Display a ASCII Message After SSH Login

Sometimes when you want to provide remote access to your system via SSH, you want to display a customized message on the terminal for the remotely logged-in user. In this tutorial, I will show you how to display a custom ASCII text and text message upon SSH login to your Linux server.

Requirement

You need to have installed SSH

Let's Displaying a Message

For displaying a ASCII text or normal text in linux or any other distro ,you will to perform the following steps:

Step 1 :- First you need to open a MOTD or create a file on your system with the COMMAND shown below.

┌──(hackerboy㉿KumarAtulJaiswal)-[~]
└─$ sudo nano /etc/motd
┌──(hackerboy㉿KumarAtulJaiswal)-[~]
└─$

and once this file is created or open (as you can see i have already this file in our linux system ), you can type in any messages or ASCII text as of your choice just like we did. After that, you can save this file and exit.

ASCII Creator - CLICK HERE

Step 2 :- Check your system IP

Step 3 :- Log into your machine through SSH to Display the message.

You need to log into your machine through SSH by executing the following command. You can either run this command on your own machine’s terminal or you can even use any other machine on the same network for serving the very same purpose.

┌──(hackerboy㉿KumarAtulJaiswal)-[~]
└─$ sudo su
KumarAtulJaiswal# ssh hackerboy@192.168.43.152
hackerboy@192.168.43.152's password: 
Linux KumarAtulJaiswal 5.10.0-kali8-amd64 #1 SMP Debian 5.10.40-1kali1 (2021-05-31) x86_64

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

WELCOME  TO
██   ██  █████   ██████ ██   ██ ██ ███    ██  ██████      ████████ ██████  ██    ██ ████████ ██   ██ 
██   ██ ██   ██ ██      ██  ██  ██ ████   ██ ██              ██    ██   ██ ██    ██    ██    ██   ██ 
███████ ███████ ██      █████   ██ ██ ██  ██ ██   ███        ██    ██████  ██    ██    ██    ███████ 
██   ██ ██   ██ ██      ██  ██  ██ ██  ██ ██ ██    ██        ██    ██   ██ ██    ██    ██    ██   ██ 
██   ██ ██   ██  ██████ ██   ██ ██ ██   ████  ██████         ██    ██   ██  ██████     ██    ██   ██ 
                                                                                 www.hackingtruth.in 



                                                                                                     
You have new mail.
Last login: Sun Jul 11 20:07:56 2021 from 192.168.43.152
┏━(Message from Kali developers)
┃
┃ This is a minimal installation of Kali Linux, you likely
┃ want to install supplementary tools. Learn how:
┃ ⇒ https://www.kali.org/docs/troubleshooting/common-minimum-setup/
┃
┃ We have kept /usr/bin/python pointing to Python 2 for backwards
┃ compatibility. Learn how to change this and avoid this message:
┃ ⇒ https://www.kali.org/docs/general-use/python3-transition/
┃
┗━(Run: “touch ~/.hushlogin” to hide this message)
┌──(hackerboy㉿KumarAtulJaiswal)-[~]
└─$ 

Disclaimer

What is CSRF

CSRF is stand for cross site request forgery and is a malicious exploit of a website basically attacker use for this to exploit and account takeover where unauthorized commands are submitted from a user that the web application trusts. CSRF Account TakeOver on Live Website
 

How CSRF Works?

Attacker sends a link with email and password to the client(as a victim of attacker) and lets say by phishing

Attacker sends a link which contains the request of a email & password of attacker. lets suppose that link is for www.hackingtruthbank.in then as soon as client which means the victim or user clicks on that links his details will get updated to the hackingtruthbank.in by the server. Server accept the new credentails which is given by client but the client unknowlingly clicked that specific links which contains is that two things so the first thing is a new email and new password which got automatically updated.

Now, the attacker logins with new credentials and successfully does ATO (account takeover) of client. so this how CSRF works. CSRF is a very dangerous vulnerability and can leak to successfully ATO and sometimes in this case the client is unable to login to his own account because you know very well what happend with his account But why because his account is now accessable by the new creds by the attacker.

How are we going to test for CSRF?

As you can see how are we going to test for csrf vulnerability in any website whenever you doing hunting for penetration testing.

He need to make two accounts the first account lets say a victim account and the second one is attacker account now what the attacker is going to do is?

The attacker is going to generate a link let's say the email and password for change then he is going to send that malicious link with updated a email and password account details to the victim to the first account now is the victim interact with thats links and click on that links then he have to check the data it has been updated into the profile or not so let's say the attackers link which contans the first new change functionality which means the name should change to the attacker.

