A Cyber Investigator CTF walkthrough

It has been long since I posted anything here but I have been REALLY busy lately. In this post I will try to walk you through some of the challenges in the Cyber Investigator CTF challenge by CyberSoc Wales. More specifically, I will speak about the four first challenges of the “Covert Operations” section. The Cyber Investigator CTF challenge is not strictly OSINT related and I think you will find it interesting to learn a little bit for other related fields also. But the section we will take a look at today, will be closer to an OSINT perspective. And it's the simplicity of the solutions that will show you that sometimes, you don't need to do some super crazy research to find stuff, rather than basic search and thinking. So, let’s go!

Challenge: thermalentry

Description: One of our undercover officers has been following a suspected financial crime kingpin and they keep visiting a lockup in a secluded area of London - we have no idea what is in there.
A couple of nights ago, the officer noticed that there is a digital PIN pad used to open the lockup door, and shortly after the suspect entered and closed the door behind them, our officer promtly approached the PIN pad and took a photograph of the keys with a thermal camera.
Research into the PIN pad reveals that it only accepts four digit codes, so that should make things easier.
What is the PIN code for the lockup? It will be much easier for us to make a subdued entry to find out what is in there without compromising our investigation through forcing our way in.

Solution: After searching the phrase “thermal camera red yellow green”, I ended up on this link explaining that “In any thermogram, the brighter colors (red, orange, and yellow) indicate warmer temperatures (more heat and infrared radiation emitted) while the purples and dark blue/black indicate cooler temperatures (less heat and infrared radiation emitted).” After looking at the thermometer next to the icon, I understood that buttons in the PIN pad containing more red, retained more heat, thus were pressed more recently. That way, you can understand its easy to reveal the password.

Searching for “pin pad” on google reveals that their form is similar to the one below:



That said, the solution to the challenge is 4158.



Challenge: nightclub

Description: We've been monitoring the movements of a few somewhat well-known club DJs-for-hire with sketchy pasts.
A couple of days ago, we parked one of our investigators outside a nightclub which previous checks suggest is linked to a drug-related money laundering scheme. We also happen to know that each of the DJs we've been following use Spotify for their music at venues.
Unfortunately, the DJ for the evening must have used another entrance as our suveillance team didn't spot anyone matching the profile of any of our suspects that night.
It would be useful for us to know the name of the song that is playing in the attached recording, as this will enable us to scrape the listening histories of our suspects and match the two up to identify who was there at the time.
We're hoping to recruit this particular DJ and leverage the likely trust that has been established with the club management to utilise them as an informant.
This will help us to infiltrate the drug gang running the nightclub and move us closer to dismantling their operation.

The challenge then allows you to download a .wav file containing some music.

Solution: After hitting the play button on the .wav file, I used a mobile application in my mobile phone called “Shazam” to figure out the song contatined in the .wav file. In seconds, the application recognized the song.

The solution to this challenge is Limitless from Elektronomia.



Challenge: orientalnavigator

Description: We recently performed a search of a Yacht parked in a berth in Hawaii; fairly strangely, a lookup of the vessel's paperwork yields no results and we don't have time to draft in someone with enough knowledge of boats to be able to provide us with further context.
However, we did find what looks to be a dash cam with footage of someone driving through what we suspect is a town or city in Asia.
I've attached an image showing a road sign from one of the clips found on the camera, could you take a look and see if you can work out where the driver was at the time?



Solution: I wanted to read the names this road sign contained. I would then be able to search this places in google maps and find the city that included these places. Indeed, I used the Yandex OCR Translator. It really is my favorite OCR tool. The result was the following:



Searching the two locations shown in the upwards arrow, the solution was revealed: the city was Shanghai!



