Tags: osint
Rating:
Writeup (with images): [Privacy Breach](https://footpics4sale.github.io/writeups/CTF/VishwaCTF2023/OSINT-privacy-breach.html)
-----
Googling things like "password emailed back in plaintext" lead to this website (https://news.ycombinator.com/item?id=2414496) which mentioned plaintextoffenders.com
The Plain Text Offenders site has a note to use the list at https://plaintextoffenders.com/offenders
The Offenders List page has a link to a GitHub file:
https://github.com/plaintextoffenders/plaintextoffenders/blob/master/offenders.csv
Tried some domains from here and a bunch mentioned in recent years through Google searches... nothing worked.
Read the challenge description again...
> "I hope they lie at the bottom of the deepest pits of hell"
This has to mean something right?
? It was the domain listed at the bottom of the Offenders List file.
Flag: `VishwaCTF{napcosecurity.com}`