When the victims click on that links and his profile his name first name changes is true from victim to attacker that's means we have successfully achive CSRF or in another dangerous case If the attacker send the links with email attacker@gmail.com and password attacker 12345 and if that gets change them it has account takeover vulnerability.

we will do an ATO either changing email or password or both getting the complete access of the account and making a parmanent log out of the user is consider a vulnerability of extreme savirity so in this case your bug can go to PON savirity.

How can we achieve CSRF to Account Takeover?

Now i am going to quickly signup on this website first.

I have created a account onto this platform and i have got an email we have registered successfully and then we clicked on links whereas we can see that RESET YOUR PASSWORD (on your mail). After clicking on that link we redirect on azafashion.com.

As you can see in this user section there are lot of options available but we will be use a profile section.

When i have clicked on account details here are accounts details as can be seen. This is temporary generated name and at all then i am going to change name of this account and the name is victim account.

Now what i am going to do is. I am going to make attacker account also. So i open a new private window with azafashion.com and create a new account of attacker whereas i change a name like attacker.

But in this let me just capture the request before saving a username.

This is the POST request which is going to the server for changing the profile detail as you can see the user first name is return attacker so the attacker comes to know the website is vulnerable to CSRF we a making a POC (proof of concept) through which he is going to change the details of victims.

Then we generate a CSRF poc with enangement tools in burp suite. so you can see POC has been generated and leave the previous request because our work is done.

Then we just copy this all and paste it with a new file called azafashioncsrf.html

so there is name attacker then let me just change or modify the name attacker to attackerCSRF and as you can see this mail ID is belong to attacker account (see the above section i told you in private window i am creating another new account by attacking with MAIL ID).

So after open it in our browser as you can see there's only submit button appear here.

So as you can see this is a victim browser and not a private window and we click on this button as you can see the status is 200.

then when(victim) we try to reload to his account and the details over will be changed here. So the name field has been changed there is attacker CSRF take over as well as email address has been changed. which means that through the attackers request of edit profile the details of the victim got changed and this is the successful CSRF.

Mitigation

CSRF vulnerabilities can still occur on login forms where the user is not authenticated, but the impact and risk is different. ... Login CSRF can be mitigated by creating pre-sessions (sessions before a user is authenticated) and including tokens in login form.


Use captchas and CSRF-tokens for be sure that the victim is changing the datas knowing that.

Report

Disclaimer

What is CORS? 

Cross-Origin Resource Sharing

W3C working draft that defines how the browser and server must communicate when accessing sources across origins. CORS Cross Origin Resource Sharing Vulnerability on Live Website

Implemented via HTTP headers that servers set and browsers enforce.

 

Can be categoriezed into 

 
 - Simple Requests
 - Requests that need a Prelight
 

Working Process

credit for this image hacktify

Three Important Cases for CORS

We are going to see important cases for identify a CORS vulnerability. This is the best which is the best case for this vulnerability.

As you can see under the left side it is the request and right side it is the response if we try to add our header into the request and header is origin And let say we type any.com which is attacker.com and if this attacker.com get reflected into the response in this two headers. Access-Control-Allow-Origin attacker.com and Access-Control-Allow-Credentials true then this is vulnerable which is the best test best case for us.

so we have understood the first and the best test case is that whenever we try to supply attacker.com into the origin into the request if we get the attackr.com as it is into the response then it is the best test case for the attacks.

So now let's see the second best test case for for our exploitation.In the request it is attacker.com. In the origin header and in the response if it shows something like null in Access-Control-Allow-Origin and Access-Control-Allow-Credentials if we seen True then also it is the best test case for our attack. So I hope you guys understood the first and second test case.

 
In the first test case we got attacker.com as it is by passing it in the request we got as into the request and in the second test case we passed at the attacker.com and in the response Null. Which also means it is exploitable. 

               
                                                

So, let's see the last test case which is the case 3 which is a bad implementation but not exploitable test case we cannot exploit this test case. so, in the request if attacker.com is passed into a header that is origin and in the response if we get * (star) in access-control-allow-origin if we get a * (star) then it is not exploitable this test case is not exploitable. we cannot exploit this so to conclude the first to test cases we can exploit in which we are able to see a reflection of the origin into the response that is a attacker.com that is the first test case in the second test case if you are able to see Null then it is also exploitable but if you're getting a * (star) into the response it is not acceptable I hope you guys understood this and now it is the practical time let see the practical for this.

