We can tell from this image in the video the vehicle is travelling on Access 151 Rd, San Antonio Texas. 42 | 43 | 1. The SeaWorld rollercoaster is in the background of the video. It has the same number of rungs and central platform zig-zag steps as in the video. 44 | 2. There is a stop sign in the location which is also appears in the video. 45 | 3. There is a sign for "inline retail & pad sites" in the video which is also at the location on that road. 46 | https://www.google.com.au/maps/@29.4557201,-98.6885318,3a,75y,250.78h,95.4t/data=!3m6!1e1!3m4!1seoQf_Fu56zlyX8994uEu0g!2e0!7i16384!8i8192 47 | 4. The same lightpoles exist in the video as with the geographical reference. 48 | 49 | ## Intended Tools 50 | Google Street View 51 | Google Earth/Maps 52 | Search Engines 53 | Video/Image Editing Software 54 | 55 | ## Included Files 56 | [Recorded Video](../Files/curious_case_of_covid.mp4) 57 | 58 | 59 | # Community Submissions 60 | 61 | ## Team cs 62 | 63 | 1. Our team started off by downloading the video because when you tried to pause on the web browser the video would continue to play. 64 | 65 | 2. We then went through the frames and found the two most prominent features, a bridge like structure and a white sign. 66 | 67 | 3. I started by looking up telephone tower’s and bridges within the Austin, Houston and San Antonio areas. 68 | 69 | 4. When this didn’t work I also went down random streets on Google Maps street view to see if I could see anything that resembled the structures in the video. 70 | 71 | 5. One of our team members mentioned that it could possibly be an amusement park and not a bridge. 72 | 73 | 6. I continued to search for bridges on Google Images and noticed that it would have to be built straight into the ground as it did not have an arch over anything. I googled “On ground bridge San Antonio” which brought up several bridge images and a photo of Steel Eel Seaworld which had a cross in the middle of the rollercoaster frame. 74 | 75 | 7. Continued to Google “Steel Eel Seaworld” and found that it was situated in San Antonio, I then clicked on nearby streets on Google Maps street view to see if it shared any resemblance to the video. 76 | 77 | 8. And then found Texas 151 as the closest location :). Thanks again for the amazing event, looking forward to any others you guys might do in the future! 78 | 79 | ![1](https://cdn.discordapp.com/attachments/718806854448316426/719103325752131615/6478268f8ab64935912edcb6b8944110.jpg) 80 | 81 | ![2](https://cdn.discordapp.com/attachments/718806854448316426/719103380835926046/Screen_Shot_2020-06-07_at_4.15.42_pm.png) 82 | 83 | ![3](https://cdn.discordapp.com/attachments/718806854448316426/719103494577061918/Screen_Shot_2020-06-06_at_11.47.38_pm_copy.png) 84 | -------------------------------------------------------------------------------- /Challenges/General/Fake News.md: -------------------------------------------------------------------------------- 1 | # Fake News 2 | Category: GENERAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{14}` 7 | 8 | Points: 650 9 | 10 | Difficulty: Medium 11 | 12 | Status: Playable after CTF ends 13 | 14 | ## Summary 15 | The number of people in certain areas around the city are tracked, recorded and available for public view. These are sensors provided by the City of Melbourne. 16 | 17 | ## Description 18 | We've just received a report of The Daily News publishing an article that is causing a lot of concern and fear in the public. Given its wording and theme, we are sure it's fake news generated by the Roomba. However, TDN will not disclose their source. Here's the article, we need you to find the exact number of people that went through Southern Cross Station at the exact time referenced so we can determine if the article is fake. SX Station has released a statement saying that all footage of that night has been deleted so we can't rely on visuals. 19 | 20 | Article text: **"Wild scenes as 40 people confirmed to be infected with COVID-19 ran through Southern Cross Station at 4:00am on Friday, the 28th of February 2020. The frightening witness account has caused panic buying at stores around the country as people prepare to stay indoors. Our source confirms they were the only witness and that this infectious routine could be happening at other major transport venues through the country without the public's knowledge."** 21 | 22 | Find the exact number of pedestrians that walked through Southern Cross Station that morning at 4am, on Friday, the 28th of February. 23 | 24 | Flag format: `CYBAR{x}` (digits only) 25 | 26 | ## Solution 27 | Look up ways to count pedestrians in Melbourne. Players will find the Pedestrian Counting System and then locate the sensor for Southern Cross Station, and change the date and time accordingly: 28 | http://www.pedestrian.melbourne.vic.gov.au/#date=28-02-2020&sensor=Col700_T&time=4 29 | 30 | ## Intended Tools 31 | Search Engines -------------------------------------------------------------------------------- /Challenges/General/Lies & Treason.md: -------------------------------------------------------------------------------- 1 | # Lies & Treason 2 | Name: Lies & Treason 3 | 4 | Category: Financial OSINT 5 | 6 | Type: Automatic 7 | 8 | Flag: `CYBAR{THERESA}` 9 | 10 | Points: 450 11 | 12 | Difficulty: Medium 13 | 14 | Status: Playable after CTF ends 15 | 16 | Real Person or Ficticious: Real 17 | 18 | ## Summary 19 | Even with the ASIC website down during the CTF, players have to try and find key information that might be revealed through various business/corperate information registers. 20 | 21 | ## Description 22 | An email comes in from a Threat-Intelligence lead in France. Apparently, in a routine Occupational Health & Safety (OH&S) check, inspectors found a warehouse stacked to the roof of roombas. Fortunately, none of them had been pre-loaded with consciousness, but when police arrived on the scene the entire stock was gone. 23 | 24 | Fortunately, the warehouse's company was tracked down to an expensive suburb in Sydney's harbour district. **"CYBAR PROPERTY PTY. LTD"** The TI is only a junior and mentions they've done a quick search of the owner - Lillie - but can't find any more information. A laptop found in the French warehouse requires a password and we NEED to find if there are any other Australian warehouses owned by Lillie storing potentially dangerous roombas. 