Лаборатория RuCTF Quals 2014. Recon 100 - 400

, 20 March 2014

- 100 - Favourite book

First of all we need to find Olimpiada Balalaykina that is a young girl who likes to chat and dreams to meet Pavel Durov.

When we read about Pavel Durov we decided to look for her on Vkontakte. Simply enter "Olimpiada Balalaykina" in search for people string and mark additional setting to search not only in name, so we get the girl's profile(https://vk.com/olimpiada_balalaykina).

There was some information about her, few photos and posts, but for the 1st task we had to find her favourite book. On the page we saw post "I've just bought a lovely bag with my favourive citations!" so the source of "citations" is definetly flag for the task.

We looked in google pics for the picture in a post, it was a picture of a "Pride and Prejudice Cotton Book Bag" so obviously flag "Pride and Prejudice"


- 200 - Stolen camera

We need to find a place where the girl lost her camera. We had two albums "Sunday", that contains pictures of her Grandma's 80th BD.

second was "Our great american trip" with pictures of different places. The girl said that she lost her camera "after she uploaded 1st part of photos", so we need to find where she was on the 7th day.

Initially we decided to look for that pictures via google but we could find only one picture from a day3, it was somewhere in Brazil. Then we lost tons of time trying to "travel" on google maps and find similar places but it was wrong at all.

Despite of pictures we had some posts that make us try to check girls mail(we have it from her profile - balalay_5524@quals2014.ructf.org).

Googling on mail in such domen gave as nothing, but when we tried to go to the host like "mail.ructf.org" we was redirected to Gmail. OK, so we need a password.

From girls posts we knew that "My friend always tells me not to use my relatives' birthdays" and we had such BDay!

In album with grandma's we could see a picture with BDay cake with candle "80" on it, so we knew a year. In description of the album girls wrote that they celebrate it in last Sunday and date on pictures was 5th of March so the last Sunday was 02.03.2014, so we get the password "02031934".

When we'd entered Gmail with that pass we saw mail from her frined with a map of the travel then we only need to find a marker "7th day" and post as flag marker description.


- 300 - Get the messaage

Olimpiada posted that she loves Telegram messenger a lot so wee need her phone number.

Scrolling girl's pictures we saw opened Telegram window with her phone number in a corner of her profile picture - it was +37255933368.

Going to Telegram and try to sign in as Olimpiada, web version of Telegram said that our phone number is wrong, mobile version wanted us to verificate by entering a code from sms or from a call.

Then we decided to search a number via google and it turned out that it was public SMS-gate so we simply went to "Recived messages" and saw tons of Telegram verefication codes.

Thats way we only need to sign in mobile version, verificate it with sms from a gate and recieve a flag with incoming message(?)

But when we tried to sign we turned out that phone number was banned by Telegram system so we decided to wait. On another day Olimpiada wrote that she didn't like Telegram any more and classic sms are the best. That way we visited the sms gate a saw flag in incomnig messages.



- 400 - Landlord

Olimpiada had some strange addres in her profile "garages.blocks.daisy Miami" We searched a lot about some "blocks" in "Miami" and so on but it turned out that we was going around.

Then a hint was published in olimpiada profile.

It was a picture of a map with marker named w3w, search for w3w in google and get a site that math every place on the planet with 3 woords, links for the places looks like "first_word.second_word.third_word" and it was the same as "garages.blocks.daisy"  - it was a place in Miami.

So we simply get an addres of that place in Google maps, little googling and we know her lanlord's name from rentals site