Category: OSINT
Points: 100
Description:
We heard word that The Plague escaped prison three weeks ago. We've been notified that he was recently seen on soundcloud liking a song by ytcracker called "hacker music." Let us know what you find.
First perform a search on soundcloud.com for “ytcracker hacker music” then go to likes.
https://soundcloud.com/ytcracker/ytcracker-hacker-music/likes
Go to ThePlague2018x’s profile
https://soundcloud.com/user-843651506
The next clue seemed to be to go to the website on ThePlague2018x’s website which is the following
https://exit.sc/?url=https%3A%2F%2FNjY2YzYxNjc3Yjc0Njg0NTUyNjU1ZjY5NzM1ZjRlMzA1ZjcyMzE0NzY4NzQ1ZjYxNGU0NDVmNTc1MjMwNmU0NzVmNzQ2ODMzNTI2NTVmMzE3MzVmNGY0ZTZjNzk1ZjQ2NzU0ZTVmNDE2ZTY0NWY0MjMwNzI2OTRlNDc3ZAo.com%2Fhome
Extract the string after the hex values “%3A%2F%2F” to “.com” the value between this is the following
666c61677b74684552655f69735f4e305f72314768745f614e445f5752306e475f74683352655f31735f4f4e6c795f46754e5f416e645f423072694e477d
Looking at the string it seems to be hex so encode to hex to get the flag.
>>> '666c61677b74684552655f69735f4e305f72314768745f614e445f5752306e475f74683352655f31735f4f4e6c795f46754e5f416e645f423072694e477d'.decode('hex')
'flag{thERe_is_N0_r1Ght_aND_WR0nG_th3Re_1s_ONly_FuN_And_B0riNG}'
Flag
flag{thERe_is_N0_r1Ght_aND_WR0nG_th3Re_1s_ONly_FuN_And_B0riNG}