{
"$type": "site.standard.document",
"canonicalUrl": "https:/finxol.eu/posts/writeup-404ctf-osint-aube-d-un-echange",
"description": "Write-up for the OSINT challenge \"À l'aube d'un échange\" @ 404CTF 2022",
"path": "/posts/writeup-404ctf-osint-aube-d-un-echange",
"publishedAt": "2022-06-08T00:00:00.000Z",
"site": "at://did:plc:hpmpe3pzpdtxbmvhlwrevhju/site.standard.publication/3mndozltfas27",
"tags": [
"writeup",
"404ctf"
],
"textContent": "404CTF\n\nThe 404CTF is a CTF organized by the Direction Générale de la Sécurité Extérieure (DGSE), Télécom SudParis and\nits association Hackademint.\nThis 2022 edition marked the double anniversary of \"the 80th anniversary of the BCRA, the secret service of the Free France and\nthe 40th anniversary of its heir, the DGSE\".\n\nDescription\n\n_This is a translation of the original description in French._\n\nNew recruit! We need you around here.\nOne of our agents has just intercepted a short telephone conversation between two Hallebarde agents.\nAn important exchange of confidential documents is to take place and to indicate the location of the meeting,\none of the enemy agents has sent the following picture to his colleague with the following message:\n\n<blockquote\n style=\"border-left: 4px solid #e0e0e0; padding: 0 0 0 1rem;border-radius: 0.1rem; margin: 1rem 2rem;line-height: 1.5rem\"\n>\n What a beautiful sunrise, isn't it? I'll be waiting in the street between the building in the foreground and those in the background.\n See you tonight, 10pm.\n</blockquote>\n\nWe have less than a day to find out the name of the street and prevent the exchange!\n\nFlag format: 404CTF{md5 of the full street name}.<br>\nThe street name must be in lower case, include the type of street (e.g. avenue, street, boulevard...),\nwithout accents, without abbreviations, and all spaces must be replaced by dashes.\nFor example: if the street is Avenue de Saint-Mandé in Paris, the correct flag is 404CTF{129af9edde5659143536427f9a5f659a}.\n\nAuthor : Artamis\n\nSolution\n\nBefore starting this OSINT investigation, lets analyse the image provided.\n\nWe can immediately check that there is no useful exif data.\nAccording to the instructions, it is a rising sun, so we can assume that the picture was taken facing east.\nThree prominent buildings can also be clearly seen in the background.\n\nBefore going further, we will assume that this is a French city and look for a list of the tallest buildings in France.\n\nWe then come across the Wikipedia page on France's tallest skyscrapers.\nLooking at the images associated with the towers, we notice that the third one looks remarkably similar to the one in our photo.\n\nBy simply reading the Wikipedia description of the Tour Incity, we find a link to the Part-Dieu district page.\nFortunately for us, the viewpoint of the description image is very similar to the one of our photo.\nThe description also states that this photo was taken \"from Fourvière\".\n\nWe can now start to search with Google Earth for places around Fourvière or further west,\nprobably higher than the rest of the city.\nWe can then see that the Fourvière district is located on a hill.\n\nExploring the surroundings, we soon find a building on the East side of the hill which looks like the one in the background of our photo.\n\nThe street below this building is called the _Montée Saint Barthélémy_.\nWe can then format and hash this street name with echo -n \"montee-saint-barthelemy\" | md5sum,\nwhich gives us the flag 404CTF{eb66c65861da9fe667f26667b3427d2c}.",
"title": "404CTF Write-Up À l'aube d'un échange"
}