{"componentChunkName":"component---src-templates-post-template-js","path":"/ctf-xint-ctf-2022-en","result":{"data":{"markdownRemark":{"id":"5f1d0233-dd35-5de3-bb8f-daf4929de73c","html":"<blockquote>\n<p>This page has been machine-translated from the <a href=\"/ctf-xint-ctf-2022\">original page</a>.</p>\n</blockquote>\n<p>Continuing from <a href=\"https://kashiwaba-yuki.com/ctf-xintctf-2021\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">OSINT CTF: xINT CTF 2021 Writeup (AVTOKYO 2021)</a>, I joined xINT CTF 2022 again this year as part of team 0neP@dding.</p>\n<p>Unfortunately, we finished in 7th place overall.</p>\n<p>We were in first place early on, but we kept slipping down the rankings after that, which was frustrating.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/9cf14a06c452297a279a81f76cc2dde5/5a3c9/image-20221030121958945.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 81.25%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAAAsTAAALEwEAmpwYAAAB/ElEQVQ4y41T227bMAz1///WPmBPeyhQYM6Cwkti2brLsi5npGwHTdG1UcBYPqQOSR26q7WCV0oZ65qwpkeL6wqpFKZZIoRI2B5H+Pv4lDNxJHQHoXMOMUbk3ZFa4HaolopaC0qJFGPhnSRzkMFBaAltPQ6eO6H3vpHwQWxQWxUFSzEwQWEQPU4jmbjiPA64TSOC9gg+fk5YSmn7pQTIeMNfdcafywtOwytO1x69fMPVzQhLaImPs5V/HwlDWKDMhNP0gtfhF/rLb5znNwg7wmSH9K5sPsNW9idfybE6QujeElzwGC5UgbjAOItliS2JsQ6rD4jkX+ICrTWUVORfEFtMoHgDa23rsKv0t64RqeTt8gtnLk1Fxli9TESZBMolN7ykQu8ZJW/vue44E8a4YpaSRsOQKGtzMNbG4ngeY7K/Ry6ABFQ0Tjwdafe3seEx4bZmbaGNo71vbXxn3DITGmvbnjEm7VombXCbNUYyTeSenN5/ZVtSSZ1pOhvChvEc3ytkQrdnYcd3xnGKBLIsGu25yq1lukgtBNxIysVyz/6VcZX8ZEJu+UOFRGhmiPkngQOBqWVbyPlfI3+rkO6QxyXuFfI33SUiNEbgNv6gjD05EmX0z4tiPhFFEyhkwqzCUwo/Epq2fxBFEyhoDidlnxLkEIW/GuvcXUgu7h/efN3QnYpfHQAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/9cf14a06c452297a279a81f76cc2dde5/8ac56/image-20221030121958945.webp 240w,\n/static/9cf14a06c452297a279a81f76cc2dde5/d3be9/image-20221030121958945.webp 480w,\n/static/9cf14a06c452297a279a81f76cc2dde5/e46b2/image-20221030121958945.webp 960w,\n/static/9cf14a06c452297a279a81f76cc2dde5/e28de/image-20221030121958945.webp 1169w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/9cf14a06c452297a279a81f76cc2dde5/8ff5a/image-20221030121958945.png 240w,\n/static/9cf14a06c452297a279a81f76cc2dde5/e85cb/image-20221030121958945.png 480w,\n/static/9cf14a06c452297a279a81f76cc2dde5/d9199/image-20221030121958945.png 960w,\n/static/9cf14a06c452297a279a81f76cc2dde5/5a3c9/image-20221030121958945.png 1169w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/9cf14a06c452297a279a81f76cc2dde5/d9199/image-20221030121958945.png\"\n            alt=\"image-20221030121958945\"\n            title=\"image-20221030121958945\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Most of the problems are already covered in writeups by the teammates who participated with me, so here I will focus on the problems that I personally found interesting or learned something from.</p>\n<p>Reference: <a href=\"https://zenn.dev/valmet083/articles/4492deb5ab5690\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">【Open xINT CTF 2022】writeup</a></p>\n<!