Pwn The Scam 5 - Forget me and leak me not

Aperi'CTF 2019 - OSINT (250 pts).

Aperi’CTF 2019 - Pwn The Scam 5 - Forget me and leak me not

Challenge details

Event Challenge Category Points Solves
Aperi’CTF 2019 Pwn The Scam 5 - Forget me and leak me not OSINT 250 3

Un site de scam Bitcoin a été découvert sur TOR. Vous avez été missionné pour en prendre le contrôle.

Pwn The Scam est un challenge d’OSINT, il n’y a pas de vulnerabilité web à exploiter! Format de flag : APRK{flag}.

Récoltez des informations sur le scammeur afin de vous introduire sur le site de scam.

TL;DR

Twitter password reset, twitter screenshot about facebook, facebook password reset, email guessing, pastebin leak, log on admin pannel on TOR.

Methodology

Get user email

Now we have a link thanks to Wayback Machine : “By 751” ( https://twitter.com/bytet0r ).

twitter.jpeg


Let’s try to reset the password to get a partial mail:

twitterreset.jpeg


We get the partial mail: t0********@g****.***.
We also have a screenshot:

fbscreen.jpeg


We can recognize the domain nothing-here.com and a Facebook account in the background: “Tor Byte”. A quick search led us to https://www.facebook.com/tor.byte.

The account has no real information, no pictures, no post, no friends… Let’s reset his password to complete our partial mail ! For this, go to forgot password, enter tor.byte in input field and submit (it correspond to the username in URL).

fbreset.jpeg


We can guess the email t0rbyte751@gmail.com. To verify, let’s reset the facebook password with this email. The email is correct since we got a validation page.

Get user password

Now that we have the email, let’s search for password leaks. Usually leaks may appear in big databases or in website like pastebin. A quick search on google with this email gave us only one link: https://pastebin.com/pAe5JgcQ.

pastebin.jpeg


We got a password for the mail account: Z>ZYc-4[^JG3k6br. After few try on Google, Facebook, Twitter, the password doesn’t seem to work… But what about TOR service ? If you go back to http://ylsspycahtqrv3u2.onion/free-btc/admin and put the password Z>ZYc-4[^JG3k6br.

flag.jpeg


Flag

APRK{P4stB1n_F0r_tH3_w1N}

Challenge by DrStache , WriteUp by Zeecka