CTFtime.org

Data Breach

by bigpick / burner_herz0g

Rating:

## [See original writeup on site](https://barelycompetent.dev/post/ctfs/2021-04-11-ritsecctf/#data-breach).

### Data Breach
> Oh no! Geno’s email was involved in a data breach! What was his password?
>
> Author: t0uc4n

So, this challenge seems to be playing off the same person from the previous challenge, [Finding Geno](#finding-geno).

As we can see right in their LinkedIn profile, their email is **[email protected]**. So we have the email, now we just need to find what the breach was to get the password.

Interestingly, visiting haveibeenpwned.com and inputting their password, it reports "Good news - no pwnage found!", so it seems that this is not the appropriate email we need to use. Back on the linkedin page, there is a link to their "personal website", which is a sort of online business card:

![](https://barelycompetent.dev/img/CTFs/2021/ritsecCTF/geno-personal-site.png)

From here, we have a link to a bunch of social sites:

* [Facebook](https://www.facebook.com/geno.ikonomov)
* [Twitter](https://twitter.com/GenoIkonomov)
* [LinkedIn](https://www.linkedin.com/in/geno-ikonomov)
* [Reddit](https://reddit.com/u/incogeno)
* [Github](https://github.com/incogeno)
* [Soundcloud](https://soundcloud.app.goo.gl/PGBcV)
* [Snapchat](https://snapchat.com/add/incogeno)

The Reddit account is empty, and not archived in wayback machine. The LinkedIn we've already seen. The Github page is empty, and the account has no activity other than having joined on March 16 2021. And the soundcloud account is also empty entirely.

After making a burner FB account, because ffs you need one to see FB content, we see:

![](https://barelycompetent.dev/img/CTFs/2021/ritsecCTF/geno-fb.png)

So, note:

* Friends with a https://www.facebook.com/claire.alexa.7771
* Friends with a https://www.facebook.com/david.petterton.5 (whose account seems to be empty entirely).
* Has a post about Old Forge, a Drake feels quote picture, and his past education.

Going to their Twitter, we see a bit more content. A most recent post about Old Forge (w/picture), another about visiting grandma along the way (2 more pictures), a tweet about an eagle statue (1 picture), and then two tweets about Hip Hop quotes.

On their most recent tweet, we see some comments from https://twitter.com/eng_claire, which is the same person from their FB of the "troubled relationship".

Other that, still nothing really relevant.

Back to google, searching (explicitly with quotes, to filter exact matches) for "[email protected]", we get exactly 1 result:

![](https://barelycompetent.dev/img/CTFs/2021/ritsecCTF/geno-pw.png)

As we can see in the results: `[email protected]:password=StartedFromTheBottom!`

Flag is `RS{StartedFromTheBottom!}`

Original writeup (https://barelycompetent.dev/post/ctfs/2021-04-11-ritsecctf/#data-breach).

Comments