OSMOSIS CTF APRIL FOOL's DAY Writeup

OsmosisCTF April Fool's Day Writeup

Introduction

I jumped into the OSINT CTF by OSMOSIS Association a bit late but still rolled in with top-10 ambitions. I solved some challenges fast, held my ground… then came the waiting game for new tasks. Eventually, I tapped out early and woke up to find I’d climbed to 21st place. Not bad for joining late and leaving late!

Strangely enough, despite this being an OSINT-focused CTF, the write-up will only include some of the challenges I tackled under forensics, which were in case considered unsupported. Here’s my breakdown of the journey:

pdfcrypt (forensics)

The first challenge, "Encrypted," presented us with a password-protected PDF file. Without a given password, the best approach was to brute-force it.

Solution

For this task, I used John the Ripper, a well-known password-cracking tool. The process involved two key steps:

  1. Extracting the hash from the PDF file using pdf2john:
  2. Cracking the password with John:
  3. 
    
                                john  enc
                        
                            
                            
  4. If using a wordlist, specify it using:
  5. 
    
                            john -w=/path/to/wordlist.txt enc
                    
                        
                        

Once the password was cracked, I was able to open the PDF, revealing an image containing a flag just below it:

Flag: flag{kramer_the_best_hacker_ever}

unk (forensics)

Here we were given a file called unk with no listed extension.

Solution

The first step was to identify the file type using the file command:

This revealed that the file was a ZIP archive. Knowing this, I proceeded to extract its contents:

Among the extracted files was an image named thumbnail.jpeg. Upon examining the image, I discovered the flag in plain site:

Flag: FLAG{old_macdonald_or_mcdonald_supplier?}

Lost Flash Drive (forensics)

For this challenge, "Lost Flash Drive," we were provided with a ZIP file. Upon extraction, we obtained a file named lost_flash_drive, which turned out to be a forensic image.

Solution

I used FTK Imager to analyze the forensic image. This allowed me to skim through its contents visually.

While skimming through the files, I discovered passwords.txt.zip. Extracting this revealed password.txt, which contained the flag:

Flag: flag{its_adventure_time_yee_boi!!!}

And that wrapped up my quick dive into the forensics challenges on OSINT CTF! See you at the next one and happy hakin9!