Instagram & Twitter OSINT - DownUnderCTF

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone my name is john hammond welcome back from the youtube video we're looking at some down under ctf which was a capture the flag competition that was going on this past weekend and it's been a little while since i've showcased some ctf stuff so i want to get back on the saddle let's not waste any more time we'll hop on over to my screen here so to get started i want to showcase some of the ocean or open source intelligence challenges um i'm kind of going to go a little bit backwards i want to showcase that second challenge first and then kind of go back to welcome to petstogram so here we go this challenge is called badman it said we've recently received reports about a hacker who goes by the alias undermater okay in leadspeak cool he's been threatening innocent people for money and must be stopped help us find him and get us the flag roger dodger so since this is an open source intelligence challenge i'm assuming i'm going to be googling i'm assuming i'm going to be doing an internet scavenger hunt which might not always be the most logical thing to do uh but it's probably going to be looking at some social media probably finding some online websites so let's hop over to our good friend uncle google and let's simply look for undermater nice okay so we could try regular social media things we could check him out on twitter but it's look like there's nothing going to be returned from google that doesn't exactly help us whatsoever uh so in that case we could just go back and use like going to twitter.com and then supplying the username that we can assume that is going to be his alias maybe he has some accounts on social media pages uh twitter linkedin facebook etc so if i specify my url twitter.com undermater with the leadspeak characters let's go to that page and see if we get anything okay and it looks like we found someone or something or some account let me zoom in on this a little bit it looks like we have utter major with the spooky scary hackerman profile picture nice uh 16 following 16 followers joined july 2020 so recent oh retweeted tweets from down under ctf okay so looks like we are probably on the right track oh dc cybersec had done a really cool video to hype it up awesome shout out to you dc cybersec if you guys like cyber security videos like mine or others support other content creators and go check him out he does really great stuff the very first down under ctf will be held on 18 september what other tweets do we have i am not a bot okay whew that was close i put out a tweet that contained personal information welp i'm glad we have a delete button uh interesting i wonder if we could like maybe retrieve old deleted tweets i don't know if that's a thing since when is vp colonqueue.js not a strong password shaking my head um i thought that was kind of peculiar uh originally because i look at this and i see kind of that colon syntax sometimes you see like a username colon password um i thought like oh is this like base64 and i just copied this and would try and just throw it in a little terminal over here you could just simply echo that into a base64 d decode but that's nothing so okay maybe that's a password maybe that's his password maybe we could log in with his account maybe that's a thing twitter i'm pretty sure probably has two-factor authentication though people say i'm a skid to which i say here's your address oh oh what's that what's that like neil de crazy tyson meme where he's like oh we got a badass over here why are the cases rising up again okay what do we particularly do here we have maybe a password and we have this notion okay uh put out a tweet that contained personal information glad we have a delete button so we deleted some tweets i went down a rabbit hole to be like oh let's recover deleted tweets and you could probably see i don't know if i have any recent searches in here but you i would just google like uh is this a thing that i can do can i actually recover deleted tweets if you like search for their account um i didn't end up dealing with this honestly i read about this a little bit and tried like oh if you search for that user in like maybe the advanced search or something you could do maybe some magic uh regardless uh i realized like okay if he put out a tweet that contained personal information i'm glad we have a delete button sometime in the past i thought well maybe we're doing some uh wayback machine action or maybe there was a snapshot of his account at some point previously and maybe there's a record of what that tweet would have been uh so if you haven't heard of the wayback machine it's kind of a cool archiving website where you will be able to particularly look at websites or different web pages on the internet at a certain specific particular point in time i think we actually showcased a challenge on this at one point called like timekeeper i don't know if that was nom con or i don't know if that was a verse that conor was one of the ctfs we were doing by the way besides boston ctf september 26th you guys should come play uh so if you go to archive.org web you've got the internet archive or the wayback machine here so you could simply supply a link or url that you want to see are there any history are there any snapshots are there any records of this at a previous time in the past and searching for this page in particular looks like we have some entries here i see september 19th and i see july 23rd um let's start with this guy and see what that looks like so click on that get the date peculiar and the you can see in the url or the address bar now it's at a particular time it says good job here is your flag oh okay awesome looks like