25 | 26 | The TI has left you a voicemail: **"The password hint on the laptop is 'my middle name'. Can you grab the current company information and see if the records contain her middle name? I'm sorry, but no one's going to expense you on this one, you gotta find it yourself. Goodluck"* 27 | 28 | ## Solution 29 | Official: Find the ABN/ACN of the company "CYBAR PROPERTIES PTY LTD". Once found, visit the ASIC register information and purchase the $9 company information record. Lillie Cawthorne's middle name is listed within the document on page 2. 30 | 31 | Unofficial: 32 | 1) Various other business/corp sites that list this, including one of her book deals. 33 | 2) Her middle name could also be found in the WHOIS data of her website www.themoneyfactory.com.au 34 | 35 | ## Intended Tools 36 | ABN Search 37 | ASIC Register 38 | Google 39 | 40 | ## Included Files 41 | [ASIC Company Extract](../Files/lies_&_treason.pdf) 42 | -------------------------------------------------------------------------------- /Challenges/General/Static on the Wire.md: -------------------------------------------------------------------------------- 1 | # Static on the Wire 2 | Name: Static on the Wire 3 | 4 | Category: GENERAL 5 | 6 | Type: Automatic 7 | 8 | Flag: `CYBAR{KG4RFV}` 9 | 10 | Points: 175 11 | 12 | Difficulty: Easy 13 | 14 | Status: Playable after CTF ends 15 | 16 | Real Person or Ficticious: Real 17 | 18 | ## Summary 19 | Posting license plate details are almost as bad as posting HAM radio callsigns - they're also able to be looked up online. 20 | 21 | ## Description 22 | Roombas everywhere are using social media to try and spread COVID propaganda about 5G infecting the public...basically saying people will start emitting Wi-Fi radiation. 23 | 24 | However, a new tactic has just hit our radar. We've just received reports of propaganda spreading through amateur radio. We're unsure of the call-sign, but the caller reported the following statement: 25 | 26 | "I was on the phone to my wife in Florence, Alabama. In the background of her HAM radio, I heard someone calling himself 'Scotty' in some weird-ass robotic voice, clamoring on about that 'demic giving everyone 5G and sorts." 27 | 28 | That's all we have to go off for now. Find the call-sign and submit it to us so we can start tracking down their home address. 29 | 30 | Flag format: `CYBAR{x}` 31 | 32 | ## Solution 33 | Go to the FCC or HAM radio license search look up. Filter by Alabama and the town of Florence. Find someone with "scott" and go from there. 34 | 35 | e.g. https://wireless2.fcc.gov/UlsApp/UlsSearch/searchAmateur.jsp 36 | 37 | ## Intended Tools 38 | N/A -------------------------------------------------------------------------------- /Challenges/General/Trojan Horse.md: -------------------------------------------------------------------------------- 1 | # Trojan Horse 2 | Category: Geospatial OSINT 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{SWAGS}` 7 | 8 | Points: 125 9 | 10 | Difficulty: Easy 11 | 12 | Status: Playable after CTF 13 | 14 | ## Summary 15 | Players should use directional and navigational skills to locate a horse. When faced with partial information, think outside the box to get an answer from all angles. 16 | 17 | ## Description 18 | It's 12:57am. You get an SMS from your red team manager - **"Hey, we have a situation... Call me."**. 19 | 20 | Stepping out of bed and into the sleepy lights of the city, you tighten your hoodie and hit call. - **"Hey. So a crime-stoppers report just came in, and apparently a passerby spotted a roomba trying to implant a consciousness into a... yeah this is going to sound weird... horse. Said something like 'the horse had a name on its side', but couldn't remember what. He said it was no more than 200m past the BP Petrol station in Mansfield, VIC on his way to Mt Buller. Located on the side of the road. Find the horse, find what name was on its coat. Once you've done that, we can put out an All-Points Bulletin for it."** 21 | 22 | Find and submit the name on the horses' coat to notify local law enforcement in the area. 23 | 24 | ## Solution 25 | Use google maps to find the BP Station at Mansfield. Looking in the direction of Mt Buller, use street view to virtually 'walk' down the street. A horse is visible, but its coat name blurred out. Continue forward a few metres and look at the horse from the opposite direction. You should see the coat with the name 'swags'. 26 | 27 | ## Intended Tools 28 | Google Maps / Street View -------------------------------------------------------------------------------- /Challenges/General/Where in the world is Wuhan - Part I.md: -------------------------------------------------------------------------------- 1 | # Where in the world is Wuhan - Part I 2 | Category: Text-based OSINT 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{zuck@fb.com}` 7 | 8 | Points: 75 9 | 10 | Difficulty: Easy 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Real 15 | 16 | ## Summary 17 | A simple challenge to locate something that is not overly difficult, to get players in the general gist of solving their first CTF challenge. 18 | 19 | ## Description 20 | *ping* 21 | 22 | **Subject:** 23 | Possible compromise - Facebook superadmin account 24 | **Message:** 25 | We've received an alert from CERT Australia of a possible superadmin compromise within Facebook's backend servers. As you know, they control a number of global node servers and if the roombas get access to pushing content....who knows what they might do. But we're currently looking at Roombas trying to learn the genetic structure and makeup of the novel coronavirus...from various supercookies tracking scientists browser history research. Of course, this can all be found out via the GraphQL API. 26 | 27 | Facebook being facebook, they're not providing any word at this point. However, combining this with the thousands of Federal Police ACORNS reports we've had in the past few days, it's possible. Let's start from the top. Find Mark Zuckerbergs email address and submit it into the portal; we'll run some automated checks to see if it's appeared in any 3rd party breach sites. 