OSMOSIS CTF APRIL FOOL's DAY Writeup
Table of Contents

Introduction⌗
I jumped into the OSINT CTF by OSMOSIS Association a bit late but still rolled in with top-10 ambitions. I solved some challenges fast, held my ground… then came the waiting game for new tasks. Eventually, I tapped out early and woke up to find I’d climbed to 21st place. Not bad for joining late and leaving late!
Strangely enough, despite this being an OSINT-focused CTF, the write-up will only include some of the challenges I tackled under forensics, which were in case considered unsupported. Here’s my breakdown of the journey:
pdfcrypt (forensics)⌗
The first challenge, "Encrypted," presented us with a password-protected PDF file. Without a given password, the best approach was to brute-force it.
Solution
For this task, I used John the Ripper, a well-known password-cracking tool. The process involved two key steps:
- Extracting the hash from the PDF file using pdf2john:
- Cracking the password with John:
- If using a wordlist, specify it using:

john enc
john -w=/path/to/wordlist.txt enc

Once the password was cracked, I was able to open the PDF, revealing an image containing a flag just below it:

Flag: flag{kramer_the_best_hacker_ever}
unk (forensics)⌗
Here we were given a file called unk with no listed extension.
Solution
The first step was to identify the file type using the file command:

This revealed that the file was a ZIP archive. Knowing this, I proceeded to extract its contents:

Among the extracted files was an image named thumbnail.jpeg. Upon examining the image, I discovered the flag in plain site:

Flag: FLAG{old_macdonald_or_mcdonald_supplier?}
Lost Flash Drive (forensics)⌗
For this challenge, "Lost Flash Drive," we were provided with a ZIP file. Upon extraction, we obtained a file named lost_flash_drive, which turned out to be a forensic image.
Solution
I used FTK Imager to analyze the forensic image. This allowed me to skim through its contents visually.
While skimming through the files, I discovered passwords.txt.zip. Extracting this revealed password.txt, which contained the flag:

Flag: flag{its_adventure_time_yee_boi!!!}
And that wrapped up my quick dive into the forensics challenges on OSINT CTF! See you at the next one and happy hakin9!