[Original writeup source](https://barelycompetent.dev/post/ctfs/2022-03-13-utctf/#osint-full).


So this one looks to be full blown OSINT. All we're given is "EddKing6", a supposed username.

Doing a duckduckgo search for specifically that term (i.e searching for "EddKing6", with quotes) [yields a frew interesting results](https://duckduckgo.com/?q=%22eddking6%22&atb=v247-1&ia=web):

* [Edd King Github profile](https://github.com/eddking6)
* [Edd King Twitter](https://twitter.com/eddking6)
* [Edd King github repo "DogFeedScheduler"](https://github.com/eddking6/DogFeedScheduler)

Looking at his Github profile:


His bio has one of the challenge's answers:

> His favorite food?: "I love walking my dog and eating **Cacio e Pepe**."

Checking the DogFeedScheduler repo, we see the [most recent commit was for "added email functionality"](https://github.com/eddking6/DogFeedScheduler/commit/e76f938adc53997b4ed9769e2b1e103793f0b4ea).

In that commit, we see the following code block:

``` go {linenos=true,linenostart=15}
func sendmail(srv gmail.Service, frommail string) {
temp := []byte("From: 'me'\r\n" +
"reply-to: [email protected]\r\n" +
"To: [email protected]\r\n" +
"Subject: Feed Spot \r\n" +
"remember to feed spot")

From this blob, we can see two more answers:

> His Email?: **[email protected]**
> The name of his dog?: **spot**

There isn't much more in the Github repo that I saw, so now to check his [Twitter](https://twitter.com/eddking6). His bio states:

> I like hacking things and running blob corp

So, we know he works at a "blob corp". Searching through his small tweet history, the [following tweet](https://twitter.com/eddking6/status/1498113770652065798?s=20&t=vYcOibKHA3cJZxztwKHTrA) reveals two more answers:

> eddking6: I like to play FactorIO when I'm not busy being a #CISO


> His favourite video game?: **FactorIO**
> His Role at his company?: **CISO**

All that's left is his Alma Matter. Given we know his company and role, I imagine we need to search for them on LinkedIn. Searching "eddking linkedin ciso blob corp" yields a [eddking6](https://www.linkedin.com/in/eddking6/) linkedin page, which is indeed our man. In his education, we see the final answer.

> His alma matter?: **Texas A&M University**.

Now all we have to do is "... send him a carefully crafted phishing email including all the details."

I figured we didn't have to actually craft a phising email or anything like that, given how many solves the challenge had, and other problem difficulties. Instead, I figured they'd be doing some sort of regex matching/searching on the messages contents, so I just made sure to re-use all the spelling/capitlization of the previous answers and send an email to the `[email protected]` email. The body of my email:

Find out the following information about EddKing6

The name of his dog? spot

His favourite video game? FactorIO

His alma mater? Texas A&M University

His Role at his company? CISO

His favorite food? Cacio e Pepe

His Email? [email protected]

In about 10 seconds, I got an email back:


Flag is `utflag{osint_is_fun}`.

Original writeup (https://barelycompetent.dev/post/ctfs/2022-03-13-utctf/#osint-full).