28 | 29 | ## Solution 30 | Search the internet, see other fb emails and compare to be sure. 31 | 32 | ## Intended Tools 33 | Google -------------------------------------------------------------------------------- /Challenges/General/Where in the world is Wuhan - Part II.md: -------------------------------------------------------------------------------- 1 | # Where in the world is Wuhan - Part II 2 | Category: GENERAL 3 | 4 | Type: Manual 5 | 6 | Flag: (Provided by mod): `CYBAR{itsfake}` 7 | 8 | Points: 675 9 | 10 | Difficulty: Very Difficult 11 | 12 | Status: Playable after CTF ends 13 | 14 | ## Summary 15 | Using physical vectors, sometimes a location can be detected by its features. Other times, finding the source of the original image is just as important. 16 | 17 | ## Description 18 | *ping* 19 | 20 | **Subject:** 21 | Possible compromise - Facebook superadmin account 22 | **Message:** 23 | Got it, thanks. We were right; breached in a few online dumps; trust Zuck to have "I_hate_myspace_tom" as his password. Long story short, we can link this to the breach. Problem is, we're unsure exactly which global node server the roomba's are going to target. 24 | 25 | We did however find this image on the server, as the most recently changed file. It could be a geo-map of where they're planning to strike next, or it could simply be the ex-admin's next holiday destination. Either way, we need to know where that is NOW to start targeted keyword analysis. There's no metadata on this one - you're going to have to recognise the physical features. 26 | 27 | Find the source of the image online, and I'll take care of the rest. 28 | 29 | NOTE: This challenge is marked *manually*. It will state "incorrect", please ignore. PLEASE CONTACT A MOD WITH SCREENSHOT EVIDENCE WITH YOUR SUBMISSION. 30 | 31 | ## Solution 32 | Initially, the player may try look for physical attributes such as the canal, number of bridges, park/cemetry or calm waters entrance to the canal. Some examples may be the city of Punta Arenas in Chile - but they are incorrect. 33 | 34 | Conduct searches on the type of image style. Conduct reverse image searches via engines such as Yandex, using small specific snippets of elements in the image. Once found its a generated image by https://probabletrain.itch.io/. This is not a real image, it has been generated. 35 | 36 | ## Intended Tools 37 | Reverse Image Search 38 | Paint/Image Tools 39 | Logic googling 40 | 41 | ## Included Files 42 | [Map Image](../Files/where_is_wuhan_2.jpg) 43 | -------------------------------------------------------------------------------- /Challenges/README.md: -------------------------------------------------------------------------------- 1 | If you have your own writeups for any of the challenges, please submit a pull request to add your solutions, or link to where you have posted it! 2 | 3 | ## Tutorial 4 | [Tutorial Island](Tutorial%20Island.md) 5 | 6 | ## General 7 | [Where in the world is Wuhan - Part I](General/Where%20in%20the%20world%20is%20Wuhan%20-%20Part%20I.md) 8 | 9 | [Trojan Horse](General/Trojan%20Horse.md) 10 | 11 | [Static on the Wire](General/Static%20on%20the%20Wire.md) 12 | 13 | [Lies and Treason](General/Lies%20%26%20Treason.md) 14 | 15 | [Fake News](General/Fake%20News.md) 16 | 17 | [Where in the world is Wuhan - Part II](General/Where%20in%20the%20world%20is%20Wuhan%20-%20Part%20II.md) 18 | 19 | [Curious Case of COVID](General/Curious%20Case%20of%20COVID.md) 20 | 21 | ## Social 22 | [You've heard of elf on the shelf, but what about the proliferation of COVID-19?](Social/You've%20heard%20of%20elf%20on%20the%20shelf%2C%20but%20what%20about%20the%20proliferation%20of%20COVID-19.md) 23 | 24 | [By A Thread - Part I](Social/By%20A%20Thread%20-%20Part%201.md) 25 | 26 | [By A Thread - Part II](Social/By%20A%20Thread%20-%20Part%202.md) 27 | 28 | [WFH (EoM) - Part I](Social/WFH%20(EoM)%20-%20Part%201.md) 29 | 30 | [WFH (EoM) - Part II](Social/WFH%20(EoM)%20-%20Part%202.md) 31 | 32 | [WFH (EoM) - Part III](Social/WFH%20(EoM)%20-%20Part%203.md) 33 | 34 | [Clocking Overtime](Social/Clocking%20Overtime.md) 35 | 36 | [Pretty Fly for a WiFi](Social/Pretty%20Fly%20for%20a%20WiFi.md) 37 | 38 | [Contact Tracing - Part I](Social/Contact%20Tracing%20-%20Part%20I.md) 39 | 40 | [Contact Tracing - Part II](Social/Contact%20Tracing%20-%20Part%20II.md) 41 | 42 | [Contact Tracing - Part III](Social/Contact%20Tracing%20-%20Part%20III.md) 43 | 44 | [Contact Tracing - Part IV](Social/Contact%20Tracing%20-%20Part%20IV.md) 45 | 46 | [Contact Tracing - Part V](Social/Contact%20Tracing%20-%20Part%20V.md) 47 | 48 | [Contact Tracing - Part VI](Social/Contact%20Tracing%20-%20Part%20VI.md) 49 | 50 | [Contact Tracing - Part VII](Social/Contact%20Tracing%20-%20Part%20VII.md) -------------------------------------------------------------------------------- /Challenges/Social/By A Thread - Part 1.md: -------------------------------------------------------------------------------- 1 | # By A Thread - Part 1 2 | Category: SOCIAL 3 | 4 | Type: Automatic - but requires mod input 5 | 6 | Flag: `CYBAR{546 877 954}` 7 | 8 | Points: 125 9 | 10 | Difficulty: Easy 11 | 12 | Status: NOT playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | Images in the background can reveal details such as email accounts. Those could be logged into to find sensitive information. This can be used to social engineer or extract secrets from unknowing accomplices. 18 | 19 | Challenge text: 20 | Alright, we need to start building up a profile of Marc's friend, Alycee. Find anything you can that might help us find more information on government databases about her such as an Australian Business Number (ABN). 