Practical

I will get a request into my burp suite after getting the request i am going to this request to the repeater so that i can use this request again and again. Now in near what i am doing to do is!! I am going to add a new header and header is Origin as we saw into our test cases. after adding here Origin: https://hackingtruth.in and i am going hit go.

If you look closely in the response tab there is something which is generated, here is link and the link which is i am getting one more End-point zinghr.com (/wp-json/).

What if try to send a request to add this point GET /wp-json/ HTTP/1.1 with these Origin.

So this time when i did go. Vola!! as you can see this time the zinghr.com server has trusted this attacker server that is hackingtruth.in and is ready to exchange the data between in the server. So this website is vulnerable with CORS.



Access-Control-Allow-Origin: https://hackingtruth.in
Access-control-allow-origin: True
 
which is reflected.

Manually

Lets do this how to manualy exploit this issue with curl command and those who don't know what is curl basically curl is a simple utility which is responsible to sending the request to any target and getting a response.

curl "https://zinghr.com/wp-json/" -I 

 

-I - For header that i only want to see response header instead of whole page source. There is something which is generated, here is link and the link which is i am getting one more End-point zinghr.com (/wp-json/)

┌──(hackerboy㉿KumarAtulJaiswal)-[~]
└─$ curl "https://zinghr.com/wp-json/" -I                     
HTTP/2 200 
date: Sun, 04 Jul 2021 19:13:49 GMT
server: Apache
x-powered-by: PHP/7.3.26
x-robots-tag: noindex
link: <https://www.zinghr.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET
vary: User-Agent
content-type: application/json; charset=UTF-8

┌──(hackerboy㉿KumarAtulJaiswal)-[~]
└─$ 

link: <https://www.zinghr.com/wp-json/>; rel="https://api.w.org/"

So, now we add a new header called origin and now i am going to hit enter and check for verify this origin is trusted by zinghr.com server or not? But if this is trusted then it back reflected into the response header.

curl "https://zinghr.com/wp-json/" -I -H Origin: https://hackingtruth.in

┌──(hackerboy㉿KumarAtulJaiswal)-[~]
└─$ curl "https://zinghr.com/wp-json/" -I -H Origin:https://hackingtruth.in
HTTP/2 200 
date: Sun, 04 Jul 2021 19:19:44 GMT
server: Apache
x-powered-by: PHP/7.3.26
x-robots-tag: noindex
link: <https://www.zinghr.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET
access-control-allow-origin: https://hackingtruth.in
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true
vary: Origin,User-Agent
content-type: application/json; charset=UTF-8

┌──(hackerboy㉿KumarAtulJaiswal)-[~]
└─$ 

Access-Control-Allow-Origin: https://hackingtruth.in
Access-control-allow-origin: True
 
which is reflected.


As you can see our best test case that is the first test case is been satisfied over here and we are able to get our attacker.com reflected into the response. so i hope you guys understood. How to find this vulnerability using burp suite as well as curl.

CORS Mitigation

1) SOP! Same Origin Policy
2) Do not trust any aribitary origin and communication with it!




what are the mitigations for CORS.

1) So the first and the best mitigations for CORS is SOP the same origin policy. so this policy means this policy means that the web site or the web application should not transfer any kind of data to any other web application so it should only communicate and transfer the data with the same origin for same website.


2) Do not trust any arbitrary origin and communicate with that if any web application is getting any origin header as a request that should not trust that arbitrary header and give out sensitive information basically whenever attacker tries to do a reflective origin based CORS the server should discard that I should not trusted and should not give out the response to that server. Secondly if a suffix or prefix based cause exploitation is performed the server should do proper validation not just limited to checking the hostname into the origin we have already seen if the server is misconfigured and just check for the name into the origin header and takes decisions based on that which is dangerous can lead to CORS exploitation. So do not trust any arbitrary origin and communicate with it is the best mitigation for CORS. so I hope you understood the mitigation for CORS.

Disclaimer

Understanding The Background Pain of Online Human Trafficking

Technology, particularly the Internet, has enabled sex trafficking and sexual exploitation to become the fastest growing criminal activity in the world. The increasing misuse of technology is changing the nature of trafficking, and so we must work by developing new ways to deal with it. Understanding The Background Pain Of Online Human Trafficking

The world of online technology and the Internet is helpful in trafficking us, as a result of which we keep hearing different news every day. Online resources such as open and classified advertisement sites, adult websites, social media platforms, chatrooms, extending into the dark-web enable traffickers to interact with an increasing number of potential victims.


