/nascon-ctf-infoleak

Official write-up for a challenge in NasCon CTF '23

InfoLeak

Official write-up for a challenge in NasCon CTF '23

Challenge

Name
InfoLeak

Description
This guy freelanced for our company and disclosed one of our top-secret RSA encoding schemes somewhere in the wild. The only thing we know about him is his Instagram ID: @dingavinga. We need the exact link to where he posted the confidential scheme. (Format: https://{URL})

Hint
Repositories aren't the only place you can store code.
- Github Admin

Solve

Since this is an OSINT challenge, we can take just about any route to this challenge. However, we will be covering 2 of those.

Identifying the Problem

We know with the problem statement that we need to find a piece of code since a whole "encoding scheme" was leaked. We also know the Instagram ID: dingavinga

Recon

The first step we take is visting the target's Instagram profile.
image
To our surprise, the profile is private and there is probably no way of accessing his posts. However, we stumble upon the name of the target- Abdullah.

Route 1 (The know-it-all route)

Knowing that a piece of code was leaked, our best bet is GitHub. We search for dingavinga...
image
We notice the name and this is definitely not "Abdullah"'s profile. Maybe the username @dingavinga was taken at the time the target created his profile? We try and search for GitHub profiles keeping the keyword "dingavinga" in mind.
image
Woah! There's another profile with the username dingavinga1. We go ahead and open up this profile and... (skip route 2 to avoid suspense)

Route 2 (Noob)

We go ahead and search for "dingavinga abdullah" on Google and get the following results.
image
Out of LinkedIn, SoundCloud and GitHub, which platform is perfect for leaking code? You guessed it- Github. We go ahead and click it and...

Finding the flag

image
We've found our guy! Now all we have to do is search for rsa in his repositories. Unfortunately, we get "no results returned" :(
image
Just as we're about to lose all hope, a hint is uploaded (given above). The statement tries to derail us from our GitHub path. However, the last line says "Github Admin" which hints at the code being hidden on Github but not in a repository. As cyber-security professionals, we go to our best-friend ChatGPT and ask the question, "Where can you put code on Github while not using a repository?"
image
GitHub Gist? What the f**k is that? Anyway, we go ahead and look for Gists by dingavinga1 and we see a familiar word.
image
Yes!!! We're looking for an RSA scheme. This is an RSA scheme. The flag is the URL of the leaked code, so we copy the link https://gist.github.com/dingavinga1/a8b1b48dcd63bfb85f31c2e04037429e and to our surprise, it works!

Conclusion

All hints are not rabbit holes.