Rating:
[Original writeup source](https://barelycompetent.dev/post/ctfs/2022-03-13-utctf/#osint-full).
---
So this one looks to be full blown OSINT. All we're given is "EddKing6", a supposed username.
Doing a duckduckgo search for specifically that term (i.e searching for "EddKing6", with quotes) [yields a frew interesting results](https://duckduckgo.com/?q=%22eddking6%22&atb=v247-1&ia=web):
* [Edd King Github profile](https://github.com/eddking6)
* [Edd King Twitter](https://twitter.com/eddking6)
* [Edd King github repo "DogFeedScheduler"](https://github.com/eddking6/DogFeedScheduler)
Looking at his Github profile:
His bio has one of the challenge's answers:
> His favorite food?: "I love walking my dog and eating **Cacio e Pepe**."
Checking the DogFeedScheduler repo, we see the [most recent commit was for "added email functionality"](https://github.com/eddking6/DogFeedScheduler/commit/e76f938adc53997b4ed9769e2b1e103793f0b4ea).
In that commit, we see the following code block:
``` go {linenos=true,linenostart=15}
func sendmail(srv gmail.Service, frommail string) {
temp := []byte("From: 'me'\r\n" +
"reply-to: [email protected]\r\n" +
"To: [email protected]\r\n" +
"Subject: Feed Spot \r\n" +
"remember to feed spot")
```
From this blob, we can see two more answers:
> His Email?: **[email protected]**
> The name of his dog?: **spot**
There isn't much more in the Github repo that I saw, so now to check his [Twitter](https://twitter.com/eddking6). His bio states:
> I like hacking things and running blob corp
So, we know he works at a "blob corp". Searching through his small tweet history, the [following tweet](https://twitter.com/eddking6/status/1498113770652065798?s=20&t=vYcOibKHA3cJZxztwKHTrA) reveals two more answers:
> eddking6: I like to play FactorIO when I'm not busy being a #CISO
So:
> His favourite video game?: **FactorIO**
> His Role at his company?: **CISO**
All that's left is his Alma Matter. Given we know his company and role, I imagine we need to search for them on LinkedIn. Searching "eddking linkedin ciso blob corp" yields a [eddking6](https://www.linkedin.com/in/eddking6/) linkedin page, which is indeed our man. In his education, we see the final answer.
> His alma matter?: **Texas A&M University**.
Now all we have to do is "... send him a carefully crafted phishing email including all the details."
I figured we didn't have to actually craft a phising email or anything like that, given how many solves the challenge had, and other problem difficulties. Instead, I figured they'd be doing some sort of regex matching/searching on the messages contents, so I just made sure to re-use all the spelling/capitlization of the previous answers and send an email to the `[email protected]` email. The body of my email:
```text
Find out the following information about EddKing6
The name of his dog? spot
His favourite video game? FactorIO
His alma mater? Texas A&M University
His Role at his company? CISO
His favorite food? Cacio e Pepe
His Email? [email protected]
```
In about 10 seconds, I got an email back:
Flag is `utflag{osint_is_fun}`.
