{"id":47,"date":"2021-11-17T05:45:31","date_gmt":"2021-11-17T05:45:31","guid":{"rendered":"https:\/\/blogs.oregonstate.edu\/paul\/?p=47"},"modified":"2021-11-17T06:14:11","modified_gmt":"2021-11-17T06:14:11","slug":"writeup-target-practice","status":"publish","type":"post","link":"https:\/\/blogs.oregonstate.edu\/paul\/2021\/11\/17\/writeup-target-practice\/","title":{"rendered":"Writeup: Target Practice"},"content":{"rendered":"\n<p>This was my first time getting first blood with my team, so I&#8217;m excited to write it up. OSINT challenges have a lot of collaboration opportunities, and our first blood was due to some good teamwork.<\/p>\n\n\n\n<p>Challenge Description: Can you help me find the full name of the person behind the alias &#8220;anonhunter26&#8221;? This link might be helpful: <a rel=\"noreferrer noopener\" href=\"https:\/\/osintframework.com\/\" target=\"_blank\">https:\/\/osintframework.com\/<\/a> Submit flag as osu{firstname_lastname}<\/p>\n\n\n\n<p>Looks like we&#8217;ve got to track someone down given their username. Before doing anything, I checked <a href=\"https:\/\/twitter.com\/anonhunter26\" data-type=\"URL\" data-id=\"https:\/\/twitter.com\/anonhunter26\">for a twitter account<\/a>. The bio states that our target is a &#8220;Senior software developer at a small startup.&#8221; Looks like finding the company might be our secondary goal. Scrolling through the rest of the account, we see reference to a &#8220;coworker and good friend&#8221; whose handle is <a href=\"https:\/\/twitter.com\/hatebav2ropc\">@hatebav2ropc<\/a>. Neither of these accounts follow or are followed by anyone, and their likes are relevant to infosec but not helpful in identification.<\/p>\n\n\n\n<p>Looks like &#8220;hatebav2ropc&#8221; might give us a clue, though, so let&#8217;s gather some information. <a href=\"https:\/\/whatsmyname.app\/\">https:\/\/whatsmyname.app\/<\/a> shows that hatebav2ropc <a href=\"https:\/\/github.com\/hatebav2ropc\">exists on GitHub<\/a>. There is only one repository, with two commits. Clicking on a commit and adding &#8220;.patch&#8221; to the URL gives patch information.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>From b8e908c74c182c73d840192cd89d3f27b5177641 Mon Sep 17 00:00:00 2001\nFrom: Anonymous &lt;<strong>anonymousfreak32@gmail.com<\/strong>&gt;\nDate: Fri, 24 Sep 2021 23:57:15 -0700\nSubject: &#091;PATCH] Fixed line formatting\n<\/code><\/pre>\n\n\n\n<p>We&#8217;ve got an email! Looking at it with <a href=\"https:\/\/tools.epieos.com\/email.php\">https:\/\/tools.epieos.com\/email.php<\/a> shows that the account belongs to someone named Gabriel Cortney. <\/p>\n\n\n\n<p>Using Twitter search for &#8220;Gabriel Cortney&#8221; reveals a <a href=\"https:\/\/twitter.com\/gabriel_cortney\">more professional Twitter account<\/a>, whose bio states that Cortney is a &#8220;Lead security analyst for <a href=\"https:\/\/twitter.com\/opticalsocial\">@opticalsocial<\/a>.&#8221; The company&#8217;s Twitter account is followed only by Cortney and a man claiming to be the CEO. We&#8217;re looking for a senior software developer, so we might take our new information back to Github.<\/p>\n\n\n\n<p>Searching for &#8220;opticalsocial&#8221; on Github gives us one user in the results: <a href=\"https:\/\/github.com\/Oswald-Denman\">Oswald Denman<\/a>, a senior software developer.<\/p>\n\n\n\n<p>Submitting the flag <code>osu{Oswald_Denman} <\/code>is a success!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This was my first time getting first blood with my team, so I&#8217;m excited to write it up. OSINT challenges have a lot of collaboration opportunities, and our first blood was due to some good teamwork. Challenge Description: Can you help me find the full name of the person behind the alias &#8220;anonhunter26&#8221;? This link &hellip; <a href=\"https:\/\/blogs.oregonstate.edu\/paul\/2021\/11\/17\/writeup-target-practice\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Writeup: Target Practice<\/span><\/a><\/p>\n","protected":false},"author":11809,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-47","post","type-post","status-publish","format-standard","hentry","category-writeups"],"_links":{"self":[{"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/posts\/47","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/users\/11809"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/comments?post=47"}],"version-history":[{"count":3,"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/posts\/47\/revisions"}],"predecessor-version":[{"id":50,"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/posts\/47\/revisions\/50"}],"wp:attachment":[{"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/media?parent=47"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/categories?post=47"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/paul\/wp-json\/wp\/v2\/tags?post=47"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}