According to Internet call, facebook is a huge market where things like this are done, for which everyone has to bear the consequences. According to the Human Trafficking Institute, the 2020 Federal Human Trafficking Report revealed that 59 percent of online sex is posted on Facebook.


The report was released to mark the 20th anniversary of the Trafficking Victims Protection Act (TVPA), which made human trafficking
a federal crime. Throughout this year’s edition of the report, it highlights data and trends that span across two decades of anti-trafficking enforcement in the U.S.

You will remember that most of the crimes related to kidnapping are being done offline because in the world of internet, child exploitation and victim requirement are happening very fast.

People's habits have become so much associated with facebook, snapchat, wechat even that instagram have also been identified as hotspots for sex trafficking cases.

Actually What is Human Trafficking ?

It is the illegal trade of human beings for the purposes of commerical sexual explloitation or reproductive slavery, or force labour or it called nowdays as modern day slavery.

Why is this happen ?

1) Because of trafficking is a lucrative industry. It has been identified as the fastest growing criminal industry in the world.
2) I guess unemployment, war, proverty are the key drives of human trafficking.
3) Homeless especially girl who run away from home (homeless), are great risk of being targeted by a pimp (or traffickers) and becoming exploited.
4) Usually caused by proverty/lack of economic opportunities, especially for women and children, and a demand for certain services in the destination country.
5) Traffickers use blackmail, abuse and threats to force victims to comply with their wishes in the destination country.
 

Who the victims ?

Generally females young girls, babies (they are born for the specific purpose being sold). Age is the greatest vulnerability factor.

According to google search, The top three states with highest number of Human trafficking incidents based on number of cases reported are West Bengal, Rajasthan and Gujarat and the top three states with highest number of Human trafficking incidents based on crime rates are West Bengal, Daman and Diu and Goa.


The list is compiled from the 2016 Crime in India Report published by National Crime Records Bureau (NCRB), Government of India
 

Indicators

Observations

1) Wounds, Bruises
2) Drug addiction
3) Hostility
4) No eye contact
5) Prepaid credit card or cell phone
6) False or no identification
7) Unable to provide name of school

 

How we can stop that ?

But it comes to how we can stop it because young people like us are going somewhere in the wrong direction, which maybe the coming generation can ask us the question that why it was not stopped at the right time, which will result in the coming time. People can also suffer. See, every coin has two sides, the more we stop the thing, the more it will increase, then we can make people aware because there is a lack of awareness in people. According to a report, cybercrime or vulnerability is more in the mind of human than in our system.

Credit: pixabay.com

1) This is not for promotion but for awareness, first of all share this article with others.
2) Organize a fundraiser where to raise a fund and use it to donate the proceeds to an anti-trafficking organization
3) The world of this online is very big, but if we see this type of content anywhere, then report it without hesitation. If you want to report anonymously, you can.
4) If you have knowledge about cyber security, then you can make people aware about cyber sec awareness by doing videos, articles or seminars etc.
5) Boycott products and companies that permit human trafficking.
6) Learn the indicators of human trafficking so you can help identify a potential trafficking victim. Human trafficking awareness training is available for individuals, businesses, first responders, law enforcement, educators, and federal employees, among others.


 

How to Report ?

It is a little difficult to go against someone, but if you fight for the truth or such things which are hollowing our society, then do not fear at all, you can report without hesitation even with anonymously or  and you can make people aware by becoming a Volunteer.

 

National Cyber Crime Reporting Portal :- CLICK HERE

Disclaimer

So guys, todays blog is very important and informative. Today's topic is what actually happens in a real life penetration testing.

There are so much rules and regulations for a beginner pen tester in a company. So in today's blog, I will share the steps which you have to follow while doing a pen test.

What are the steps when you work in a real company as pen tester ? So, if you want to read this blog till the end. Let's begin.

Firstly a proper aggrement is made defining you scope which contains what you can do and what you can't.

Company may specify that you can't use automated tools and sometimes you have exploit mannually No restriction on programming, you can make any programme and you can use it. 

Now a interesting thing, if you run a pen testing company and doing a pen testing engagement, your client can't change or deploy anything and this is the part of the rule. Suppose you have found all the vulnerabilities and made a proper report, the pen testing company will submit their client a red card. 

