DESCRIPTION
Dude...They just emailed my own password back to me (and it wasn't even asterisked) Don't they know that's a severe breach of privacy!!! Offenders leaked them in PlainText. I hope they lie at the bottom of the deepest pits of hell Can you tell me their domain name??
FLAG FORMAT
VishwaCTF{}
password emailed back in plaintext
lead to this website which mentioned plaintextoffenders.com:The Plain Text Offenders site has a note to use the list at https://plaintextoffenders.com/offenders:
🥹 Yes, I did try the flag VishwaCTF{shodan.io}
and several domains
from the recent posts. I was hoping the Offenders List might have
domains posted after 2021.
The Offenders List page has a link to a GitHub file:
https://github.com/plaintextoffenders/plaintextoffenders/blob/master/offenders.csv
Tried some domains from here and a bunch mentioned in recent years through Google searches... nothing worked.
Read the challenge description again...
"I hope they lie at the bottom of the deepest pits of hell"
This has to mean something right?
😐 It was the domain listed at the bottom of the Offenders List
file.
Flag: VishwaCTF{napcosecurity.com}