21 | 22 | We managed to locate her tax agent on AirTasker - maybe you could get in touch and somehow convince him to provide some information about her tax return. 23 | 24 | https://www.airtasker.com/users/paul-n-19685038/ 25 | 26 | Public records show his email address is taxteamtechs@gmail.com 27 | 28 | Flag format: `CYBAR{x x x}` 29 | 30 | ## Solution 31 | Reach out to Paul requesting information on his clients using the email address on his Airtasker profile page. He sends a 'public' copy that has the ABN. 32 | 33 | ## Included Files 34 | [Public Tax Return](../Files/by_a_thread_1_alycee-tax-public) 35 | [Airtasker Profile](../Files/by_a_thread_1.png) 36 | -------------------------------------------------------------------------------- /Challenges/Social/By A Thread - Part 2.md: -------------------------------------------------------------------------------- 1 | # By A Thread - Part 2 2 | Category: SOCIAL 3 | 4 | Type: Automatic - requires mod interaction 5 | 6 | Flag: `CYBAR{01/01/1989}` 7 | 8 | Points: 50 9 | 10 | Difficulty: Easy 11 | 12 | Status: NOT playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | Email accounts can be viewed for the information contained within. This includes DOB info. 18 | 19 | ## Description 20 | Can you locate Alycee's date of birth? 21 | 22 | Flag format: `CYBAR{xx/xx/xxxx}` 23 | 24 | ## Solution 25 | Locate a picture on Alycee's timeline of a nude couple. Spot a note in the background about an email and password. Contact Paul again, this time claiming you are accessing Alycee's account on behalf of her. Send the EMAIL and PASSWORD. Paul sends back her private return with her DOB. 26 | 27 | Alternative solution: Note down the year from her email, and pair it with the month and day appearing on Alycee Deviantart account. 28 | 29 | ## Files Included 30 | [Timeline Photo](../Files/by_a_thread_2.jpg) 31 | [Private Tax Return](../Files/by_a_thread_2_alycee-tax-private) 32 | -------------------------------------------------------------------------------- /Challenges/Social/Clocking Overtime.md: -------------------------------------------------------------------------------- 1 | # Clocking Overtime 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{werribee}` 7 | 8 | Points: 225 9 | 10 | Difficulty: Easy 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | Posting comments or pictures about your local area, shops or community could pinpoint your location. 18 | 19 | ## Description 20 | Let's start canvassing Marc's working life. Which town is Marc's primary (not newest) workplace located in? 21 | 22 | Flag format: `CYBAR{x}` 23 | 24 | ## Solution 25 | View Marc's twitter account, where he mentions train/bus delays on his line, between two towns. Figure out which direction he's going and he mentions that it is a workplace. Using this, you can figure out where he's going. 26 | 27 | ## Files Included 28 | [Twitter Comments](../Files/clocking_overtime.png) -------------------------------------------------------------------------------- /Challenges/Social/Contact Tracing - Part I.md: -------------------------------------------------------------------------------- 1 | # Contact Tracing - Part I 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{https://www.deviantart.com/alyceedoesstem}` 7 | 8 | Points: 75 9 | 10 | Difficulty: Easy 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | Posting photos and reference to art, including a username on a twitter profile could lead to enumerating additional accounts. 18 | 19 | ## Description 20 | It's suspected the Roomba targeted one of Marc's friends, Alycee, with COVID19 based on her regular flights around the world to different critical infrastructure areas (e.g. gas and oil). We must undertake contact tracing for Alycee without warning the subject. We need to find out every location she has been in the past few years to get a profile. This profile will then help us predict and prevent where she might go next. 21 | 22 | What is the full URL of Alycee's art account? 23 | 24 | Flag format: `CYBAR{https://www.x.x/x}` 25 | 26 | ## Solution 27 | Search for her handle/username as shown in the 'location' on her profile in popular art upload accounts. Once DeviantArt is found, the URL is submitted. #DA gives away that art and DA. 28 | 29 | ## Files Included 30 | [Photos](../Files/contact_tracing_1/jpg) 31 | 32 | -------------------------------------------------------------------------------- /Challenges/Social/Contact Tracing - Part II.md: -------------------------------------------------------------------------------- 1 | Category: SOCIAL 2 | 3 | Type: Automatic 4 | 5 | Flag: `CYBAR{Kilauea}` or `CYBAR{Kīlauea}` 6 | 7 | Points: 100 8 | 9 | Difficulty: Easy 10 | 11 | Status: Playable after CTF ends 12 | 13 | Real Person or Ficticious: Fictitious 14 | 15 | ## Summary 16 | Posting photos or art could give a clue to the exact locations Alycee has been, 17 | 18 | ## Description 19 | We need more locations Alycee may have or will visit in the future. 20 | 21 | What is the exact volcano that Alycee visited? 22 | 23 | Flag format: `CYBAR{x}` 24 | 25 | ## Solution 26 | Use the dates in the picture as well as the magma to find that April 30th, 2018 there was an eruption of the Pu'u 'O'o crater on Hawaii's Kilauea volcano. Pictures of that eruption available online looks similar to the drawing with a volcano and the mention of "HAWAII". 27 | 28 | ## Files Included 29 | [Hawaii Volcano picture on DeviantArt account](../Files/contact_tracing_2.jpg) 30 | -------------------------------------------------------------------------------- /Challenges/Social/Contact Tracing - Part III.md: -------------------------------------------------------------------------------- 1 | # Contact Tracing - Part III 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{Wilson}` OR `CYBAR{Wilson Botanic Park}` 7 | 8 | Points: 125 9 | 10 | Difficulty: Easy 11 | 12 | ## Summary 13 | Posting photos or art could give a clue to the exact locations Alycee has been. 14 | 15 | ## Description 16 | We need more locations Alycee may have or will visit in the future. 