-- omit in toc -->\n<h2 id=\"table-of-contents\" style=\"position:relative;\"><a href=\"#table-of-contents\" aria-label=\"table of contents permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Table of Contents</h2>\n<ul>\n<li><a href=\"#bb\">BB</a></li>\n<li><a href=\"#alati\">Alati</a></li>\n<li><a href=\"#conclusion\">Conclusion</a></li>\n</ul>\n<h2 id=\"bb\" style=\"position:relative;\"><a href=\"#bb\" aria-label=\"bb permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>BB</h2>\n<p>This was a problem where I got completely stuck because I had no idea what “a domain related to cryptocurrency” was supposed to mean.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 500px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/65b8520a326573dbc07cb5c579771852/0b533/Screenshot%20from%202022-10-30%2006-13-37.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 85.83333333333334%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAARCAYAAADdRIy+AAAACXBIWXMAAAsTAAALEwEAmpwYAAACBElEQVQ4y6VTa2/iMBDk//+n+3ZqP4J6VJS0kAdQ8rKdkBeEJHO7m6aXBu5U6SyN7Hgn4531eqb0CTHBJLlAmQxKvjOB0v33wJuueY5UirI648fPZ8wgo0NRFMjzHNdrLTtV3aK4NPjO6Nqe57o7zLquQ13X0NogjGJkJNo0LXR2RpRWONd/RNu2vYOOkrhK3HGcXvDmxNFe01wRhiHZT8HbHJuChT8FB4ExxqJVWeDh4REv1ubmsHHmowzxVyIPtrNer7GxnYH4b8Gp1cHCQDqfKyyXS7xtbHRf3PScG8u84fsB3o9HgbfbY7VaYbF4wtp6hU2Z7fYHpKeTXJpSClEU0QFb4u5kzTNfpOu6lCEJsqXF0y84rocgCOEHgQi9kKDn7UhwT2RPDrZe3ySmTSKZcUkul8vtpQwtMB586mCraRqJD/a+lmpiOSYbcaxgjEEUx/CPPr0CI/a4P3lPUyxN0w/LsbQSlygky3U96cM9WdqSjcPhXWpjWZbUzfM82I4ns0tgm1VVfb6qLMtQliWa6aUwiVESmJjnBQoi8swvh39ikQu9qHu9em2akSAtlNbYU3bmw1aSMBKZ++9EwHFNXN5jm5yh0gl1QCbiLgtykblObJHJxvQ/3kcfO1ELsWBOWXMZBsGbxv7fwXcx29o29V5APebL/F0MfJ4ZfPvz+Ry/ARO4HFXbN+WcAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/65b8520a326573dbc07cb5c579771852/8ac56/Screenshot%20from%202022-10-30%2006-13-37.webp 240w,\n/static/65b8520a326573dbc07cb5c579771852/d3be9/Screenshot%20from%202022-10-30%2006-13-37.webp 480w,\n/static/65b8520a326573dbc07cb5c579771852/b0a15/Screenshot%20from%202022-10-30%2006-13-37.webp 500w\"\n              sizes=\"(max-width: 500px) 100vw, 500px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/65b8520a326573dbc07cb5c579771852/8ff5a/Screenshot%20from%202022-10-30%2006-13-37.png 240w,\n/static/65b8520a326573dbc07cb5c579771852/e85cb/Screenshot%20from%202022-10-30%2006-13-37.png 480w,\n/static/65b8520a326573dbc07cb5c579771852/0b533/Screenshot%20from%202022-10-30%2006-13-37.png 500w\"\n            sizes=\"(max-width: 500px) 100vw, 500px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/65b8520a326573dbc07cb5c579771852/0b533/Screenshot%20from%202022-10-30%2006-13-37.png\"\n            alt=\"Screenshot from 2022-10-30 06-13-37\"\n            title=\"Screenshot from 2022-10-30 06-13-37\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>After looking at writeups by others and similar references, it seemed that the mention of “Barbados” was the clue that let you focus on country-code top-level domains.</p>\n<p>Reference: <a href=\"https://ja.wikipedia.org/wiki/%E5%9B%BD%E5%88%A5%E3%82%B3%E3%83%BC%E3%83%89%E3%83%88%E3%83%83%E3%83%97%E3%83%AC%E3%83%99%E3%83%AB%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Country code top-level domain - Wikipedia</a></p>\n<p>The ccTLD for Barbados is <code class=\"language-text\">.bb</code>, and the problem title was also BB… So that was the hint.