The Cyber Jawara International 2024

# Persona 🩸 ## Description > A hacker known as "Ed" has crafted an elaborate online persona, leaving traces scattered across their personal webpage and various digital platforms. Your mission is to investigate and find the traces. https://persona.chall.cyberjawara.pro This is an osint challenge. In the description, a link is given which when opened is a profile of the hacker, namely Edina Salmin. ![image](https://hackmd.io/_uploads/Byydchx-yx.png) The profile also includes a link to his Facebook profile. ![image](https://hackmd.io/_uploads/SJNlshxZ1l.png) ## Part 1 & Part 3 In the facebook post, we can see an interesting post that shows a source code from his project. ![image](https://hackmd.io/_uploads/BJoJ3ng-ke.png) At first glance, there is nothing suspicious, I assume that there is a possibility that finding this project is necessary to complete this challenge, but I want to try a simple osint technique first by trying to find as much information about Edina Salmin using search engines. Here are the results when I used bing search engine : ![image](https://hackmd.io/_uploads/Hyz_CnebJg.png) We found a github with the username edsalmin, and when we go to the profile, it's most likely an account owned by the same person. ![image](https://hackmd.io/_uploads/HJOQkpgbJg.png) This is reinforced by the github.io repository belonging to user edsalmin, we can see that the source html is the same as the web profile given in the challenge description. ![image](https://hackmd.io/_uploads/Byg1l6g-yl.png) Let's try to analyze the commit done on this project ![image](https://hackmd.io/_uploads/BygLx6lZkx.png) The hacker had updated his index.html, and when we tried to find out what was updated, it turned out to be the part 1 and part 3 flags in this challenge. From this commit, we learned that the flag is divided into several parts, and we only got part 1 and part 3. ![image](https://hackmd.io/_uploads/SJOsx6lWkx.png) > Part 1: CJ{19f43f6db73281 > Part 3: 453fdb0b69a4e0006 ## Part 4 Now, let's try edina salmin's account on another platform, I tried to utilize bing again to get information using her github username keyword, edsalmin. ![image](https://hackmd.io/_uploads/HkTO-alZkl.png) Although no other social media accounts appear, we get the valuable information that edsalmin also has a Github Gist, and when opened, it turns out that there is part 4 of the flag there. Since part 4 has closing curly brackets, we can confirm that the flag is only broken into 4 parts and we just haven't found part 2 of the flag yet. ![image](https://hackmd.io/_uploads/S1ceM6lWyx.png) > Part 4: 575e49e55fc187cc} ## Part 2 Let's go back to the source code photo uploaded by Edina Salmin on facebook : ![image](https://hackmd.io/_uploads/BJoJ3ng-ke.png) With the keyword value of APP_SECRET, I tried to search for the project on github and I found the project. ![image](https://hackmd.io/_uploads/r1-UQTxZ1g.png) But unfortunately the project is not related to Edina Salmin, and I didn't find the part 2 flag there. ![image](https://hackmd.io/_uploads/SkEn7ax-Jl.png) Analyzing the photos uploaded on Facebook again, I realized that there was a suspicious link to the pastebin.com domain on the windows terminal. ![image](https://hackmd.io/_uploads/rJFVEag-kg.png) Unfortunately, when visited the url, pastebin provides information that the content of this pastebin has been deleted. * https://pastebin.com/a9v29gi ![image](https://hackmd.io/_uploads/HkDo46g-Jl.png) Thanks to my friend @rozium who realized that pastebin uses 8 characters for its unique identifier, so we need to enumerate the last 1 character, and sure enough he found the last character is e, and the part 2 flag can be found there. * https://pastebin.com/a9v29gie ![image](https://hackmd.io/_uploads/ByI9U6x-kl.png) > Final Flag : >CJ{19f43f6db7328114eea9e1b939f40bc453fdb0b69a4e0006575e49e55fc187cc} Thanks for reading, and have a good day :D