This is a writeup of HeroCTF OSINT challenge “Good French Charcuterie”.
After looking for the name of the person on google we come across a linkedin profile.
As we can see on the screen there is a picture of a tweet of a person named Marine and Adèle Morte liked it... we take a look at the twitter account and we do a little search on twitter to find the tweet easily
We analyze a little bit Adèle Morte’s twitter account and we come across an interesting tweet !
After finding the email adress, I used some tools to see if the email address is in a data breach but apparently not.
At the same time I didn’t have much to do because there was no other solution. I reread the description of the challenge and there I realize that we also had to use our Social Engineering skills to find her password, so surely to have contact with her. So i decided to send an email to test if there will be a response.
When I got the answer I started to imagine a scenario to tell her to convince her to send me the password.
With the little informations I had on her, I pretended to be a DGSI agent (issou) whose mission was to verify the emails of people living in Vannes, Brittany, France, because there was a murder at this place, and my goal was to find the murderer.
But she refused.. to be honest I was wondering if all this was not a rabbit hole xD.. but I hadn’t a lot of time so I decided to go on and rewrite a message by being more demanding and insisting that it’s obligatory and that she has no choice.
But it didn’t work again…
But despite the two refusals I did not give up and this time I wrote a new message playing with her feelings to try to convince her..
Bingo this time it works !!!
I really enjoyed the challenge, it’s the first time I’ve seen a CTF with Social engineering on it and I found it super fun and cool to do, thanks to Thib and HeroCTF for this cool challenge and for this amazing CTF !
Happy Hacking ❤