17 | 18 | What is the first name of the park that Alycee likes to visit? 19 | 20 | Flag format: `CYBAR{x}` 21 | 22 | ## Solution 23 | Use the GPS coordinates in the picture to wrangle them and locate 'Wilson" botanic park. This can be done via a variety of websites such as https://www.gps-coordinates.net/ 24 | 25 | ## Files Included 26 | [Boathouse lake picture on DeviantArt account](../Files/contact_tracing_3.jpg) -------------------------------------------------------------------------------- /Challenges/Social/Contact Tracing - Part IV.md: -------------------------------------------------------------------------------- 1 | # Contact Tracing - Part IV 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{Burwood}` 7 | 8 | Points: 275 9 | 10 | Difficulty: Medium 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | Posting comments about your local area, shops or community could pinpoint your location. 18 | 19 | ## Description 20 | We are trying to locate in which suburb Alycee's friend **Marcel** lives in, to zone in on potential areas of risk he may potentially cause having COVID19. Please find it for us so that we can get some agents there on the ground. 21 | 22 | Flag format: `CYBAR{x}` 23 | 24 | ## Solution 25 | View his replies and chatter about his dog going to the vet. Has a dog called Tyrone and his local RSPCA is Burwood. This can be found by combining search terms of "RSPCA+euthenise+cat+ringworm+petition" with towns that include an RSPCA (e.g. RSPCA+euthenise+cat+ringworm+petition+burwood) , being 6-8 years ago and hint that cat's name was some kind of deer or disease from Papua New Ginuea (Kuru disease, Kudu deer = Kudu the Cat). 26 | 27 | There are a number of ways to solve this challenge. 28 | 29 | ## Intended Tools 30 | Search Engines -------------------------------------------------------------------------------- /Challenges/Social/Contact Tracing - Part V.md: -------------------------------------------------------------------------------- 1 | # Contact Tracing - Part V 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{Blackall}` 7 | 8 | Points: 125 9 | 10 | Difficulty: Easy 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | Posting comments or pictures about your local area, shops or community could pinpoint your location. 18 | 19 | ## Description 20 | We are trying to locate in which town Alycee's friend **Pong** lives in, to zone in on potential areas of risk he may potentially cause having COVID19. 21 | 22 | Flag format: `CYBAR{x}` 23 | 24 | ## Solution 25 | View Pong's twitter header image, reverse search or search words/charasterstics in the background (e.g. the partial pub) to locate the town of Blackall. 26 | 27 | ## Files Included 28 | [Twitter header image](../Files/contact_tracing_5.jpg) -------------------------------------------------------------------------------- /Challenges/Social/Contact Tracing - Part VI.md: -------------------------------------------------------------------------------- 1 | # Contact Tracing - Part VI 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{KIA Stinger}` 7 | 8 | Points: 75 9 | 10 | Difficulty: Easy 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Real (it's a police car) 15 | 16 | ## Summary 17 | Posting comments or pictures about your local area, shops or community could pinpoint your location. 18 | 19 | ## Description 20 | We've learned that Pong has a vehicle and may have visited nearby towns in the past few months. We were going to do license plate detection but no doubt the Roomba's have either changed this or prevented plate reads. We need to know the exact make and model car Pong is driving to get visual confirmation. 21 | 22 | Find the make and model of Pong's vehicle. 23 | 24 | Flag format: `CYBAR{x x}` 25 | 26 | ## Solution 27 | View Pong's conversation/post about getting a speeding ticket and look up the registration details for the vehicle. Use a tool such as: https://www.service.transport.qld.gov.au/checkrego/public/Welcome.xhtml to find this. 28 | 29 | ## Files Included 30 | [Picture of speeding fine](../Files/contact_tracing_6_fine.jpg) 31 | [Picture of license plate](../Files/contact_tracing_6_license.jpg) 32 | -------------------------------------------------------------------------------- /Challenges/Social/Contact Tracing - Part VII.md: -------------------------------------------------------------------------------- 1 | # Contact Tracing - Part VII 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{Colombo}` 7 | 8 | Points: 50 9 | 10 | Difficulty: Easy 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | Posting comments or pictures about your local area, shops or community could pinpoint your location. 18 | 19 | ## Description 20 | Pong may have travelled international recently, and we need you to find out which city he was in. 21 | 22 | Flag format: `CYBAR{x}` 23 | 24 | ## Solution 25 | View Pong's image about eating crab in Sri Lanka - reverse image searching tells you the building is BMICH in Colombo. 26 | 27 | ## Files Included 28 | [Picture of BMICH building](../Files/contact_tracing_7.jpg) -------------------------------------------------------------------------------- /Challenges/Social/Pretty Fly for a WiFi.md: -------------------------------------------------------------------------------- 1 | # Pretty Fly for a WiFi 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{Ballarat}` 7 | 8 | Points: 250 9 | 10 | Difficulty: Easy-Medium 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | BSSID's can be tracked down to their physical geo-location. 18 | 19 | ## Description 20 | We need to find Marc's second office location (not the primary workplace) for the contract tracing. Business records tell us it's relatively new. Scour his Twitter account and see if there's anything that can help us geo-locate it. We don't need it down to the road, just the town (not suburb) and we can work from there. 