TMUCTF 2021: Foreign Student

Reading time ~2 minutes

Fun OSINT challenge that I solved in the last hour of the CTF today. In contrast to many OSINT challenges in CTFs I’ve done lately where the flag consists of a bunch of sub fields that I spend a lot of time with wrong guesses, this challenge wanted just one thing. An email address. How hard could that be?

Foreign Student - OSINT - 397 points

This challenge reads:

The Foreign Student

Tarbiat Modares University has a foreign student. His name is Zedmondo. He has a 
very shady character. He always walks alone, eats alone, and never talks much. 
There are some rumors about him. Some people say he is a genius sociopath; 
some say he is just too self-involved. But one thing is obvious; he has a secret. 
Once, one of the students heard that he was talking about receiving some 
important documents via a private email. Maybe if we find his email, we can 
learn about his secret.

Note: The flag format is TMUCTF{emailaddress}.

(49 Solves)

So we’re starting with:

  • Tarbiat Modares University (TMU) student
  • Zedmondo is the person’s first name.

And we’re hunting for their private email address.

Firstly a bit of Googling leads us to this person’s LinkedIn profile:

Zedmondo LinkedIn

This doesn’t have much but a link to a GitHub profile: . Here we find 17 repositories including some created by Zedmondo themselves.

Zedmondo Github

I read through each and every one of the repositories created by Zedmondo himself, I skip over any repo they have forked from elsewhere. When I got to the secretkey repo I paused for a moment. Something about the README.mddescription drew my attention:

# secretkey
It is a public key. Not really a secret, right?!

Along with the is one file, a PGP Public key with a comment:

Version: Keybase OpenPGP v1.0.0

... cut ...

This comment made me double take. This is a PGP key that Zedmondo is using for keybase. If they wanted to use email privately they might leverage KeyBase’s service. I head over the the link which has the following helpful guide:

Keybase Howto

I follow it’s advice but take the key from GitHub:

$ curl | gpg --import
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  6139  100  6139    0     0   193k      0 --:--:-- --:--:-- --:--:--  193k
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 586DD615EB0B6528: public key "Zedmondo Zaberini (Nothing to say...) <>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Which was the right step because was the email we we’re chasing and the flag was: TMUCTF{}

Nice fun challenge and glad I solved it with limited time left.

DeadFace CTF: Lytton Labs Cryptoware 1

Another great CTF this week with a lot of variety of challenges and very helpful admins. For the second week in a row I'm writing about a...… Continue reading

DigitalOverdose: Time

Published on October 10, 2021

TamilCTF: Ransomware

Published on September 28, 2021