{
"$type": "site.standard.document",
"canonicalUrl": "https:/finxol.eu/posts/writeup-midnightflag-osint-will-the-big-wheel",
"description": "Write-up for the OSINT challenge \"Will the big wheel\" @ 404CTF 2022",
"path": "/posts/writeup-midnightflag-osint-will-the-big-wheel",
"publishedAt": "2022-04-24T00:00:00.000Z",
"site": "at://did:plc:hpmpe3pzpdtxbmvhlwrevhju/site.standard.publication/3mndozltfas27",
"tags": [
"writeup",
"MidnightFlagCTF"
],
"textContent": "404CTF\n\nThe MidnightFlag CTF is a CTF organised by students from ESNA\n\nDescription\n\nOur intelligence services have just received a message from one of our agents in the USSR and according to the first elements,\nwe must quickly find him to exfiltrate him.\nYour mission is to decode his message and return the extraction location to us.\n\nAuthor: A0d3n\n\nSolution\n\nFirst of all, let's check the metadata from the image we were given.\nWith a simple exiftool MessageRecover.png, we get the following information _(some information was removed for clarity)_ :\n\nOne line that catches our eye is the \"User Comment\".\nThis looks like it could be some base64-encoded text.\nLet's try to decode it with\n\nAnd we get\n\nThese look like coordinates.\nThe first one seems to be in the north of Ukraine, and the other ones are close by.\n\nThe decoded message also says \"I will wait you at the center\".\nWe can assume from this sentence that the agent will be waiting at center of these three coordinates.\n\nWith a quick search about averaging GPS coordinates, we land a javascript programme on Github Gist.\nWe can then tweak an example case to match our coordinates, and we get a result!\n\nBy plotting these coordinates on a map, we land near the amusement park\nwhere the wheel in the picture can be found.\n\nWe then look at the nearest point of interest, and we find Чорнобиль, which means Tchernobyl.\n\nWe then format the word with echo -n \"Чорнобиль\" | md5sum and get the flag MCTF{3687016d7a89edc046069933f208e8c8}.",
"title": "MidnightFlag CTF Write-Up Will the big wheel"
}