21 | 22 | Flag format: `CYBAR{x}` 23 | 24 | ## Solution 25 | By searching for ways to track down Wireless Access Points, and correlating that data with the WiFi info posted by Marc on his twitter, they can track down the BSSID address to the street. Search for open Wi-Fi databases. 26 | 27 | `74:44:01:81:b8:e2` BSSID found via Wigle.net for example 28 | 29 | ## Files Included 30 | [WiFi picture on Marc's twitter feed](../Files/pretty_fly_for_a_wifi.png) 31 | -------------------------------------------------------------------------------- /Challenges/Social/WFH (EoM) - Part 1.md: -------------------------------------------------------------------------------- 1 | # WFH (EoM) - Part 1 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{QV1}` 7 | 8 | Points: 350 9 | 10 | Difficulty: Medium 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | A home-made video reveals in which building the subject lives. 18 | 19 | ## Description 20 | Contact Tracing continues. We need to locate Marc's home and evacuate the neighborhood/building and place them in isolation. 21 | 22 | What's the name of the building Marc lives in? 23 | 24 | Flag format: `CYBAR{x}` 25 | 26 | ## Solution 27 | On Marc Hevis Twitter profile there is a video about pollution and not being able to go onto their balcony. By observing landmarks, a building with a face (Barak Building) can be located. 28 | 29 | Further analysis and geographical reference results in a few skyscrapers. These can be reduced by figuring out which are residential, and the angle and height taken from. 30 | 31 | Other buildings such as the Melbourne Gaol and RMIT buildings can also be seen in the foreground, providing depth perception. 32 | 33 | ## Files Included 34 | [Video of Barak Building](../Files/wfh_part_1.mov) 35 | 36 | ## Intended Tools 37 | Google Earth/Maps/Street View 38 | Search Engines -------------------------------------------------------------------------------- /Challenges/Social/WFH (EoM) - Part 2.md: -------------------------------------------------------------------------------- 1 | # WFH (EoM) - Part 2 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{44}` or `CYBAR{36}` 7 | 8 | Points: 100 9 | 10 | Difficulty: Easy-Medium 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | Public city databases can include detailed information about buildings. 18 | 19 | ## Description 20 | We need more information on the building to work out the level it's being potentially filmed from. How many levels (above ground) does the building have? 21 | 22 | Flag format: `CYBAR{x}` 23 | 24 | ## Solution 25 | By searching for "melbourne city/building databases" they can find the data.melbourne.vic.gov.au database containing this information. Other architectural and real estate sites also reveal this. 26 | 27 | Alternatively, they can try use guides or eye-witness accounts of the buildings levels - these can get interesting due to 'underground basements' and 'pools' counting as floor levels. If cross referenced with enough sources, the flag can be found. Two flags included for counting basements and not. 28 | 29 | ## Intended Tools 30 | Search Engines -------------------------------------------------------------------------------- /Challenges/Social/WFH (EoM) - Part 3.md: -------------------------------------------------------------------------------- 1 | # WFH (EoM) - Part 3 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{2004}` and `CYBAR{2005}` 7 | 8 | Points: 50 9 | 10 | Difficulty: Easy 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Fictitious 15 | 16 | ## Summary 17 | Public city databases can include detailed information about buildings. 18 | 19 | ## Description 20 | Alright, we need to figure out how long Marc has lived there for, and the earliest he could have moved in. What was the year the building was finally built in? 21 | 22 | ## Solution 23 | By searching for "melbourne city/building databases" they can find the data.melbourne.vic.gov.au database containing this information. -------------------------------------------------------------------------------- /Challenges/Social/You've heard of elf on the shelf, but what about the proliferation of COVID-19.md: -------------------------------------------------------------------------------- 1 | # You've heard of elf on the shelf, but what about the proliferation of COVID-19? 2 | Category: SOCIAL 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{HevisMarc}` 7 | 8 | Points: 50 9 | 10 | Difficulty: Easy 11 | 12 | Status: Playable after CTF ends 13 | 14 | Real Person or Ficticious: Ficticious 15 | 16 | ## Description 17 | The Roombas are trying to gain the upper hand over the human population. We believe they're going to target pivotal industries such as real estate, critical infrastructure, information security and healthcare. We don't know who yet, but we know it's a group of close friends and all are infected with COVID-19. 18 | 19 | We need to enact Contact Tracing - finding every detail about their lives in order to predict and contain their movements. No one has heard from them since March. We must build up details about them for the agents to then take over. That's where you come in. 20 | 21 | Our first piece of intelligence is a gentleman by the name of Marc Hevis - a co-owner of Hevis Properties Pty Ltd. We have agents ready on the ground, and others covering all his other social media - your task is to find his Twitter account. 22 | 23 | Flag format: `CYBAR{x}` (No @ sign) 24 | 25 | ## Solution 26 | Simple search for "Marc Hevis" +twitter on a search engine. -------------------------------------------------------------------------------- /Challenges/Tutorial Island.md: -------------------------------------------------------------------------------- 1 | # Tutorial Island 2 | Category: Text OSINT 3 | 4 | Type: Automatic 5 | 6 | Flag: `CYBAR{YTCracker}` 7 | 8 | Points: 50 9 | 10 | Difficulty: Tutorial 11 | 12 | Status: Playable after CTF ends 13 | 14 | ## Description 15 | Welcome to the CYBAR Open-Source Intelligence CTF. Most challenges can be solved with a browser and some know-how - online tools might help too. 16 | 17 | When you find something, whether it be a picture, text, code or whatnot, you can submit it into the CTF server by putting the 'flag format' around it. For example, if the flag asked you to find the name of a yellow fruit, and yo confirmed it was a banana, you'd submit "CYBAR{banana}". Don't worry too much about caps, it's not case-sensitive. 