.: DESCRIPTION :.
One of the developers of devs-r-us.xyz has been a little sketchy lately. We have received reports that they may be selling data to competitors. We just haven't found out how!
-=[Oryx - AUCTF 2020]=-
Here the website:
We only have the names of the two developpers. If we download the boat picture above, named mcafee.png, and examine the exifs :
1$ exiftool mcafee.png 2 3ExifTool Version Number : 10.80 4File Name : mcafee.png 5Directory : . 6File Size : 2.5 MB 7File Modification Date/Time : 2020:04:05 21:21:54+02:00 8File Access Date/Time : 2020:04:06 19:21:52+02:00 9File Inode Change Date/Time : 2020:04:06 19:21:52+02:00 10File Permissions : rwxrwxrwx 11File Type : PNG 12File Type Extension : png 13MIME Type : image/png 14Image Width : 1920 15Image Height : 1080 16Bit Depth : 8 17Color Type : RGB 18Compression : Deflate/Inflate 19Filter : Adaptive 20Interlace : Noninterlaced 21XMP Toolkit : Image::ExifTool 11.91 22Description : https://discord.gg/pMzcE45 DM me if you want more info 23Image Size : 1920x1080 24Megapixels : 2.1
The discord link in the description field lead us to the AUCTF Discord. On the Discord we found an user called Jorge G, similar to Jorge Greenwood on the website.
We start a conversation with him : (did that with my friend Deilyora)
1Deilyora : Hello, I saw your message in mcafee.png and I've heard you are selling 2 some interesting data. Could you elaborate on what the data is ? 3 4Jorge : can't say what the data is but if you can find a way for me to trust you, 5 I may be able to share it
oh ok… the question is How can we be trusted ? Let’s try social engineering !
1Deilyora : Don't you remember me ? I worked with you on the developement of Myworld.com. 2 I'm now working for a big developement company and I think 3 the informations devs-r-us have could be interesting for us. 4 I'm willing to pay good money if the informations are good. 5 6Jorge : Hi there Deilyora. Sorry it's protocol. I'm looking for a specific message. 7 Long time no see.
He’s talking about protocol. We probably missed something. Let’s go back to the website. When we inspected the source code of the page nothing seemed interesting. But when we click on Contact-us, an event is triggered and a comment in the code appears.
With some researchs we found that: source: https://en.wikipedia.org/wiki/MaddAddam MaddAddam is a novel by Canadian writer Margaret Atwood, published on 29 August 2013. We were like ok. Let’s ask him. We have nothing more.
1Deilyora : Then, Who is MaddAddam? 2 3Jorge : just what I was looking for Please do not share the following link. 4It would be considered cheating and will result in removal understood? 5 6Deilyora : yes 7Jorge: cool :) 8Jorge: discord.gg/xxxxxxx
We are invited to a private Discord discord.gg/xxxxxxx
Here a flash code with the link to the flag.
.: FLAG :.