LISA and the secret business partner have a secret Spotify collaboration planned together. Unfortunately, neither of them have the opsec to keep it private. See if you can figure out what it is!
This is part three of a three-part OSINT suite including Hip With the Youth, An Unlikely Partnership, and The Weakest Link. I recommend starting with the other two challenges!
In UIUC-chan's LinkedIn contact info, we can find a link to her Spotify:
That was quite a pretty night view, can you find where I took it? Flag format: uiuctf{street name, city name} Example: uiuctf{East Green Street, Champaign}
Some words are blurred out to make the challenge harder, hopefully.
Flag format clarification: Use the full type, e.g. Avenue, Street, Road, etc., and include a space between the comma and city name.
We're given this photo of a street at night:
The Long Island Subway Authority (LISA), in an attempt to appeal to the younger generations, has begun experimenting with social media! See if you can find a way to a flag through their Instagram.
This is part one of a three-part OSINT suite including Hip With the Youth, An Unlikely Partnership, and The Weakest Link. I recommend starting here!
Searching "Long Island Subway Authority" on Instagram brings us to this page:
It appears that the Long Island Subway Authority (LISA) has made a strategic business partnership with a surprise influencer! See if you can figure out who.
This is part two of a three-part OSINT suite including Hip With the Youth,
An Unlikely Partnership, and The Weakest Link. This challenge is possible without Hip With the Youth but will be easier if you start there.
Old software, good software:
Clone and pwn: https://github.com/FirebaseExtended/firepad
We're given a very minimal admin bot launcher page that gives us a URL to a demo Firepad.
Without any further details, it looks like we're meant to find a (likely XSS) vulnerability in the Firepad source code we can use on the admin to get the flag.
The annual UC San Diego Raccoon Run is happening right now!! Apparently there's an underground gambling ring going on there. Maybe you can make it big?
We're given a Python server that looks like this:
import json
from time import time
import tornado
import tornado.websocket
import tornado.ioloop
I made a calculator! I'm using Python to do the math since I heard it's strongly typed, so my calculator should be pretty safe. Download the source code by clicking the download button above!
We're given a TS server and expression parser looking like this:
import { serveDir, serveFile } from 'jsr:@std/http/file-server'
import { parse } from './expression_parser.ts'
const decoder = new TextDecoder()
const resultTemplate = await Deno.readTextFile('./result.html')
Why donβt we all just take a break from hacking and enjoy some music on my webpage? https://0xcafe.neocities.org/
One of the OSINTs of all time.
We're given a "chill radio cafe" website, which cycles through a selected playlist of music.
Within the playlist array, we can find a "secret" YouTube link
I found this golf game online but the third level is so hard π©π©
See if you can beat it!
We're given a golf minigame that looks like this:
We can see that the client makes a WebSocket connection to the remote server, sending launch events whenever the user hits the ball.