Post

NahamCon CTF 2025 - OSINT

Posted
Preview Image
By 2Fa0n
1 min read
NahamCon CTF 2025 - OSINT

OSINT

Taken to School

Solvers: 214
Author: @Jstith

Description

“I was reading the news this week, and I saw that a student tried to hack a school’s computer system!” a worried professor remarked to an IT employee during lunch. “I’m glad we’ve got people like you keeping our network safe.” While Bob the IT admin appreciated the warm comment, his stomach dropped. “Dang it.. I haven’t checked that firewall since we set it up months ago!”.

IT has pulled a log file of potentially anomalous events detected by the new (albeit poorly tuned) network security software for your school. Based on open-sourced intelligence (OSINT), identify the anomalous entry in the file.

Each log entry contains a single line, including an MD5 hash titled eventHash.

The challenge flag is flag{MD5HASH} containing the eventHash of the anomalous entry.

Solution

They give us a network-log.cef file and see out that there are lot of log entries from 2024.

network-log

Our goal is to find the correct hash that is anomalous.

Read through the discription, it’s topic generaly about Hack school. So I search for hack school few month ago on google.

google_search

Found this article Powerschool Hack: Data Breach Protect Student, School, Teacher Safe

The target is Powerschool. Search for Powerschool hack on google.

powerschool_hack

Notice this Powerschool Security Incident

Go though and found section CrowdStrike Incident Report submitted incident report.

powerschool_incident

Check it out and found this section Appendix A: Indicators of Compromise.

indicators_of_compromise

Show list of IOC. Find out this one 91.218.50[.]11 in the log file.

iocs

1

2024-12-22T15:07:40 CEF:0|PaloAltoNetworks|PAN-OS|8.3|44985|Trojan Signature Match|9|src=91.218.50.11 dst=192.168.113.2 spt=27660 dpt=443 proto=HTTPS act=allowed fileName=chemistry_notes.pdf eventHash=5b16c7044a22ed3845a0ff408da8afa9 cs1Label=threatType cs1=trojan

Got the eventHash 5b16c7044a22ed3845a0ff408da8afa9

Flag: flag{5b16c7044a22ed3845a0ff408da8afa9}

For this challenge, I do not have enough time so just solve one challenge only. The rest of the challenge really interesting, definitely will try it later 🔥.

certificate

CTF Writeups
ctf osint
This post is licensed under CC BY 4.0 by the author.