that was all that we needed to do so can i click on that and go to it yeah so when i was doing this in real time uh originally when i had was playing the ctf i didn't see this september 19th one um probably because i was playing on like september 18th and what is today like the 19th i'm not positive this is not gonna load whatever so we've got that flag we can go ahead and submit that cool solved our quote easy challenge and that did not copy that's refusing to copy let me right click copy there we go and yeah we've already kind of solved that so good job here's your flag nice and neat uh i didn't see this one originally so i'm curious why there's a second entry i don't know if that challenge just had something different on it but that looks like the same flag so whatever the case may be that was that solution simply using uh the wayback machine to be able to kind of go back in time and determine maybe a potential earlier tweet that was sent out i don't know how realistic that would be in uh irl right i don't know if anyone will go ahead and snapshot their twitter accounts or someone else might do that for i don't know weird interesting people but regardless that was that challenge that was using twitter um you might have been wondering okay how do we make that giant leap for this alias or this username how do we know to go to twitter yeah we could have gone to linkedin yeah we could have gone to facebook yeah we could have gone to instagram whatever the heck plenty of different things um let me talk about that and let's pivot to that other challenge welcome to petstogram so this challenge prompt is who is alexandros the cat exactly and who is this mysterious mum he keeps talking about submit his mom's full name and lowercase with the underscores instead of spaces as the flag du ctf curly braces in the name okay so they released a few hints on this challenge because it was kind of a struggle bus i thought based off the title here welcome to petstogram okay that's obviously a play on words for instagram i thought alexandros the cat alexandros might be a username so i went back to of course uncle google and asked him yo dude do you know anything about alexandros the cat somebody googled it alexander the cat is an incredible book apparently on amazon and that didn't particularly help me what the heck is that all right okay alexandros the cat instagram maybe i could zoom in a little bit more on that i have some other particular individual accounts um and i could go look at these this is the danger of looking at instagram pages in a video what are we gonna what are we gonna see i don't think that's it i don't think that's it i don't think that's it it's obviously that i'm just kidding alexandros instagram we could keep looking we could google around a little bit more eventually what i ended up doing was just instagram.com alexandros the cat whack that in and we've got this instagram page here we've got alexandrus the cat with two posts 12 followers and hi my name is alexandros i love catnip and me mum so maybe this is it if he's mentioning my mom that's totally what it mentioned in the challenge prompt so this looks kind of promising we have two wonderful pictures of an incredibly adorable cat here oh and i guess i have to log in thank you security no you don't need my you don't need to save my login info dude lastpass i used to be small throwback tuesday ps check out my mom's new youtube channel oh a bitly link sketch i don't know if i trust that link i want to do it anyway great uh let's keep looking around before i go visit that but alexandros the cat looks about right and mom gave me a bow tie cool cat hashtag welcome to my insta you could do peculiar things if you wanted to like okay like download this you could you could click on go to post and then you could probably like right click and i don't know extract the image out of here if you want to do some crazy steganography strings exif tools stack hide steg solve i don't know uh i thought well okay we've looked at the post that he has on his instagram page i want to check out if he's tagged anything else it doesn't look like he is so i could check out who his followers are i want to click on all these and i could go look at these individual accounts if i really really wanted to whoever you are random strange people get excited because now you're apparently going to be in a video private account random folks roger dodger okay the one that struck out to me because if if the capture the flag event the capture the flag competition itself is going to be kind of preparing and staging this challenge to be visible by other people i want to look at some of the beginning earliest like followers i wanted to see if there was anyone that maybe they had staged or set up for this exercise to kind of test us what might one of their friends be so i looked at m waters emily waters sounds like a female mother name and it says m waters92 i love gelato and my cat alexandros okay this is totally it for business inquiries please contact emilytwaters92 gmail.com uh emily waters is that going to be her name you could try and submit that if you wanted to emily underscore waters actually that's gonna be wrong the gimmick is you need her full name full name including middle name and i saw some folks in the discord kind of be like okay what the heck i don't know about that how do i where what indicates that this is a full name including a middle name i noticed this emily t so we got an initial that's obviously not her full name you can't just say emily t waters and that's not all of it that view hint will say here hey i'm looking for my mom's full name are you sure you have everything you need so we need to know her middle name we can take a look at