keyboard_arrow_up

title: Writeup HeroCTF 2021 - Good french charcuterie
date: Apr 26, 2021
tags: DamCTF Writeups OSINT Cheatsheet Volatility3 Forensic ShieldsCTF Prog HeroCTF MidnightFlag


HeroCTF - Good french charcuterie

One of our agents has turned over his coat: this puts us in a very delicate situation. Try to compromise her account to find out who she is working for. Use your OSINT and social engineering skills to complete this mission successfully.

Name : Adèle Morte

So, by reading this I know that I've got to find her social media password in order to find out who she is working for. I started a quick google search for Adele Morte and found a Linkedin account.

adele morte linkedin

On this Linkedin profile I found one activty where she is answering one tweet of her friend Marine.

adele morte linkedin

So I went on twitter to search that tweet and see if some informations where available :

MORTadelle (from:Harcesis) until:2009-06-03 since:2009-06-01

harcesis tweet

I checked the likes on the tweet and found one from @AdeleMorte1, on her account I found her contact email in one of her tweets :

adele morte tweet

So I decided to create a phising page to get her password, for that I used blackeye :

blackeye

phishing twitter

The url is quite obvious, but I wanted to do that quickly for the first blood. I had a better backup solution, in case this one wasn't working : send a spoofed email with a spoofed link for the phishing page and explain that she won a giveaway on Twitter. Quick redaction of the email with a good story (that's false but the exclamations mark in the title are important xD), I sent it and waited to see if Adele answered my email :

adele morte mail

Now lets check our phishing page if we received something :

adele morte flag

Here we are, we've got the flag and that's a first blood for me :fire: !

Hero{FR3NCH_M0R74D3LL35}