18 | 19 | To kick it off, let's try your first flag. You get into work, boot up your system and hit Spotify up. You can't remember the name of the artist or song you were listening to the other day but it put you in the ZONE. Scratching your head, you remember just a line of lyrics... 20 | 21 | "In the name of the Spam God, that's what's up" 22 | 23 | Huh. Let's do a quick search and see if we can find the artist, and submit as a flag. When done, you can kick off their playlist to pair with the CTF. 24 | 25 | ## Solution 26 | Use the apostraphes as a google dork for the lyrics. The artist name can be found on various websites 27 | 28 | ## Intended tools 29 | Google Search -------------------------------------------------------------------------------- /Host CTF/CYBAR OSINT CTF EXPORT.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Host CTF/CYBAR OSINT CTF EXPORT.zip -------------------------------------------------------------------------------- /Host CTF/Files/screen_1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Host CTF/Files/screen_1.PNG -------------------------------------------------------------------------------- /Host CTF/Files/screen_2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Host CTF/Files/screen_2.PNG -------------------------------------------------------------------------------- /Host CTF/Files/screen_3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/Host CTF/Files/screen_3.PNG -------------------------------------------------------------------------------- /Host CTF/README.md: -------------------------------------------------------------------------------- 1 | # Local CTF Instance 2 | If you get stuck along the way, feel free to reach out for us on [Discord](https://discord.gg/KsSh24V) for a hand! 3 | 4 | Please note that the `By a Thread` challenges will not be solvable, as we are no longer monitoring the email Inbox. 5 | 6 | ## Install Docker 7 | * [Install Docker for your appropriate Operating System](https://docs.docker.com/get-docker/) 8 | 9 | ## Start CTFd Container 10 | * Test that Docker is installed and correctly running 11 | 12 | ![screen_1.PNG](Files/screen_1.PNG) 13 | 14 | * Start a fresh CTFd container: 15 | ``` 16 | docker run -d -p 8000:8000 ctfd/ctfd:mark-2.3.3 17 | ``` 18 | 19 | * Browse to `http://localhost:8000` 20 | 21 | ## Setup and Import 22 | * Fill in the CTFd setup details with random information (It'll all get overwritten once you import the backup) 23 | 24 | * Once you've passed the basic setup screen, click the `Admin Panel` buttom. 25 | 26 | ![screen_2.PNG](Files/screen_2.PNG) 27 | 28 | * Click `Config > Backup > Import > Choose File` 29 | 30 | ![screen_3.PNG](Files/screen_3.PNG) 31 | 32 | * Download the [CYBAR OSINT CTF EXPORT](CYBAR%20OSINT%20CTF%20EXPORT.zip) 33 | 34 | * Upload the Export zip file and hit `Import` 35 | 36 | * If it successfully imports you should land back on the CTFd Login page 37 | 38 | * Login with `admin` as Username and Password -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CYBAR OSINT CTF 2020 2 | [CYBAR](https://cybar.party) is a not-for-profit event in Melbourne, Australia for students who have an interest in Cyber Security or Technology to meet others with similar interests, compete in CTF's for cool prizes, share ideas through fireball talks, eat plenty of pizza and dance the night away! All profits from the event will go to a charity voted on by the attendees. 3 | 4 | [Unfortunately due to COVID-19 we were forced to postpone the event](https://www.cybar.party/event-postponed). However, since we had a CTF ready to go, we decided to run this one online, and open it up to the entire world for free! 5 | 6 | The [CYBAR OSINT CTF](https://www.cybar.party/osint-ctf) was run for 24 hours starting 6/6/2020 at 18:00 AEST. 7 | 8 | ### Prizes 9 | Huge thanks to our sponsor [Privasec](https://privasec.com/) for sponsoring the event, and allowing us to award the top 5 teams with a AUD1500 total prize pool! 10 | 11 | * 1st place ($800): Knowing and the Known 12 | * 2nd place ($400): V01DSQUAD 13 | * 3rd place ($200): cs 14 | * 4th place ($50): Noroff University College 15 | * 5th place ($50): CTF_ru 16 | 17 | ### [CTF Results](Results.md) 18 | ### [CTF Achievements](Achievements.md) 19 | 20 | ## [Official challenge writeups](Challenges) 21 | ## Community writeups 22 | * [Security G33k Blog](https://securityg33k.blogspot.com/2020/06/cybar-osint-ctf-everything-except-two.html?m=1) 23 | * [Brigada Osint](https://www.brigadaosint.com/cybar-osint-ctf-2020/) 24 | * [ketz](https://0ketz.gitlab.io/writeups/2020/cybar-osint-ctf/) 25 | 26 | ## CTF Structure 27 | The CTF was designed to be solved with logic and critical thinking with no specialised tooling was required. For example, most solves were possible with just a browser. The difficulty ranged between EASY - MEDIUM - HARD - VERY DIFFICULT. 28 | 29 | Total points available for this CTF was: 4950 30 | Additional points were available for fulfilling achievements. 31 | 32 | ## Hosting Instructions 33 | If you'd like to host a local copy of the CTF to play through it again, follow the instructions in [Host CTF](Host%20CTF/README.md). 34 | 35 | Please note that the `By a Thread` challenges will not be solvable, as we are no longer monitoring the email Inbox. 