Challenge: telemanipulation

Description: We believe we've found an address where a number of victims of human trafficking are being held. We know that there are anywhere between 1 and 3 grunts posted to guard the premises at any given time, but in the early hours of the morning, they seem to watch TV most of the time.
I have been thinking about a distraction technique to get them all into the living room at the same time whilst we make quiet entry into the property before hurling a flashbang into the lounge and getting the drop on them, hopefully without firing a shot so we can keep them in a fit state to tell us all about the intricate workings of their organisation.
A way of getting them together to deliberate might be to cause a problem with their TV.
Our guys sat on the hill not far away and spotted the below remote control in one of their hands, together with a TV as pictured on the unit in the lounge.
I know that these remotes are programmable, could you find out the code to set the remote to control this brand of TV?
This will enable us to switch off the TV, fiddle with the sound, change inputs and so on - hopefully causing a stir long enough to distract them.



Solution: I tried searching in google using phrases like “sky remote code TOSHIBA” since it's clear that the TV brand is TOSHIBA and the remote brand is “sky”. Many different results came up but one was definitely the one I was looking for. All I needed now was to check the model of the sky remote controller. After uploading the image in the Yandex reverse image search engine, I cropped the image to search for only the type of the remote controller.



Yandex identified this remote controller as a Sky Q model. Switching back to the link above, there were three codes revealed.



The challenge allowed 4 tries only, so I double-checked this result, with a little more google searches. The results always included 1536 and 2704 as potential codes. I tried the first one and it was accepted. I suspect the challenge would accept both of these codes as correct.

So, the correct answer for me here was 1536.



That’s enough I guess for today. Feel free to experiment and try solving these challenges yourself in different ways, or maybe solve one of the many others in this CTF challenge.

Till next time, have fun and stay healthy!

Do you have a question/comment regarding this methodology? Please e-mail me at theinspector32@protonmail.com,or send me a message on twitter.

Comments

Post a Comment

Popular posts from this blog

Skype – A hidden OSINT goldmine

Image
I have previously posted about skype potential uses in OSINT investigations in one of my #DailyOSINT tweets, but I decided to provide a more in-depth guide to show everyone in the OSINT community the true potential of this application. I have seen no one talk about it in the OSINT community and I think it’s about time we understand the possibilities it provides. Skype is an application designed for communication and e-conferencing between its users. It is widely spread with a vast user base. Although it has begun losing popularity with the rise of alternative tools such as zoom etc, it still dominates its sector for a long time, and this means that your target is very likely to have a Skype account. Let’s look at some rough numbers: According to Statista , this is the percentage of U.S. internet users who use Skype as of January 2018, by age group: Also, according to the same site , the number of estimated Skype users registered worldwide from 2009 to 2024 is constantly grow
Read more

Geolocation & Chronolocation challenge #1: A trip to Cologne

Image
For my first post I decided to write about a geolocation challenge. The challenge was set by Julia Bayer and was part of the quiz time initiative on Twitter, where OSINT experts challenge others to geolocate the exact place and time a photo was taken. This particular challenge can be found here . Although the geolocation challenge is a week old, I believe what’s important is showing the way you can simply geolocate and chronolocate a photo. The challenge: So the challenge was as shown below: πŸ‘Where was this photo taken? πŸ—“ When was this photo taken? (timeframe) Bonus: At what time? Answering the “where” question: When trying to geolocate a photo, you should always focus on all unique elements inside it. Unique elements are those that can provide crucial information that cannot be found anywhere but in a very specific place/area. The unique elements for this photo are the posters found on this column, a sign with the logo “Castrol” and some blurred boards containing letter
Read more

Using OSINT to find missing persons – A Trace Labs Search Party OSINT CTF writeup

Image
Hello everyone. This writeup was meant to come out sooner, but sadly life sometimes postpones things… Anyway, last weekend Trace Labs held one of its monthly OSINT CTFs for finding missing persons, in which I have participated. It’s not the first time I did so, since I have participated twice as a solo team in the past, but this is the first time I participated as part of a team and having prepared really well for it. My team Dwayne “The Sock” Johnson, which consisted of myself, @jakecreps , @BOsintBlanc and @beige_hat came 2nd place and this was very exciting for us since it was the first time we have ever participated together. The following information is meant to help future contestants and of course any feedback is welcome (as always). Trace Labs Trace Labs is a nonprofit organization whose mission is to accelerate the family reunification of missing persons while training members in the tradecraft of open-source intelligence (OSINT) . Among its initiatives and in o
Read more