VishwaCTF 2023 Writeup

Writeup by: footpics4sale of OnlyFeet
CTF: https://vishwactf.com

Privacy Breach

Category: OSINT
Difficulty: Medium

DESCRIPTION 

Dude...They just emailed my own password back to me (and it wasn't even asterisked) Don't they know that's a severe breach of privacy!!! Offenders leaked them in PlainText. I hope they lie at the bottom of the deepest pits of hell Can you tell me their domain name??

FLAG FORMAT
VishwaCTF{}


Writeup

Googling things like password emailed back in plaintext lead to this website which mentioned plaintextoffenders.com:
https://news.ycombinator.com/item?id=2414496
pb-1.png

The Plain Text Offenders site has a note to use the list at https://plaintextoffenders.com/offenders:
pb-2.png

🥹 Yes, I did try the flag VishwaCTF{shodan.io} and several domains from the recent posts. I was hoping the Offenders List might have domains posted after 2021.

The Offenders List page has a link to a GitHub file:
https://github.com/plaintextoffenders/plaintextoffenders/blob/master/offenders.csv
pb-3.png
pb-4.png

Tried some domains from here and a bunch mentioned in recent years through Google searches... nothing worked.

Read the challenge description again...
"I hope they lie at the bottom of the deepest pits of hell"

This has to mean something right?

😐 It was the domain listed at the bottom of the Offenders List file.
pb-5.png


Flag: VishwaCTF{napcosecurity.com}




home