this video i'm gonna make sure my audio is off because i know what this is this is coffee and gelato earlier today with this cutie sorry for the annoying background noise lol so annoying if i click on this video i'm not hopefully allowing the audio to go through but you could probably hear some beeping some beeps and boops uh i guess i can turn my volume up and maybe you'll hear it through the microphone and it won't be extraordinarily loud dope someone is like pressing buttons on their phone right maybe they're texting maybe that whatever the case may be comments on living the good life super duper cool i'll go to the next one my first host excuse me my first post has to be my handsome boy love you alexandros and he's so handsome i love you alexandra's incredible one like thanks helen social media this is the pinnacle of human civilization instagram is just an app where you can pull up and immediately look at advertisements on your phone that's great something that we could do now that we've seen this video and we're hearing these weird interesting beeps and boops is that we could go ahead and download this video and extract what those dtmf tones might be um i'm going to put in the disclaimer that this is a rabbit hole or at least it was for me i kind of fell down this road for a little bit but i just want to show you how you could follow that through in the case that this is something that you might need in the future so maybe this is bad skip ahead in the video if you're like this is stupid john i don't care uh let me just show you what this really is we've got this instagram video and we want to download it so we can extract out the audio we want to get the dtmf tones or that those phone dialing sounds out of the video and kind of interpret what they might be and what they are so i've gone ahead and viewed the post i kind of went in that instagram button and hit go to post and i can copy the link because what i do when i need to look for like okay instagram download video searching uh that on google looks like we've got a couple different links you could download instagram videos online in npv format and all this takes is a url to download so let me slap this guy in there download the instagram video looks like it got it i'll download the video on mp4 um yeah yeah all right cool what did that save i was like 11 something massive in my ctf folder i had a duct where i've been working with some of the stuff oh since uh let me make a directory for youtube pets grant petstogram pentagram whoa uh okay and now let's move our downloads 11 mp4 all the way into this directory and now we've got it so i could end player this and you'd totally be able to see it wow incredible um m player just command line tool to watch a video not what we're trying to do we want to extract the audio and the sounds from this so what i like to do is i like to just use ffmpeg because it's super duper easy you can use ffmpeg and if you don't have that it's a pseudo app install ffmpeg on ubuntu or debian based systems tack i for our input file and then the following argument will just be what we want uh the output to be so i'll just call it sound.mp3 and then fm ffmpeg will realize okay we just want to carve out the audio from this we just want to now render it as an mp3 file rather than an mp4 file so if i employer that sound on mp3 now there's no video i just have the audio handy nice cool i could file on all of these if i wanted to you can see that this original mp4 file is an mp4 this sound on mp3 file is just an mpeg mp3 mp3 so now we would want to convert those dtmf tones dt mf and i could tell you a little bit more about those dual tone multi-frequency it's the signal phone company excuse me when you press an ordinary telephone touch keys so if you want a decoder ttmf tone decoder you could simply find one of the ones that i really really like is this like abc123 uh maybe i need to specify the word dtmf decoder online yeah yeah dial abc that's what it is detect dtmf tones and we have to go ahead and supply a file so i have this in ctf do ctf uh ocean right youtube petstogram sound.mp3 i will go ahead and whack this in there and i ran headfirst into this wall because when i click on this and upload an mp3 file it'll tell you whoops sorry that's not a supported audio file format we need to work with something different they suggest we support riff microsoft wav files and sun next audio so okay wave file sure whatever ffmpeg can still work that magic so let's go back to our command ffmpeg tac i with our input file and now we'll just use sound.wav and whack that in there cool all right now let's upload that wav file and let it do its thing it's going to take a little bit of time because it's churning through this video however long it may be however much sound and audio it needs to extract out and we'll see if we get anything peculiar oh we do six three three three eight zero six three zero two etcetera so these numbers that are indicated here are the buttons that that person is pressing on their phone i'm still in the middle of the rabbit hole here maybe this isn't important maybe somehow it is for some people regardless uh i want to continue to showcase this because that's good to know for future so what i'm going to do is i'm going to take all of those values and i'm just going to slap him in a text editor really gross i only care about the lines because i've just copied and pasted this uh the numbers that i saw were 6 3 3 etc so in this case it's just a line that has just the number and nothing else on it so i'm going to do is i'm going to do a fine replace i hit ctrl h on my keyboard so i have the regular expression mode on so what i'll do is i'll just look for a like backslash d to denote a digit and