Try   HackMD

HackMyVm-OSINT

OSINT-003

題目給了這張圖片,直接用Google Lens搜尋就可以找到答案了

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

flag

hmv{GataCattana}

OSINT-006

題目敘述如下:

hackmyvm.eu. 100 IN TXT

可以發現他有一個網域和TXT,推測與文字記錄有關

nslookup -q=txt hackmyvm.eu.

or

dig txt hackmyvm.eu

這樣就可以找到flag了

flag

hmv{sasviyalin}

OSINT-012

從題目得到一個.mp3打開來都聽不懂,原本想嘗試隱寫術,但根據類別為OSINT
找到Whisper這個工具
按照官方說明使用turbo模型

whisper 012.mp3 --model turbo

得到語言是Swedish,片段內容是ILOVLANGUAGES

Detected language: Swedish
[00:00.000 --> 00:02.780]  I-L-O-V-L-A-N-G-U-A-G-E-S

Google後即可得到flag

flag

HMV{ILoveLanguages}

OSINT-026

題目給了一張圖片要我辨識出所在國家

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

發現左上角有文字

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

用報廢的雙眼辨識出cermodern,Google就可以找到所在地了

flag

HMV{Turkey}

OSINT-029

題目說subdomain有flag,找到subdomain後就可以找到flag了

subfinder -d "hackmyvm.eu"

flag

||HMV{publicd0main

OSINT-034

這題一樣是給圖片要找出國家
但這次比較簡單 因為給的是國旗
所以Google圖片搜尋就可以找到了

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

flag

HMV{Somalia}

OSINT-036

題目給了一張圖片要我們找到正確的BSSID 把圖片丟到以圖搜圖就可以找到圖片中的商場位置了

Sunlive Moritsune
1 Chome-11-25 Moritsune, Kokuraminami Ward, Kitakyushu, Fukuoka 802-0972日本

把地址丟到 wigle.net 後找一下在商場內的 wifi 的 BSSID 就可以了

這裡沒有圖因為 wigle.net 有夠不穩定 想要再搜尋一次結果資料都跑不出來

flag

HMV{00:3A:9A:7B:5F:40}

OSINT-037

這題給了一張圖 要我們找到這張圖是在哪裡拍的 flag 是地點的經緯度
直接右鍵 取得資訊 就可以找到了

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

得到 DMS(Degrees Minutes Seconds) 後丟到 線上的轉換工具 轉換成 DD(Decimal Degrees)

flag

HMV{58.967463,18.316396}

OSINT-048

這題給了一個車牌 車牌上有個國旗

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

搜尋一下就可以知道這是 烏克蘭(Ukraina) 的國旗
題目要的是城市的名稱 範例用的西班牙的首都馬德里 所以我們用烏克蘭的首都基輔就可以了

HMV{Kyiv}

OSINT-052

這題題目要我們找到一段飛機的航程 給了一個文字檔和圖片檔
文字檔有兩段奇怪的文字

RCdgQV4/XVxJO3tGV1Z3UzRRdHIwYG9vSmw3WiInRERCQkFSYWFfdSl5W1p2b3RtM3FTaS9tbGVNaWhhJ2VeY1wiIV9eQFxbVFN3VzlPTk1McEpPSGxGS0RDZypAZD49QjtAPzhcNjU0WDgxNjU0MyxQKilNbm0lSUg1

6tmc`F^ZgDA8*0&i%-!lFWbX7EZf1:+ELt4F)N1CATVs2%178mA8*/sASl@'+Cf>1DKU&8+Cf>-+D5_'DBNP&EdD:J%16TYAKYf'+C\c$FD5<(+CfG7A7]RoASuU$+Co1/Eb0?5D_;

第一段很明顯是 base64 所以 decode 後得到

D'`A^?]\I;{FWVwS4Qtr0`ooJl7Z"'DDBBARaa_u)y[Zvotm3qSi/mleMiha'e^c\"!_^@\[TSwW9ONMLpJOHlFKDCg*@d>=B;@?8\654X816543,P*)Mnm%IH5

這段我們通靈一下猜出可能是 Malbolge 語言 丟到 線上的 compiler 後得到了一個時間 10:11:2023:14:00


而第二段我們猜出是 ASCII85(base85) decrypt 後得到一串義大利文

Di qua, di là, su per lo sasso tetro
vidi demon cornuti con gran ferze,
che li battien crudelmente di retro.