</p>\n<p>Sure enough, once I narrowed it down to <code class=\"language-text\">.bb</code> and searched with words like bitcoin and virtual coin, I could narrow the candidates down to roughly 10 domains at most.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 701px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/c047a7e7ac2db7431efa6416e82f7e72/49217/image-20221030125541304.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 113.33333333333333%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAXCAYAAAALHW+jAAAACXBIWXMAAAsTAAALEwEAmpwYAAADE0lEQVQ4y5VVibKjIBD0/39x9+XUqCAoeOGR9PZgfJvUvr2omhoEMsz0dJMkhIC2bdH3PcZxhIzH4/FPtswzpnmF72d0I+fLA8k4DvC+Qdd1MeD9fv/F1nX9Zb4sKySZida1HYZ+RJjvSHpG7gLQd7I4MGiAdy4Gl4OtbzFNc1yTSmZmJf6+3vE6Qhhjxoljuk03xZtCmGJAsdcMpTzJbF3Wt7VX29eTMPaxZO8dy255u8cwdMwk0CYeWqPtQ378Fc77SEzV4nKuoFQDa1pUmqZa5HmNsqihlYcxHS+ceOGC3409aFLXPQ4fCgV/fDyWSK8VTkeFw0EhTQ2u/D4eSnqN262K+Hnvn7ax4zXr2GUpU0pumnrzrkbbeThCIXtNY+HcNpcGCZ7LsjxtfQ8o3el6dnjo461CH7l1p0Rgt8VLkD+Nz5KN7liiiXa9GNyyGmfO07RBnjlcz4Jli6YOKPM+mqlGrvU8K3gPbNpLhsbUOJ0y4iM4as6vxKvANS3YGBXn50vG7xvO54x2286WFfc1G+beAwo1eil5FFIPLH3zYQroh02Omyy5TnjEJu6RLG/lfpbcUg1VZXmTha4MG+I2hdDuL/z6auyZvWGoVY/04pHfWnqHLHXkZUN8PE6HDb84P1piXKPIPT6+G1xONc/V3HNbwx7PkjuWUxkDa2vUdY28KIhlyWwraF0hyzKUSsWyhXc7E4SPLb2nF6k+fmI4P/HbsAlPjATDaZoinQS/v43PkkVuooCiEDMoS2ZqRYKO9PCUIzFW8rzx4RgWXrAw24U6v3/dlIKa/f4tJ3Y2yux00pSfxTl64ea2djkbXkhu3iwlqnneREH0fPLelCJy0lpH2emKvLLS6SZ6+d7XFM84ynJZ5vgKCSwbTNN7QMFwDEPEKh6kiRed/u6J+gq/fTdxtkPGkjRfG1M6KErPFMxkXvA/4xPDrh2o2QqN9SgyhTxVUKUlBI40aiKVnPfRZE1oIubcRh9Zf/1zS4QytrZRIeIlgCWejt/CxTwvooqMlUua+GOBQ54x8QLZ/hJJwB+swvLrI/hfbwAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/c047a7e7ac2db7431efa6416e82f7e72/8ac56/image-20221030125541304.webp 240w,\n/static/c047a7e7ac2db7431efa6416e82f7e72/d3be9/image-20221030125541304.webp 480w,\n/static/c047a7e7ac2db7431efa6416e82f7e72/e2a71/image-20221030125541304.webp 701w\"\n              sizes=\"(max-width: 701px) 100vw, 701px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/c047a7e7ac2db7431efa6416e82f7e72/8ff5a/image-20221030125541304.png 240w,\n/static/c047a7e7ac2db7431efa6416e82f7e72/e85cb/image-20221030125541304.png 480w,\n/static/c047a7e7ac2db7431efa6416e82f7e72/49217/image-20221030125541304.png 701w\"\n            sizes=\"(max-width: 701px) 100vw, 701px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/c047a7e7ac2db7431efa6416e82f7e72/49217/image-20221030125541304.png\"\n            alt=\"image-20221030125541304\"\n            title=\"image-20221030125541304\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>That made sense, but in the end this approach still did not let me identify information about domains that were no longer in use.</p>\n<p>As a next approach, I tried identifying the organization that manages <code class=\"language-text\">.bb</code> domains and seeing whether I could get any information from there.</p>\n<p>When I checked the IANA database, which manages domain information globally, I found the entry <code class=\"language-text\">URL for registration services: http://www.whois.telecoms.gov.bb/</code>.