Tags: html web grep
## Square CTF: GDPR -> C5: de-anonymization
C5 is an [online system](https://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5) and is thus very simple to disable. You just need to login as the Captain Yakubovics. Too bad she’s no longer around to [hand you her password](https://www.sans.org/security-awareness-training/blog/security-awareness-topic-6-passwords).
As luck would have it, you have some anonymized [datasets](https://github.com/vgutta/CTF-s/tree/master/square/c5/datasets) lying around.
[Solution with images](https://github.com/blue-hens/square2018/blob/master/C5-%20de-anonymization/README.md)
The [Login page](https://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5) has Reset Password button, click on that \
That will bring you to a [Reset Password](https://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5/forgot) page
To reset the password we need to fill in all the fields below
The only things we know is name and title.
Searching the name returns
$ grep "yakubovics" 1.csv 2.csv 3.csv 4.csv 5.csv
That gives us the **email address**
If you open 1.csv you find the 3rd column is the income
So lets search all the files for Captain's income(96605)
$ grep "96605" 1.csv 2.csv 3.csv 4.csv 5.csv
That gives us **street**
$ grep "4 Magdeline" 1.csv 2.csv 3.csv 4.csv 5.csv
3.csv has SSN's, state, and street \
Since there's only one result for that street in 3.csv we can assume the Captain's **SSN is 4484**
5.csv has Firstname and street \
Captain's **First Name is Elyssa** since there is only one result in 5.csv
We know Elyssa is her firtname so _*Yakubovics*_ has to be her **Last Name**
Submitting with those values brings us to the reset password page where the first text box is populated with her current password
Inspecting the HTML of the first text box reveals the **flag**