OSINT is short for Open-Source Intelligence. Whilst many open-source OSINT tools exist, often it's best to start with different search engines. For deeper analyses, the OSINT Framework is my go-to. For this part of the challenge, you just need a combination of Google, Bing, Yandex and DuckDuckGo. Most is solvable with Google only!
Information
The challenge is made up of relatively basic OSINT questions that can be solved using a couple of search engines. Some questions ask for the hash of a specific file, in this case, you will have to download the file.
My Recommendations
One of the best techniques to narrow search results is Google Dorking, this is a useful cheatsheet.
This section is relatively easy, and can be solved quickly. The OSINT Framework is a reliable and user-friendly tool to help you with OSINT.
I relied on Google for the majority of the challenge, but Bing was the only search engine to solve question 10. It’s best to have a couple of search engines open to maximize your reach.
Walkthrough
1. AWS is for Losers (50)
Who is the hosting provider for jameskainth.com?
Who.is is my go to to search for website information. Follow this link.
Answer: flag<namecheap>
2. Down the Rabbit Hole (50)
If you click the first link in the main text of any Wikipedia article and continue to do this, it will lead you to which Wikipedia Article?
Google Query: first link in text wikipedia
Results: First result, a Wikipedia article about this!
Answer: flag<Philosophy>
3. New Phone Who Dis (50)
You get a phone call from this number: 855-707-7328, they were previously known by another name?
Google Query: 855-707-7328
Results: 855-707-7328 – Time Warner – CallerCenter.com
Today, it’s known as Spectrum‘s Customer Service line, but some of the complaints mention Time Warner.
A quick visit to Wikipedia and we find that Charter Communications (Parent company) acquired Time Warner Cable in 2016. The phone line is actually Time Warner Cable’s old line, but it’s now associated with Spectrum.
Answer: flag<TimeWarnerCable>
4. OK Zoomers (50)
What is the Zoom meeting id of the British Prime Ministers Cabinet Meeting?
Google Query: British Prime Ministers Cabinet Meeting Zoom ID
Results: first article, the flag is in the first picture of the article.
Answer: flag<539-544-323>
5. The Job You Like At The Salary You Love (50)
What Percentage of full-time degree-seeking freshmen from the fall of 2018 re-enrolled to Champlain in the fall of 2019?
This is literally nonexistent in Champlain’s website.
Google Query: allintext: champlain college freshmen returning % 2019
Results: “U-CAN: Champlain College“.
U-CAN collects data about colleges and displays the data in a user-friendly way for potential applicants/parents.
Looking at the stats for Champlain:
Answer: flag<82.5>
6. Cyber Sleuthing (150)
Champlain College Has A Public Excel Sheet Listing Addresses Of Campus Locations Available on The Internet, what’s the SHA256 Hash of it?
Google Query: site:champlain.edu campus locations filetype:xls OR filetype:xlsx
Results: a physical_addresses.xls file and a Campus-Planning.xlsx file.
The question asks for a sheet, Campus-Planning is a workbook. To check the hash, download the physical_addresses.xls file:
cd Downloads
sha256sum *.xls
Answer: flag<c96ee03c4043c366c6f573bb1d194dec8f4c0c81150c60d310bc59d9e17a6906>
7. The Land Before Time (150)
In 1998 specifically February 12th, Champlain was planning on adding an exciting new building to its campus. Back then it was called “The Information Commons”, can you find a picture of what the inside would look like?
Upload the sha256 hash here
This is very loud for The Way Back Machine! It actually has a snapshot of “http://www.champlain.edu” on the 12th of February 1998. Clicking on the “Information Commons” tab, there is this picture, which when downloaded is named “inside1.jpg“:
Answer: flag<f4952b314eb15acf0eec79c954f83881c17d50d2b5922ee37e8fc5e5cd1aeac2>
8. Does Anyone Know Where Ohio Is? (200)
One of our favorite Cyber Security Faculty got a bachelor’s degree in arts from this ohioan university, who was the other faculty member who studied there?
format: flag<fname lname>
Google Query: site:champlain.edu/academics/ “ohio” “Bachelor”
Result: The only Cyber Security Faculty member found is Todd Schroeder, who has a B.A. from Ohio State University.
Answer: flag<todd schroeder>
9. Ichthyology 101 (200)
In 2019 UVM’s Ichthyology Class Had to Name their fish for class, can you find out what the last person on the public roster named their fish?
Google Query: Ichthyology uvm student fish name 2019
Results: WFB 232 Ichthyology.
On the left-hand side of the page, “Student fish names” contains an .xls file named “studentfishnames.xls”.
Downloading this file and opening with LibreOffice:
Answer: flag<saccopharyngiformes>
10. Yabba Dabba Doo! (200)
Can You Figure Out Which State This Picture Has Been Taken From? See attached photo
Warning, you only have 3 attempts
We are given a Jpg: UNADJUSTEDNONRAW_thumb_4859.jpg:
Used Google, Tiny Eye, Yandex and Bing reverse image. Bing is the only one that found some matches. It sends me to a Yelp page for “Dinosaur Land” in Virginia. aaaand someone made a review with the same picture (from another angle) of this dinosaur!
Answer: flag<Virginia>
