EYCC 2025 — OSINT Challenges (onsite-round)#

First Challenge#

We were given this picture:

We had to locate where this photo was taken and extract the blurred timestamp, then combine them with the string “echo site” to form the password of a Pastebin link that contains the flag.

Zooming into the photo, I immediately noticed the timestamp: 2025-8-24
I also recognized the place — Longyearbyen.

I searched for Longyearbyen on Google Earth and found the exact spot:

The challenge hinted that the location starts with “S”, so after clicking the location we see:

The required part was Svalbard.

So the final password was:

1
Svalbard echo site 2025-8-24

Entering it into Pastebin revealed the flag:

Second Challenge#

We were given a username: InsaneHunterCTF
We needed to trace it and find the flag.

Searching for the username across platforms, I found a GitHub account:

Inside the HunterCTF repo there was an HTML file:

And inside it — an interesting comment:

Opening the link gave:

Appending /secure.zip downloaded a protected ZIP file.

I produced a hash:

1
zip2john secure.zip > hash.txt

Then cracked it:

1
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

John outputted something like:

1
!LUVDKR!..*7¡Vamos!

…but the password didn’t work.

The challenge also hinted at fuzzing /hidden_FUZZ.

I used ffuf:

1
ffuf -u [http://13.62.48.186/hidden_FUZZ](http://13.62.48.186/hidden_FUZZ) -w wordlist.txt

It found:

1
/hidden_data

Inside were two PDF files.

leak.pdf looked corrupted, so I used strings leak.pdf:

It wasn’t the correct flag.

The second file, leak2.pdf, also showed a wrong flag:

So I ran strings on it:

This time it revealed the correct ZIP password.

After unzipping, flag.zip.txt contained:

And voilà!

That was all! Don’t forget to check my other write-ups~