challenge info  
Name: CyberEvilCorp
Category: OSINT
Difficulty: Easy
Points: 50
Link: CyberHackathon



Hi agent, welcome to the cyberevilcorp. We have recovered this picture of one of the agents of cyberevilcorp. They call him Seeker. Hunt him down and uncover their next move.


we are given the following image



The only thing that looks interesting is the text in background so i extracted it but didn’t find any leads.



Next, I looked at metadata of the image and found a username @evilseeker


└─$ exiftool seeker.jpg
File Name                       : seeker.jpg
XP Title                        : Seeker
XP Comment                      : @evilseeker
XP Author                       : cyberevilcorp
XP Keywords                     : hacking
XP Subject                      : Hardware


I attempted a manual search for the username on various search engines but found nothing. Then, I utilized a tool called Sharlock to locate the social account.


└─$ python /opt/sherlock/sherlock/ evilseeker -b # Used -b to open every link in default browser
[*] Checking username evilseeker on:

[+] AllMyLinks:
[+] Asciinema:
[+] AskFM:
[+] Blogger:
[+] Duolingo:
[+] Fiverr:
[+] Flipboard:
[+] G2G:
[+] GaiaOnline:
[+] Gamespot:
[+] Kongregate:
[+] Lolchess:
[+] Reddit:
[+] Roblox:
[+] Smule:
[+] Snapchat:
[+] Telegram:
[+] TikTok:
[+] Twitch:
[+] Twitter:
[+] Virgool:
[+] Whonix Forum:
[+] YandexMusic:
[+] interpals:
[+] metacritic:

[*] Search completed with 25 results


Found the intended user on Aciinema.




└─$ python3                                                     
Secret server started! Waiting for connections...                               
Hey Seeker!!!                                                                   
There is a disaster!!!                                                           
Our C2 password has been leaked publicly on      
Delete it ASAP


Opening the message we are directed to another page but that page doesn’t exist. so we have to use to view a past version of the page




Looking at the snapshot from Sept 26 we got the flag


└─$ python3                                                     
Secret server started! Waiting for connections...                               
Greetings Seeker,                                                               
Good news, we have got a new foothold at the cybergoodcorp infrastructure       
You may access our C2 server using the following password:                      


  flag   flag{Wh4t_a_H4rdP@55}