TMUCTF 2021: Foreign Student

Reading time ~2 minutes

Fun OSINT challenge that I solved in the last hour of the CTF today. In contrast to many OSINT challenges in CTFs I’ve done lately where the flag consists of a bunch of sub fields that I spend a lot of time with wrong guesses, this challenge wanted just one thing. An email address. How hard could that be?

Foreign Student - OSINT - 397 points

This challenge reads:

The Foreign Student

Tarbiat Modares University has a foreign student. His name is Zedmondo. He has a 
very shady character. He always walks alone, eats alone, and never talks much. 
There are some rumors about him. Some people say he is a genius sociopath; 
some say he is just too self-involved. But one thing is obvious; he has a secret. 
Once, one of the students heard that he was talking about receiving some 
important documents via a private email. Maybe if we find his email, we can 
learn about his secret.

Note: The flag format is TMUCTF{emailaddress}.

(49 Solves)

So we’re starting with:

  • Tarbiat Modares University (TMU) student
  • Zedmondo is the person’s first name.

And we’re hunting for their private email address.

Firstly a bit of Googling leads us to this person’s LinkedIn profile:

Zedmondo LinkedIn

This doesn’t have much but a link to a GitHub profile: . Here we find 17 repositories including some created by Zedmondo themselves.

Zedmondo Github

I read through each and every one of the repositories created by Zedmondo himself, I skip over any repo they have forked from elsewhere. When I got to the secretkey repo I paused for a moment. Something about the README.mddescription drew my attention:

# secretkey
It is a public key. Not really a secret, right?!

Along with the is one file, a PGP Public key with a comment:

Version: Keybase OpenPGP v1.0.0

... cut ...

This comment made me double take. This is a PGP key that Zedmondo is using for keybase. If they wanted to use email privately they might leverage KeyBase’s service. I head over the the link which has the following helpful guide:

Keybase Howto

I follow it’s advice but take the key from GitHub:

$ curl | gpg --import
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  6139  100  6139    0     0   193k      0 --:--:-- --:--:-- --:--:--  193k
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 586DD615EB0B6528: public key "Zedmondo Zaberini (Nothing to say...) <>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Which was the right step because was the email we we’re chasing and the flag was: TMUCTF{}

Nice fun challenge and glad I solved it with limited time left.

niteCTF - CBC-Jail

A unique combination of Python jailbreak and crypto flaw that had me learning a lot about AES-CBC mode. Super fun for me to get this solu...… Continue reading

niteCTF - Rabin to the Rescue

Published on December 12, 2021

HTB CyberSanta 2021 - Crypto Writeups

Published on December 04, 2021