This is basically a red certificate saying that they have completed the pen test and submited the report. After that, client has 30 days to fix all the vulnerabilities. When it get fixed, the client will inform the pen test company. The pen testing company will again test the client's server using the same methods as before. If all the vulnerablilities get pached, the pen test company will issue a green certificate.


Now, lets come to rules. This specificly for Europian countries. A GDPR list is there to mesaure all the rate of vulnerabilities, so if somehow employe's data get leaked, government will charge the company and incase of any critical vulnerablities found, the company will have to do a pen test again in 2 months. This rule is for Europian countries.

Click Here 

 

Hope you remember I told you, once a pen test is done, client has only 1 months to patch all the vulnerablities. If client doesn't response in that time, and if the pen test company finds a new bug on the 31st day, they will charge client company. thats a rule too. 

Now if pen test is done and a bug is found within the 3 months of the previous pen test, they can't submit it, otherwise they will face legal consiquences. Because, if a new bug comes out within 3 months, it is considered that they knew it but didn't disclosed it. Thus legal problems can occur. There is a discloser policy where you can not share any pen test report within 3 months. You can not share anything regarding it. So many rules are there. It totaly depends countrywise and companywise.

Hope you liked today's blog and don't forget to share. You can't find these type of blog anywhere else. Its a very unknown topic. I would also like to give a big shoutout to Trident Security.

Disclaimer

In this room, you will be learning social media analysis and forensics. You will learn about google dorking, website archiving, social media enumeration/analysis, and the basic usage of OSINT techniques in the context of social media investigation. You don't need any previous knowledge of OSINT to do well in this room, but it definitely helps. I have included some resources in the "Resources" task at the bottom of the room that I encourage you to check out after completing this room!



Prerequisites:


Critical Thinking.
A love of going deep into rabbit -holes.
Basic understanding of Google.
Python 3.7+

Task 2 Story

Background Information:


You are Aleks Juulut, a private eye based out of Greenland. You don't usually work digitally, but have recently discovered OSINT techniques to make that aspect of your job much easier. You were recently hired by a mysterious person under the moniker "H" to investigate a suspected cheater, named Thomas Straussman.  TryHackMe KaffeeSec - SoMeSINT


After a brief phone-call with his wife, Francesca Hodgerint, you've learned that he's been acting suspicious lately, but she isn't sure exactly what he could be doing wrong. She wants you to investigate him and report back anything you find. Unfortunately, you're out of the country on a family emergency and cannot get back to Greenland to meet the deadline of the investigation, so you're going to have to do all of it digitally. Good luck! 

Answer the questions below


1) Who hired you?

Ans :- ks{H}


2) Who are you investigating? (ks{firstname lastname})

Ans :- ks{thomas straussman}

Task 3 Let's get started!!

Prerequisites:

Patience, curiosity, and a passion for digging into rabbit holes.
Firefox, Chrome, or another chromium-based browser (I recommend Brave).


How exciting! Through talking to people who know Thomas, you've found out that he has a very guessable online handle: tstraussman. With this handle, we can find his social media accounts.


The overall process for finding information from social media accounts starts with finding the social media accounts themselves. Finding social media accounts from names or emails can be automated through a process called enumeration. This is usually done with CLI tools or scripts, but you can get similar effects with google dorking. Here is a guide on google dorking, it's great reading material before you attempt this task and also includes a cheat-sheet that comes in handy.



Before starting, I will preface this by saying the only places these accounts are found on are Twitter and Reddit. Please do not try to investigate further out-of-scope, as you will both meet a dead end and be snooping on accounts not involved with this CTF at all. I am not responsible for any actions/interactions made with an account outside of the sockpuppets created for this CTF. As a general rule, we're collecting PASSIVE information - there's no interacting directly with these accounts.



Answer the questions below


1) What is Thomas' favorite holiday?

Ans :- Christmas

Its mentioned in the bio as X-mas or Christmas

2) What is Thomas' birth date?

Ans :- 12-20-1990

His birthday is evident from the below reddit post.

3) What is Thomas' fiancee's Twitter handle?

Ans :- @fhodgelink



 

Looking at his followers we can find the twitter handle of his finacee.

4) What is Thomas' background picture of?

Ans :- Buddha

Task 4 Spider... what?

Requirements:

    Spiderfoot
    Python 3


First things first, make sure that you've downloaded the latest version of Python3. Then follow this guide to install the latest version of Spiderfoot (currently v3.3).

Once it's installed correctly, run it by typing python3 sf.py -l 127.0.0.1:5001

You can access the web interface by navigating to localhost:5001 in your browser.