這段是摘自但丁 神曲 中的一段 地獄篇(Inferno)
描述的是第八層地獄 惡意欺詐者 (Malebolge) 中的刑罰
看起來是提示第一段是 Malbolge 語言

接下來嘗試透過提供的圖片尋找機場 一直找不到 最後從神秘地方找到 flag 後終於找到機場是
位於荷蘭的恩荷芬機場
但後續真的就找不到了 QQ 期待哪天可以找到 writeup

flag

HVM{Porto-OPO-Eindhoven-EIN-FR7472}

OSINT-055

這次題目給了一個字串

MCZJ/CJ[[J]\.7¿?;(?9!?-\/<;¿:=(=6!?-X K: wtf

根據最後面的 K: wtf 我們可以猜測是指 key 嘗試 XOR 得到一串經緯度

BLUE LETTERS!8°04'06.0"S 34°52'29.0"W

根據提示到指定地點後尋找附近的藍色東西就可以了

flag

HMV{CAP}

OSINT-065 [Not Solved]

這題大概是目前最難的題目了 給了一堆東西 其中有一個加密的壓縮檔 用 052 的 flag 解密
得到一個新的圖片和新的文字檔 用 Hex 解密文字檔後得到一段文字 把它整理一下

I feel your gaze in the periphery,
a subtle echo of footsteps in sync with mine.
The dance in shadows has not gone unnoticed.

In this intricate web of paths,
I sense your silent pursuit.
Our journey takes us through twists and turns,
yet your presence is a constant—
like a ghost in the rearview mirror.

No need for coded messages or clandestine signals;
the awareness hangs in the air,
a shared secret between predator and prey.

Let it be known that the hunted is cognizant,
weaving through the labyrinth with purpose.
The chase, though silent,
is a testament to the intricacies of our fates intertwining.

As the narrative unfolds, remember this:
every step echoes in the corridors of anticipation.

Until our paths converge or diverge,
let the dance continue.

然後就沒有然後了 QQ

OSINT-075

這題又回歸到了傳統的 OSINT 題目 給了一張圖片 要我們照到圖片中右下角空白白板的店家


我們首先先以圖搜圖這張圖片 因為原本給的圖檔不是原圖 而且很糊
找到圖片來源 :

https://depositphotos.com/home.html?qview=13245599

照到圖片後 用更清楚的照片搜尋後 發現了不太一樣的地方
圖片的中央是一間綠色的房子和一間紅白色屋簷的房子
這次我們搜尋到了一樣的綠色房子 但隔壁換成了一間黑白色招牌的店

但這張圖片不是很清楚 一樣以圖搜圖搜到了另一個角度

這個角度可以看到隔壁這間店的名稱 直接在 google maps 搜尋這家店 ODETTE
再用小黃人往後一點就可以找到黑板的店家了

P.S. 後來從 google maps 的時間線功能後知道了原來紅色屋子是舊的
現在那間店已經換成黑色這間了

flag

HMV{The_Tea_Caddy}

OSINT-077 [Not Solved]

OSINT-078 [Not Solved]

Last changed by 
Fearnot
0
114

Read more

picoCTF-General_Skills writeup

picoCTF All General Skills Challenge Writeup

May 7, 2025
picoCTF Web writeup

書本模式

May 6, 2025
HMVLabs-Venus Writeup

用 ssh 連線

Apr 21, 2025
PG-InfosecPrep

InfosecPrep

Nov 5, 2024
Read more from Fearnot
Published on HackMD