</p>\n<p>Reference: <a href=\"https://www.iana.org/domains/root/db/bb.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">.bb Domain Delegation Data</a></p>\n<p>However, even if I accessed <code class=\"language-text\">http://www.whois.telecoms.gov.bb/</code> directly, no useful information was displayed.</p>\n<p>So I ran a site search and found that the URL [https://whois.telecoms.gov.bb/] allowed partial-match whois searches.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 696px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/95b571b087c3c7ae2e56ca04fefa1d61/82158/image-20221030130655417.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 77.91666666666667%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAAAsTAAALEwEAmpwYAAACeUlEQVQ4y41U2W7bQAz0/39QXvoJfUuDIJGPOrasW5ZWx67u6ZCyDacPRQkQ5FLLa3agzdvHCw4vV/g/EwAz6qpB0zSoqW3bqu+cg8iyLN90HEf0/YCq6eGGNbbxf/3A+XUPjA2maUaWZcjzDCmt+GmasknNy+D36aazJksxZ1u0dQvbz5jnGZseqxRFjta621Stdh+GgbpambTv+9tUvd5xrtPccRox8o7I5hC1HLlDXVea6JyF6xy7TUweNCb+vZhMKLbrev0mssamdWVnpZtjISZOWFcbF54nriPrrf48L/hbpIm1VotLQZ3w7TXGflfg4z3FYZ/RxvDPDZLYIbhYTj4izzot/rcIZqLTzWrBz88PeFsP+/0OnufhcvHZ0XHqmnjWOkHbNojjGEmSoKlrGGMQ04/CkDE+Wt3oPS14uQSIohhBEEJ8a512u+O1YimYdbfVxgddJPaMrRZcFoJJ/onOi4w/Kl6ywTDMTJjxv6KPcvQCnHYRvrwQ/iFCcEwRHWtqg/OWqxFHawYUoUWVOlTEs0wcDHVZ8I3w68q/WeCUI/avyGOD8Jwh8jOec6RBgTTMkSclLsdE4xHj4gdfCblrHo/xKFhWBobaEHix16LAMA73JQjDpPYOybOO0/QodJ9y0/I1pZi8qLxs31ni1imp+27GQAwrMyie/8LuLpvdlvzbZRDrfabYUs+nklyssPMMuVnh/a3guSVNrHL0fGrUporjsm5wn/DsE8PoijDkH4f+F7EJgozELkijFMdjyG8ZYwnPwr2r3r/4EsuVk/PT2puaa5Zliao2KE2BSvDkj6CqKoVAYpIkZ2NKWGefl/32wmL/AI8O0w1eo7XvAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/95b571b087c3c7ae2e56ca04fefa1d61/8ac56/image-20221030130655417.webp 240w,\n/static/95b571b087c3c7ae2e56ca04fefa1d61/d3be9/image-20221030130655417.webp 480w,\n/static/95b571b087c3c7ae2e56ca04fefa1d61/038cb/image-20221030130655417.webp 696w\"\n              sizes=\"(max-width: 696px) 100vw, 696px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/95b571b087c3c7ae2e56ca04fefa1d61/8ff5a/image-20221030130655417.png 240w,\n/static/95b571b087c3c7ae2e56ca04fefa1d61/e85cb/image-20221030130655417.png 480w,\n/static/95b571b087c3c7ae2e56ca04fefa1d61/82158/image-20221030130655417.png 696w\"\n            sizes=\"(max-width: 696px) 100vw, 696px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/95b571b087c3c7ae2e56ca04fefa1d61/82158/image-20221030130655417.png\"\n            alt=\"image-20221030130655417\"\n            title=\"image-20221030130655417\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>By searching this site for terms like bitcoin, you could identify domains that were no longer in use and obtain the flag.</p>\n<h2 id=\"alati\" style=\"position:relative;\"><a href=\"#alati\" aria-label=\"alati permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Alati</h2>\n<p>This was a problem where I managed to identify the domain of the town, but got stuck when trying to obtain the M365 tenant name, so I could not get the flag.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 515px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/5dbda2b31f0b05d006530d42a3fcc526/fbdcb/Screenshot%20from%202022-10-30%2005-20-28.