Click on "New Scan". In the "Scan Target" field, type in "Thomas Straussman" or "tstraussman"; then, under By Use Case, ensure that you checked the All option. Finally, press run. 

Looking at the results, you can figure out which are false positives by filtering out anything that isn't related to Reddit or Twitter. 

If you find a Twitter account that leads to shadowban.eu, click on the link.

If you can't find anything related to Twitter, go to Settings --> Account Finder and set the highlighted option to False.

1) What was the source module used to find these accounts?

Ans :- sfp_accounts    

2) Check the shadowban API. What is the value of "search"?

Ans :- ks{1346173539712380929}

Task 5 Connections, connections..

Now that you have Thomas' Reddit and Twitter accounts, you can do some cool stuff!

At this point, consider downloading a reverse search extension for your browser, my favorite is RevEye, which lets you choose from a handful of great reverse search engines, or use all of them simultaneously. Chrome / Firefox


There are a few key types of information that we want to find from socials:

Images of places that contain clear identifiers like buildings, signs, monuments, or landmarks (For IMINT/GEOMINT purposes).

Clear images of the subject's face (For reverse image searches and possibly finding more accounts/sources of info).

Clear images of the subject in a group of people (Family photos, friend groups, other information that can give context to their relationship with the group).

Personal information in their bio, or other personal data from their profile itself (Where they grew up, currently live, went to school, etc..).

Relevant posts that may contain information on their whereabouts or personal habits (Do they smoke? Drink? Go to bars often? Love to vacation to specific places? All this information can help in an investigation.)


Since you have gotten most useful information from Thomas' Twitter, it's time to "pivot" to his fiancee's account.

What personal information can you find?

NOTE: If you get stuck on the first flag, consider two things:

• You can reverse image search landscapes / locations and most likely get a result.
• You can look at the source of the website (ctrl + shift + c, then click on the image) and try to find some metadata from the image.

Answer the questions below


1) Where did Thomas and his fiancee vacation to?

Ans :- Koblenz, Germany

Fiancé’s Twitter handle is @Fhodgelink (https://twitter.com/FHodgelink) Its pretty straightforward as per the below picture. The flag format is City, Country (7 letters, 7 letters)

So,it will be in the format — — — -, Germany.

Doing a reverse search of this image, indicates its Koblenz in Germany.

2) When is Francesca's Mother's birthday? (without the year)

Ans :- Decemeber 25th

We can see the Above tweet

3) What is the name of their cat?

Ans :- Gotank

https://twitter.com/FHodgelink/status/1343023195855736837

4) What show does Francesca like to watch?

Ans :- 90 Day Fiancee

One of the tweets is the below one which shares the name of the program

Task 6 Turn back the clock!!

Now that we've gathered intel from Thomas and Francesca's Twitters, lets move to another platform - Reddit.


For the sake of this investigation, we're going to be using Reddit in two different ways:

Use the old version (http://old.reddit.com/) for wayback machine purposes

Use the new version (https://www.reddit.com/) for other purposes (later on)


First, you're going to want to install the WayBackMachine extension for your browser (you don't need it, but it'll make your life much easier).


    Get it for Firefox
    Get it for Chrome
   

Using Reddit's old site, navigate to Thomas' profile. Right click anywhere on the page and click on Wayback machine --> All Versions. You will see a calendar that shows all of the saved versions of the site, click through and take a look at each saved version (in this case there should be none).


So it hasn't been saved yet... Nothing out of the ordinary, right?

Next, go to Thomas' birthday post. Repeat the steps to find the first version of the site and..... Voila!


We've discovered a coworker, which is another source of intel for us! But the question is... how much intel?


Answer the questions below


1) What is the name of Thomas' coworker?

Ans :- Hans Minik

I got stuck at this stage. Finally did a waybackmachine to check the snapshot for 21st Dec 2020

2) Where does his coworker live?

Ans :- Nuuk, Greenland

Thomas lives in Nuuk, as per his profile

 Looking into Hans reddit profile, we can find the following posts

3) What is the paste ID for the link we found? (flag format)

Ans :- ks{ww4ju}

Hans profile is https://web.archive.org/web/20210104143852/https://old.reddit.com/user/minikhans

4) Password for the next link? (flag format)

Ans :- ks{1qaz2wsx}

5) What is the name of Thomas' mistress?

Ans :- Emilia Moller

Paste the password obtained in above step to the url and the name will be shown.

6) What is Thomas' Email address?

Ans :- straussmanthom@mail.com

Disclaimer