Pwn The Scam 4 - Archived

Aperi'CTF 2019 - OSINT (175 pts).

Aperi’CTF 2019 - Pwn The Scam 4 - Archived

Challenge details

Event Challenge Category Points Solves
Aperi’CTF 2019 Pwn The Scam 4 - Archived OSINT 175 7

Un site de scam Bitcoin a été découvert sur TOR. Vous avez été missionné pour en prendre le contrôle.

Pwn The Scam est un challenge d’OSINT, il n’y a pas de vulnerabilité web à exploiter! Format de flag : APRK{flag}.

Identifiez le scammeur.

TL;DR

Use Wayback Machine to get the flag and the twitter of the scammer.

Methodology

Looking at the challenge name, we may need a cache/old copy of the website to browse older information. We could have use google cache but there is no information about the website.

![cache.jpeg](/files/aperictf_2019/pwn_the_scam4/cache.jpeg)

There is a famous website called [Wayback Machine](https://web.archive.org) which is usually use to keep a snapshot of a website for a given time. Lets search on it.

We got many snapshots, if we take the one for 03 JUL 2018 we got:

[https://web.archive.org/web/20180703085735/http://nothing-here.com/]

![wayback.jpeg](/files/aperictf_2019/pwn_the_scam4/wayback.jpeg)

[https://web.archive.org/web/20180703085735/http://nothing-here.com/](https://web.archive.org/web/20180703085735/http://nothing-here.com/)

We get the flag but we also get a twitter profile “By 751”.

Flag

APRK{B4ck_1N_T1m3!}

Challenge by DrStache , WriteUp by Zeecka