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 90.83333333333333%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAASCAYAAABb0P4QAAAACXBIWXMAAAsTAAALEwEAmpwYAAACH0lEQVQ4y61U2Y7aQBDkq/MJ+Yq8RyK/gJKwgYUggcJGBCQSMD5Yn1y+AIMrXWOCDIFVFO1IpTk8Xd1d3ePKu/d1tHs/UW8P8fB1hHprhIf2CF+4lvnT4/AueIc2n1tDfBtoePP2AyqmNcdrjY/1NiqzmYZcNr4fwLCeYTse9tkB3iqG4W4QJjscj0dkcnYLh8MRcZIowtZjk4Qztcnz/OypWOdcKLL9PhPDg1rz2zUOcs7RaJQIy5fLDkzLwvfBDzw99bFah38556AzjmbzDmGZeLvdwjRNWKI108OtCG8R3hs0GI/H0HXjxTtnQsPQRdwMnhQl3GzgeR78YIHVaiVRWSoyx3HhugVsx5G9g8lEw3q9wWKxgCs2JUIDaZpCk0ht21GEURyfirFXBdntdsrpTu0LpOlWpcpz2l8RJtANU8h8iWyt0jNMS7wv/6n/jqcqX2h43Tb5qUgv6UaiokezUoS6rlLwfV/pFoh+i+USS1lTV56z6amT63pKEmpJKf4QX1SZKYdhiMl0Cms+V32nixNr/qx0pQR0yPZJBZypaTn6i5RpzI9xnChxE0KeUpKk6kmxEMUzy84z+5FRFd8yVaCLCOnx12QqKRZpL5nyCWyLMoIgkHZZK7IoihFI4UKZz4SapqmU2F+sKlMk6T1Q241IxPSjKFJronjLDVRs236131en00GlVquh3++j2+2i1+v9F2g7GAxQrVbxG1ARV/ZlnHbmAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/5dbda2b31f0b05d006530d42a3fcc526/8ac56/Screenshot%20from%202022-10-30%2005-20-28.webp 240w,\n/static/5dbda2b31f0b05d006530d42a3fcc526/d3be9/Screenshot%20from%202022-10-30%2005-20-28.webp 480w,\n/static/5dbda2b31f0b05d006530d42a3fcc526/92849/Screenshot%20from%202022-10-30%2005-20-28.webp 515w\"\n              sizes=\"(max-width: 515px) 100vw, 515px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/5dbda2b31f0b05d006530d42a3fcc526/8ff5a/Screenshot%20from%202022-10-30%2005-20-28.png 240w,\n/static/5dbda2b31f0b05d006530d42a3fcc526/e85cb/Screenshot%20from%202022-10-30%2005-20-28.png 480w,\n/static/5dbda2b31f0b05d006530d42a3fcc526/fbdcb/Screenshot%20from%202022-10-30%2005-20-28.png 515w\"\n            sizes=\"(max-width: 515px) 100vw, 515px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/5dbda2b31f0b05d006530d42a3fcc526/fbdcb/Screenshot%20from%202022-10-30%2005-20-28.png\"\n            alt=\"Screenshot from 2022-10-30 05-20-28\"\n            title=\"Screenshot from 2022-10-30 05-20-28\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>To start with, I identified the domain of the town of Gorno-Altaysk.</p>\n<p>Since it seemed unlikely that the municipal site would support English, I searched using the Russian translation of “Gorno-Altaysk town” from Google Translate.</p>\n<p>As a result, the municipal page for Gorno-Altaysk showed up as the third hit, and I was able to determine that the domain of the town was <code class=\"language-text\">gornoaltaysk.ru</code>.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 706px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/9f5127131c3768e2019b383a0dcfd7d5/9f21b/image-20221030132344081.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 