Difficulty: Medium
Category: OSINT
Author: Chic0s & Papyruss
📝 Description During the theft of a hard drive containing sensitive data, the attacker made a crucial mistake — they left their phone at the scene. Your mission: follow the digital breadcrumbs and uncover the exact address where the hard drive is hidden.
⚠️ But be careful — getting caught could compromise the entire operation.
Important: All OSINT must be conducted using the following websites only:
Website Analysis CryptoX is a cryptocurrency management platform that allows users to:
Track market prices Manage portfolios Send transactions For added security, transactions can only be conducted between friends. Users can monitor their assets, market changes, and transaction history through an intuitive, dark-themed interface.
Features Introduction To perform a transaction, the following conditions must be met:
You must be friends with the recipient. You must own cryptocurrency. Friend Request The friend request can be initiated by either the sender or the recipient of the transaction.
Description OS Command Injection is a vulnerability that allows attackers to inject and execute arbitrary commands on the operating system through unsanitized user input. This can lead to unauthorized access, data theft, system compromise, or remote code execution. It typically occurs when applications pass user input directly into OS commands without proper validation.
Exploitation We are given a web application that allows us to ping an IP address. We can send two inputs :
Description Server-Side Request Forgery (SSRF) is a vulnerability that enables attackers to trick a server into making requests to unintended locations, both internal and external, by manipulating URLs in user-supplied input. This can lead to unauthorized access to internal services, sensitive information disclosure, or even full system compromise. SSRF typically occurs when applications fetch external resources or perform HTTP requests based on unvalidated user input, allowing attackers to manipulate these requests and access restricted networks, APIs, or internal systems.
1 - Implementation of the Tool In the first step, I will equip myself with my tool:
The Proxmark 3 Easy, you can find this little gadget on AliExpress for around 50€. It has two antennas, one for low frequency and one for high frequency.
To use it, you will need a tool called Iceman. YouTube tutorial for updating the firmware and installing Iceman: https://www.youtube.com/watch?v=n1Xt-1ZmjM0&feature=emb_imp_woyt
2 - Identifying the Badge To identify the badge, we will use the ‘auto’ command, which allows scanning across different frequencies (high and low frequencies).
Chic0s
(lambda hex_str: [print(chr(int(hex_str[i:i+2], 16))) for i in range(0, len(hex_str), 2)])(“45534e412053747564656e74”)