This page has been machine-translated from the original page.
Continuing from OSINT CTF: xINT CTF 2021 Writeup (AVTOKYO 2021), I joined xINT CTF 2022 again this year as part of team 0neP@dding.
Unfortunately, we finished in 7th place overall.
We were in first place early on, but we kept slipping down the rankings after that, which was frustrating.
Most of the problems are already covered in writeups by the teammates who participated with me, so here I will focus on the problems that I personally found interesting or learned something from.
Reference: 【Open xINT CTF 2022】writeup
Table of Contents
BB
This was a problem where I got completely stuck because I had no idea what “a domain related to cryptocurrency” was supposed to mean.
After looking at writeups by others and similar references, it seemed that the mention of “Barbados” was the clue that let you focus on country-code top-level domains.
Reference: Country code top-level domain - Wikipedia
The ccTLD for Barbados is .bb, and the problem title was also BB… So that was the hint.
Sure enough, once I narrowed it down to .bb and searched with words like bitcoin and virtual coin, I could narrow the candidates down to roughly 10 domains at most.
That made sense, but in the end this approach still did not let me identify information about domains that were no longer in use.
As a next approach, I tried identifying the organization that manages .bb domains and seeing whether I could get any information from there.
When I checked the IANA database, which manages domain information globally, I found the entry URL for registration services: http://www.whois.telecoms.gov.bb/.
Reference: .bb Domain Delegation Data
However, even if I accessed http://www.whois.telecoms.gov.bb/ directly, no useful information was displayed.
So I ran a site search and found that the URL [https://whois.telecoms.gov.bb/] allowed partial-match whois searches.
By searching this site for terms like bitcoin, you could identify domains that were no longer in use and obtain the flag.
Alati
This was a problem where I managed to identify the domain of the town, but got stuck when trying to obtain the M365 tenant name, so I could not get the flag.
To start with, I identified the domain of the town of Gorno-Altaysk.
Since it seemed unlikely that the municipal site would support English, I searched using the Russian translation of “Gorno-Altaysk town” from Google Translate.
As a result, the municipal page for Gorno-Altaysk showed up as the third hit, and I was able to determine that the domain of the town was gornoaltaysk.ru.
I then poked around the domain information from there, but unfortunately I could not find anything that looked likely to lead to the tenant name.
According to information from people who solved it, there is an OSINT tool on AADInternals.com, and it seems that if you search the domain there, you can retrieve the tenant name in one shot.
I am not yet very familiar with OSINT tools and the like, so this made me feel that I need to keep gathering information proactively on a regular basis.
Conclusion
I was disappointed that I still could not place this year, but I plan to keep improving.