103.33333333333331%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAVCAYAAABG1c6oAAAACXBIWXMAAAsTAAALEwEAmpwYAAADf0lEQVQ4y5VUu64cRRDdv+Ir7ISEACOEgASZGCw5cG5AIrHABkuWE1tOnIAJuCAC3lhIBCDdveud2dl5P3verz2c6r7ruysDEi2VeqYfp6vqnKqFKksopbTleYF5nrHb7f7TZAzDQJug6hFl3aPtzb1FXZUoCdo0jZ6nadKgR8aDh/9ypu97DLSmrtGJ9WZvoZoZbddDFYV+teZmUzeoqhoF19q2o+c52qbld6sfPvKY3vb9oNdlLOKCr/BwzQV5VQDEuq7DOI08IhcZzoGHF6Gb8M0wa4uqLFBWzF+RM48FPav4AL1sJQUEb0Zt0zQ/B9iDddMOv2xKPLULOMVgPHTsGIGfY/0shO/liAJFKxGHDbK0R6kkHf054PEIqw5XPvkGr3z0Je6e/GEAt04Ma+3RXPh+BmcbwbICrFYevVZMRUVPFQpRAXOaJKmexYoswbX33sKbV1/Hvfu3DWCWp8gyuuwEDL3W4Vd1ydBLkqKQppkGiaJYW5plmixZl9T8+vN3+On7r3G6/NMARnHCC4re5ZxNDgWoI/MyMjIcJ4m2LMs1Kf82NCnzPGkWAdHfxFyNWj7jOOkDe93t2T0kReasbBCrDnV3TorvxQjDHFvmLo6EkJxkFPpwnnX0qmd4IqXpBY/yqsX1+z/itRt38dkXvxnA9SqEbcXY2AnDLsi2ABda4KJNmSUNInT5lhIVjcqI4xCvvv0GXr58CR98fMsAWpYF27ZIioMkTRBGIcE3cF0PfkAp+QE83+d3ANfz9bqQU/GxRpX4/NYNfHjzXfzw7WMDKPUrJq//n7HP5/Eaa1nq1Mgj1aGJkNOk5X/L8PrnrO7r9rDjyN69ky3e//QET/+yzitlFcFlDh3mzrNT+HbGf9o6w+YsQZm3GkAq5aLjGJZ78vTOzYd46cpV3HmyMoDSA5WSsCttImIRrXicxLHuNDot50KX6mk1KTsMdP72g0e4dP0JvvpdGcBGM1npCw3LbBh69J14NVKLO6aArYlNtK7Hf8xlTfkV7Fy72chq4W4zLE8DLZ3laQjPLeBtczKdYesorM5Y3+wm1jrnnmIjqRAGNc+wujw25HE46kKLIIhwdmazIbhYLm04G5FGyObgYLNh07BdPTuOj2drh+c8rK0tPF0Q7ANMWdcPF4AjX5hm9ju6PE4DK8I0WgndlOBg0nCwJrMp1xdl9DcuTDwgmZFJdwAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/9f5127131c3768e2019b383a0dcfd7d5/8ac56/image-20221030132344081.webp 240w,\n/static/9f5127131c3768e2019b383a0dcfd7d5/d3be9/image-20221030132344081.webp 480w,\n/static/9f5127131c3768e2019b383a0dcfd7d5/a2af0/image-20221030132344081.webp 706w\"\n              sizes=\"(max-width: 706px) 100vw, 706px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/9f5127131c3768e2019b383a0dcfd7d5/8ff5a/image-20221030132344081.png 240w,\n/static/9f5127131c3768e2019b383a0dcfd7d5/e85cb/image-20221030132344081.png 480w,\n/static/9f5127131c3768e2019b383a0dcfd7d5/9f21b/image-20221030132344081.png 706w\"\n            sizes=\"(max-width: 706px) 100vw, 706px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/9f5127131c3768e2019b383a0dcfd7d5/9f21b/image-20221030132344081.png\"\n            alt=\"image-20221030132344081\"\n            title=\"image-20221030132344081\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>I then poked around the domain information from there, but unfortunately I could not find anything that looked likely to lead to the tenant name.</p>\n<p>According to information from people who solved it, there is an <a href=\"https://aadinternals.com/osint/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">OSINT tool on AADInternals.com</a>, and it seems that if you search the domain there, you can retrieve the tenant name in one shot.</p>\n<p>I am not yet very familiar with OSINT tools and the like, so this made me feel that I need to keep gathering information proactively on a regular basis.</p>\n<h2 id=\"conclusion\" style=\"position:relative;\"><a href=\"#conclusion\" aria-label=\"conclusion permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Conclusion</h2>\n<p>I was disappointed that I still could not place this year, but I plan to keep improving.</p>","fields":{"slug":"/ctf-xint-ctf-2022-en","tagSlugs":["/tag/ctf-en/","/tag/osint-en/","/tag/english/"]},"frontmatter":{"date":"2022-10-31","description":"Writeup for xINT CTF 2022","tags":["CTF (en)","OSINT (en)","English"],"title":"OSINT CTF: xINT CTF 2022 Writeup (AVTOKYO 2022)","socialImage":{"publicURL":"/static/5029dc5541d81964ae5fa734e8bd4f4c/ctf-xint-ctf-2022.png"}}}},"pageContext":{"slug":"/ctf-xint-ctf-2022-en"}},"staticQueryHashes":["251939775","401334301","825871152"]}