i'll note a dollar sign to note the very end of the line so carrot to note the start of the line backslash d to note a single digit and then dollar sign regular expression to denote the very very end of the line so you can see my six is highlighted my three is highlighted my three is highlighted etc what i'm gonna do is i'm just gonna actually hit that find all so now i have those all selected within sublime text i'll hit ctrl x so i can copy them and put them in my clipboard then i'll just remove literally everything else in this file so when i hit ctrl v or to paste all i have are those numbers that's kind of nice and kind of easy if i wanted to kind of remove all those new lines i could use like a backslash n and replace all of those now i just have that specific string so i have in sequence the numbers that that person typed on their phone this is a thing if i were to go to github.com john hammond ctf hyphen katana this is just kind of a resource that i had put together here's like my checklist of things or my my i don't know playbook of things that i might be looking for or remind myself to do during a capture flag for different kind of capture the flag challenges different categories different things etc one of these in here is a cell phone cipher like the keypad cipher so you can check this out if you have any interest in it but down down below i see a phone keypad some messages may be hidden with a string of numbers but really being coded with old cell phone keypads like text messaging with numbers repeated so typically a zero is a space but all these other numbers that might be tapped in sequence could be what you're typing on that old cell phone so the number six okay that might be m because we've only hit that button once three looks like we've got three three so that pressed it twice that would be an e and then eight okay that's a t that's interesting etc and we would go ahead and maybe fill that out you could use a tool to be able to track down all of this information uh what i'll do is i'll just look up like t9 cipher decoder t9 can be kind of the notion for that okay typing on that that text pad looks like decode fr has a decent one for it so let me go ahead and just go to that i will slap that syntax in here and then i will decrypt t9 and it found six three three eight could potentially be meet looks like it has a lot of certainty six three could respond to me maybe or md or mf or nd etc meet me makes the most sense and two eight could be at a t a u et cetera or any of those um meet me at and then other letters that i don't exactly understand after i had found this in real time when playing this challenge when playing the ctf i didn't really know what to do i was like okay what the heck meet me at wd meet me at wf waterfront i don't know w anything x any of these things i didn't exactly know what i would be doing with that um and i was kind of at a loss so i took a step back and kind of went back to everything that we had uh remember when we were looking through this alexandros the cat page and we were looking at this emily waters page all this stuff we had one notion that said hey please check out my mom's new youtube channel and we have that bitly link so let's go to that page and it'll bring us to this youtube channel gelato elgato great they have 36 subscribers but they have no content on the home page absolutely no videos no playlists no channels and i left a comment in here like hey can i have a flack i guess i hadn't deleted that one yet i left a comment on the instagram ones too and i guess they deleted those but nice good troll john 10 out of 10. um in the about page they just says welcome to my youtube channel and when they joined so this again seemed like a dead end and i was like wtf what do i do with this why can't i solve this this is supposed to be easy or beginner and i'm like i am racking my head against this i don't know what i'm doing um eventually we had this thought this gelato elgato account that's a new username because we've seen m waters 92 or emily waters or alexandra's the cat but we hadn't seen gelato elgato before that was kind of a new name and we had fallen down the rabbit hole of checking out m waters and how she loves gelato we we literally looked through all the pictures here on gelateria jewelry on the docks and was like oh ice cream people stuff literally nothing else that would correlate to the ctf challenge this is just a legitimate real restaurant that was not good for us to fall down that rabbit hole but we hadn't seen this gelato elgato username before and we thought once again uh this is actually like idea came to us after we had looked at the previous challenge the badman one so we had solved that because that had a bit more i don't know traction it was easier to do we just found it on twitter and we thought oh shoot yeah this account might be on other social media platforms so maybe this gelato elgato has an instagram account can i just go to that that's not a thing let's go to twitter.com gelato elgato and there we go call me teresa i love gelato and my cat alexandros and we have an inkling now with that t initial that we saw earlier her full name is emily theresa waters and we could submit that as the flag and i like these memes here nice nice cool let's go ahead and submit that we did emily theresa waters and that would be the correct flag i've already solved this so it doesn't showcase that that was how we ended up solving that challenge uh and we were bumping around lost like not exactly knowing what to do for the longest time here and i had a thought after i went through this because i think the right methodology the right mindset to have when you're doing this ocean stuff or this open source intelligence