PEARLCTF 2025 WRITE-UPS

# PEARLCTF 2025 WRITE-UPS Greetings, and welcome to my PEARLCTF 2025 write-ups. This is the fifth international CTF competition that I have ever competed in. You see, Cpt. Moriarty is specialized in OSINT challenge, and that's what I will give you in this write-ups. ## Table of Contents 1. OSINT a. Hidden Marker b. Van Gogh's GARBAGE hunt ## 1. OSINT ### a. Hidden Marker ![Challenge Page](https://hackmd.io/_uploads/SkKuYTijJl.png) Given the username *spiriteawx*. Tried using "sherlock" tools but found no results. I searched the username on X and found the exact account that belong to that username. ![Step 1 (spiriteawx's X Account)](https://hackmd.io/_uploads/S1a_caio1x.png) As you can see from his pinned tweet, it related to the challenge that we're facing. I downloaded the image to help my research on the exact location later on. After scrolling through his tweets, I suspected that the location of this smuggling operation was near Charles Bridge, Prague, Czech Republic. ![Step 2 (Location Clues)](https://hackmd.io/_uploads/BytBiTjiJg.png) I opened Google Maps and tries to search anything related with "old cars" near Prague, and it turns out well. I found the exact location of the picture in less than 5 minutes. ![Step 3 (Dorking on Google Maps)](https://hackmd.io/_uploads/rJ5BVAojye.png) ![Step 4 (The Exact Location of The Picture)](https://hackmd.io/_uploads/rJT24Rjokl.png) The exact location of the picture which was *Celetná*. As what had been said in the description, you have to strip the special character, which then became *celetna*. Time for the next step. He tweeted this link https://pastebin.com/MWH1g7rE for the financial records of the transactions I clicked on it and searched through the whole text to find something fishy. After some times, I finally found it. ![Step 5 (Searching Through the Pastebin)](https://hackmd.io/_uploads/rkNymG6iJx.png) *"-1","-1","[REDACTED BY ADMIN]","-1","-1", "-1"* was clearly something. I was stuck on this step for a few hours and was on the verge of giving up. Until I remembered that I can use "Web Archive" to look at the previous version of something before it was changed. I visited this website https://web.archive.org/ and entered this Pastebin URL https://pastebin.com/MWH1g7rE. ![Step 6 (Using Web Archive)](https://hackmd.io/_uploads/SkXW4fTsJg.png) As you can see, the Pastebin had been saved 2 times, which means that there are 2 versions of this Pastebin. ![Step 7 (The Different Versions of the Pastebin)](https://hackmd.io/_uploads/r1xh4fTjkg.png) It can be seen by the numbers of this Pastebin viewed, which was only 3 times. To compare the text, you can simply use "Diffchecker" https://www.diffchecker.com/ ![Step 8 (Using Diffchecker to Check the Difference)](https://hackmd.io/_uploads/H1fkf7po1x.png) There it was, the so called "hidden marker". Copy the *Transaction ID* and put it inside the flag. Flag: pearl{celetna_6382938} ### b. Van Gogh's GARBAGE hunt ![Challenge Page](https://hackmd.io/_uploads/HJbz8Qaj1l.png) It's quite easy to solve this challenge. All you have to do is simply use "Google Lens" for the image. ![Step 1 (Using Google Lens For the Image)](https://hackmd.io/_uploads/r1tCLXpsyl.png) It says that the road was in *Buiten Oranjestraat*. Then, I used "Google Maps" to find the exact location of the shop. ![Step 2 (The Exact Location of the Shop)](https://hackmd.io/_uploads/ByZg9X6i1l.png) Done, it was a piece of cake. Flag: pearl{the_swapshop}