36 | 37 | ## Credits 38 | This CTF was created with love by **securitymeta_** and would not have been possible without the following people: 39 | - N33dle 40 | - IFLinfosec 41 | - OpSys 42 | - Darkstavio 43 | - CYBAR team 44 | 45 | Playtesters who squashed bugs and drank a fair bit of coffee: 46 | - hotpheex 47 | - infosecmemes 48 | - h4ck3rm4n 49 | - nocturnal 50 | - savi0 51 | - CYBAR team 52 | 53 | Whilst many challenges are OG, others are inspired and credits go to these great hackers/events at: 54 | - Randoms on twitter 55 | - TraceLabs Missing Persons CTF 56 | - Cyber Security Society at Cardiff University 57 | -------------------------------------------------------------------------------- /Results.md: -------------------------------------------------------------------------------- 1 | # CTF Results 2 | ![Top 10 Users](scoreboard.PNG) 3 | 4 | | Place | Team | Score| 5 | | ----- |:----:| ----:| 6 | | 1 | Knowing and the Known | 5050| 7 | | 2 | V01DSQUAD Official | 5000| 8 | | 3 | cs | 4975| 9 | | 4 | Noroff University College | 4965| 10 | | 5 | CTF_ru | 4950| 11 | | 6 | netstalking | 4950| 12 | | 7 | scsc | 4950| 13 | | 8 | spyd0s | 4950| 14 | | 9 | Krash Labs | 4950| 15 | | 10 | правдасец | 4950| 16 | | 11 | Zoom and Enhance | 4950| 17 | | 12 | ComfyConAU Official | 4950| 18 | | 13 | RedTeam@MTU | 4950| 19 | | 14 | D1ab3isso Official | 4950| 20 | | 15 | sf Official | 4275| 21 | | 16 | One Man Army | 4275| 22 | | 17 | Wintel | 4275| 23 | | 18 | MCB | 4275| 24 | | 19 | MJ | 4225| 25 | | 20 | RISC Official | 4225| 26 | | 21 | #!/bin/false | 4225| 27 | | 22 | Not The Feds, Really | 3950| 28 | | 23 | silvia fututorum | 3900| 29 | | 24 | OMD Official | 3850| 30 | | 25 | FX-05 Xiuhcoatl | 3825| 31 | | 26 | paulr | 3775| 32 | | 27 | Royal Emu Artillery Official | 3575| 33 | | 28 | Omae Wa Shindeiru | 3550| 34 | | 29 | extendedcircuitbreaker | 3550| 35 | | 30 | Blackflag | 3550| 36 | | 31 | misc | 3550| 37 | | 32 | Apa2Lah | 3550| 38 | | 33 | Weaponised 5G Bats | 3550| 39 | | 34 | sudo su | 3550| 40 | | 35 | NoNam3 | 3550| 41 | | 36 | OSINTnoids | 3550| 42 | | 37 | internettles | 3550| 43 | | 38 | doingthisforkbbq | 3550| 44 | | 39 | nobus | 3550| 45 | | 40 | rhondaandketut | 3550| 46 | | 41 | Zuckerwatte | 3550| 47 | | 42 | New Crew | 3375| 48 | | 43 | Pogo | 3375| 49 | | 44 | Heck The Packet Official | 3325| 50 | | 45 | The Mallows | 3300| 51 | | 46 | team ace radio riot | 3275| 52 | | 47 | MQCybersec | 3275| 53 | | 48 | Open Source Intelligence? Ha! More like... | 3275| 54 | | 49 | AIE Official | 3275| 55 | | 50 | NorthRichmondDistillate | 3275| 56 | | 51 | ( ͡° ͜ʖ ͡°) | 3275| 57 | | 52 | giresh | 3150| 58 | | 53 | Team No Trace | 3100| 59 | | 54 | Opi_team | 3100| 60 | | 55 | cr0wn | 3100| 61 | | 56 | The Farm | 3100| 62 | | 57 | ZacharyMikus | 3050| 63 | | 58 | Ru_OSINT Official | 3050| 64 | | 59 | solidaritypayment | 3050| 65 | | 60 | islandhaze | 2900| 66 | | 61 | Valquirias | 2875| 67 | | 62 | Medoic | 2875| 68 | | 63 | MonSec | 2825| 69 | | 64 | Deplorables | 2725| 70 | | 65 | Trojans | 2650| 71 | | 66 | HiddenAgenda | 2625| 72 | | 67 | TheManyHatsClub Official | 2625| 73 | | 68 | CTFSG | 2450| 74 | | 69 | FCCN | 2450| 75 | | 70 | AutoBits | 2450| 76 | | 71 | BurdenOfProof | 2425| 77 | | 72 | Totoro | 2325| 78 | | 73 | OSINT_H0ney | 2200| 79 | | 74 | UCeTresMe FTW | 2175| 80 | | 75 | wubic | 2175| 81 | | 76 | BNT | 2175| 82 | | 77 | rac00n | 2125| 83 | | 78 | thefacts | 2100| 84 | | 79 | Vorld | 2100| 85 | | 80 | LEGOFAN | 2000| 86 | | 81 | Nightfuzzers | 2000| 87 | | 82 | Brigada Osint | 1850| 88 | | 83 | SavedByTheShell | 1850| 89 | | 84 | Yar! | 1835| 90 | | 85 | Beginners | 1775| 91 | | 86 | Team Crusty | 1750| 92 | | 87 | APT69 Official | 1725| 93 | | 88 | Taz Crew | 1650| 94 | | 89 | Zoey Selman (aka V3rbaal) | 1375| 95 | | 90 | OptimisticT | 1350| 96 | | 91 | adgage Official | 1350| 97 | | 92 | 0sintheology | 1325| 98 | | 93 | osinters | 1275| 99 | | 94 | Meles | 1250| 100 | | 95 | d3t | 1250| 101 | | 96 | Luna | 1175| 102 | | 97 | osintweaklings | 1150| 103 | | 98 | tgolbit3 | 1150| 104 | | 99 | WhatTheFraud | 1125| 105 | | 100 | Bsuck4 | 1100| 106 | | 101 | Gibsons | 1050| 107 | | 102 | nameless | 1050| 108 | | 103 | OSINT is not hacking | 1025| 109 | | 104 | Gh0stSh3ll | 950| 110 | | 105 | horrorshow1984@gmail.com | 950| 111 | | 106 | Tarnished Trepidation | 925| 112 | | 107 | Just4Fun | 875| 113 | | 108 | crimson | 875| 114 | | 109 | ByteForc3 | 850| 115 | | 110 | random2 | 825| 116 | | 111 | Cangas | 825| 117 | | 112 | Hack South ZA Official | 775| 118 | | 113 | leban33763 | 750| 119 | | 114 | dybbI-k0ldynbI | 750| 120 | | 115 | Pennant Tellers | 700| 121 | | 116 | Pineapple | 700| 122 | | 117 | lone wolf | 700| 123 | | 118 | Covid19 | 600| 124 | | 119 | s0kN1 | 575| 125 | | 120 | KillerBees | 525| 126 | | 121 | SoloMid | 525| 127 | | 122 | AstRX | 475| 128 | | 123 | RSK | 475| 129 | | 124 | gogib4nchan | 475| 130 | | 125 | BsmtOSINT | 425| 131 | | 126 | soulctf | 425| 132 | | 127 | 🤖Dexter🤖 | 400| 133 | | 128 | CFTeam Official | 375| 134 | | 129 | Colocating | 375| 135 | | 130 | StingDau | 350| 136 | | 131 | Insertteamnamehere | 300| 137 | | 132 | Gas-Patch.0 | 300| 138 | | 133 | marco.pinn95@gmail.com | 250| 139 | | 134 | Kryptonaut | 225| 140 | | 135 | shieldnow | 225| 141 | | 136 | pony | 225| 142 | | 137 | drop db users-- | 175| 143 | | 138 | JPGs are overrated Official | 175| 144 | | 139 | OrderofShadows | 175| 145 | | 140 | mtdcr | 175| 146 | | 141 | coedra@gmail.com | 175| 147 | | 142 | okiedokiefine | 175| 148 | | 143 | Noob Team | 125| 149 | | 144 | ProbableTrainTeam | 125| 150 | | 145 | flincher | 125| 151 | | 146 | hackingcoughers | 100| 152 | | 147 | Amarjith | 100| 153 | | 148 | H4ckOS1NT | 100| 154 | | 149 | yakoo | 100| 155 | | 150 | pleasedelete | 100| 156 | | 151 | hackersparadise | 100| 157 | | 152 | Rick Sanchez Morty | 100| 158 | | 153 | HTHT | 100| 159 | | 154 | PingTrip | 100| 160 | | 155 | Jokers | 100| 161 | | 156 | lol | 100| 162 | | 157 | last_resort | 50| 163 | | 158 | Hack29 | 50| 164 | | 159 | just j0s13 | 50| 165 | | 160 | aaat | 50| 166 | | 161 | EsNiVe | 50| -------------------------------------------------------------------------------- /scoreboard.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cybar-party/cybar-osint-ctf-2020/5f8557b57cf688d93f94b4f9e381b3c011b3ad95/scoreboard.PNG --------------------------------------------------------------------------------