information gathering looking up doing human intelligence on social media networks like social networking sites etc is to keep track of those usernames because the same way that people will synchronize passwords or like use the same password on different sites there's still the concept and idea of synchronized usernames people will probably have the same username on different accounts or social media pages so whenever you find a new username you should keep track of that and then look to see does it exist on other potential platforms there's a really really neat tool that does this if i look up python sherlock ocent the sherlock project or sherlock has the script this tool to hunt down social media accounts that are based off of a specific username so hunt down social media accounts by username across different social networks and it's super duper easy uh all you really need to do is clone the repository move into it install the requirements and then you're good to go let me show you this thing let's do it i will just go ahead and get clone it into this current directory and we can read a little bit about some of the usage here all you really need to do is supply a username and then it just finds it it'll just keep hunting and look for things you can supply other output like how you want to be what directory or folder or if you want to work through a proxy or tour or comma separated value or json or timeout or colors etc and that's neat so i'd hop over to sherlock and i have that requirements.txt file so i could as the documentation has suggested let's use like pip3 to install stuff based out of the requirements text file and all this should already be installed for me so i could simply python 3 sherlock and i don't need that note there dot pi what the heck it is it is sherlock.pi oh can i just use the whole module is that how that works python 3 sherlock i guess it just figures it out okay cool so i need to supply a username so let's go ahead and supply our elgato gelato or gelato elgato let's paste that in there and see if it tracks it down automatically for us and when i ran this when i tinkered with it and played with it i'll be honest it was kind of slow and i don't know why uh i know this thing is using threading i know this thing is doing cool stuff i know it's supposed to be lightning fast it took a little bit of time for me to get all those results uh anyway it found twitter it also went to mobile twitter which is kind of peculiar but sweet good enough and it could find it on linkedin i don't know if that's actually an account or not nope guess not and taringa whatever the heck that is okay good i'll trust that uh anyway sherlock was running a little bit slow for me so i actually recommend using the docker file so if you want to you can just grab it from docker hub and you can literally dock or run sherlock and then the username that you want to supply so let me do that docker run sherlock uh i've already got that pulled in that image if you hadn't ran that command before it might have to pull the image down for you to work with so docker run sherlock and then the command that you want to work with or the username it was gelato elgato please i think i repeatedly forget this gelato elgato yep let's whack that and now it's like whoa boom okay we're checking out all these different locations academia band camp base camp bitbucket blip askfem 9gag etc some of these might not have accounts that will tell you hey not found so you could graph that out if you really really wanted to but this it seemed to be doing a little bit more faster than the other one was and it got a lot like oh hey here's that twitch account excuse me here's that twitter account here's that youtube account etc even tinder nice uh okay that's that holy cow this has been a long video and it probably really didn't have to be but i hope you don't mind me talking a lot i hope you don't mind me showcasing some of the things that uh the rabbit holes that i foul down just showcasing some more of my methodology and stuff that happened what was that second hint they released what they actually use here if you have alexandra's mom's given name and surname what else could there be left to find to get her full name okay so yeah it's mentioning the middle name and doing a little bit more uh hunting and digging around on the internet so that's the thing with ocean it's an internet scavenger hunt sometimes uh i'd like to be able to showcase this um going to take off because not a ton of people solve this and i know we did so i will see if i can remind myself what we did to go through that but uh that is bad man and that is welcome to petstogram so i hope you guys enjoyed this video i know i talked forever and this is way way longer than it needs to be but thanks so much i appreciate you tuning in check out another capture the flag video doing some oceans with me and that is enough of me yapping if you did like this video please do do those youtube algorithm things i would love if you could like the video maybe leave a comment maybe subscribe you know i'm super duper grateful and if you like capture the flag please please please register for b-sides boston ctf you can go to b-sides boss.ctf.games that website and september 26th i'm hosting that capture the flag event it'll run for about eight hours we're trying some new stuff with dynamic scoring and new infrastructure like user-based containers it'll be cool it'll be fun so that's enough of me talking let me end the stinking video thanks everybody i love you take care [Music] [Music] you

Info

Channel: John Hammond

Views: 128,883

Rating: undefined out of 5

Keywords:

Id: DV8hUcdK2Bk

Channel Id: undefined

Length: 31min 27sec (1887 seconds)

Published: Sun Sep 20 2020