Tags: tmctfquals 

Rating: 4.5

Challenge This challenge has been solved. Category: Iot/osint/scada Points: 100 Today you received an email that seemed to be from an online shopping site that you use - but when you followed the link something definitely did not seem right. It appears that the world's worst phisher must have set up the page - and has targeted you with a phishing attack!

The email text said you needed to visit a link to update the security of your acccount. However the link actually lead to the site ctf.superpopularonlineshop.com.definitelynotaphishingsite.com

For this challenge you must find the "Real Person" who is behind this attack - leveraging your Open Source Intelligence (OSINT) skills.

The Flag will be found on one of their social profile pages

NOTE: Pen Testing the site will not help - in fact all you need to start the trail is in this email already

1. Check WHOIS http://ctf.superpopularonlineshop.com.definitelynotaphishingsite.com/
2. Google Phone number +44.7441911980
3. One of the results leads us to https://paste2.org/8LpMBye6 with domain T3M4.COM
4. Domain T3M4.COM is a personal blog of T3-M4Haxor. Let’s Google Him!
5. Ok, now we have link to his Twitter account https://twitter.com/T3M4haxor
6. It took some time where to go next, but if we take a look at his followers we get https://twitter.com/DavikSurik
7. Google David Surik and we have his Linkedin account https://www.linkedin.com/in/davik-surik-b04198141/
8. He has the only project with description: Proud to have helped with the Trend Micro CTF 2017 - especially Secret Challenge "13" -> GZPGS{SGE0FVAG101}
9. GZPGS{SGE0FVAG101} obviously if TMCTF{something}. We have a hint in description Secret Challenge "13"
10. And it is ROT13. Go to http://www.rot13.com/ paste, decrypt
11. TMCTF{FTR0SINT101} - you are awesome