AUCTF 2020 - [OSINT] Oxyr (1000pts)

Written by Maltemo, member of team SinHack.

Statement of the challenge


One of the developers of has been a little sketchy lately. We have received reports that they may be selling data to competitors. We just haven’t found out how!

Author: c


Let’s start by scouting the website given in the description :

This website doesn’t have much informations :

The rest is “Lorem ipsum” (placeholder).

Let’s start by the images. We got two png files that show the exact same photo of a boat on the sea.

There names are mcafee.png and mcofee.png.

This name can be taken as a hint, because McAfee (the owner of the McAfee Antivirus Software), is known to hide himself and sending photos pretending to be on the other side of the globe. But metadata betrayed him many time !

Let’s check the metadatas of the pictures with exiftool :

$ exiftool mcafee.png ExifTool Version Number : 11.16 File Name : mcafee.png Directory : . File Size : 2.5 MB File Modification Date/Time : 2020:03:14 23:13:07+01:00 File Access Date/Time : 2020:04:04 14:33:10+02:00 File Inode Change Date/Time : 2020:04:04 14:32:52+02:00 File Permissions : rw-r--r-- File Type : PNG File Type Extension : png MIME Type : image/png Image Width : 1920 Image Height : 1080 Bit Depth : 8 Color Type : RGB Compression : Deflate/Inflate Filter : Adaptive Interlace : Noninterlaced XMP Toolkit : Image::ExifTool 11.91 Description : DM me if you want more info Image Size : 1920x1080 Megapixels : 2.1

Our first hint was in the description of the photo. The discord link was a simple invitation to the official AUCTF discord.

We have to find who is the user we need to contact. Lets continue our research.

After reading the source code of the page, I noticed that the contact button was redirecting to an new page 1ndex.html.

Yes, you read it right. 1ndex.html, not index.html.

<div class="py-4"> <h1 class="h3">Devs-R-Us</h1> <p>Copyright &copy; 2020</p> <button class="btn btn-primary" data-toggle="modal" onclick="location.href='1ndex.html#share-section'">Contact Us</button> </div>

This is kind of suspicious. Why would someone want to create a page quite similar to the first one, with the name and the content ?

Maybe to hide some informations.

After searching this new page, I found an html commentary just under the contact button :

<div class="py-4">
	<h1 class="h3">Devs-R-Us</h1>
	<p>Copyright &copy; 2020</p>
	<button class="btn btn-primary" data-toggle="modal" data-target="#contactModal">Contact Us</button>
	<!-- 'Who is MaddAddam?' -->

’Who is MaddAddam?’ I thought this question needed to be answered to find who we needed to contact on the discord, but it was a rabbit hole. You can skip the next part which is the research I about MaddAddam.

The leader of the rebel group God’s Gardeners in the book Oryx and Crake written by Margaret Atwood.

Trilogy of books by Margaret Atwood :

Characters :
Ren and Toby (The Year) - Amanda Payne
Jimmy (Oryx)
Zeb, Adam One

When I finaly understood that this was a dead end, I started to search with the previous informations we got from the first page :

Jorge Greenwood
Web Developer extraordinaire. Jorge Greenwood has worked on the Internet’s most impressive websites. From to He has done it ALL! you can find EVEN MORE information about Jorge on his twitter account @JorgeGreenwoodCodes
Loretta Mcintosh
Backend Bada**. Loretta Mcintosh backs up all of her claims to success with excellent work ethic and even better portfolio. Loretta is some kind of genius. You can find out some of her successes on her twitter account @BackUpOrMcintoshYouOut

I searched for a Jorge or a Loretta and look what I found :

So I started a conversation with Jorge G, not being sure if he was a member of the other teams trying to get more informations or not.

He sent me an invitation to a new discord and there was one image of a QRcode.

The message was a link to a new website containing the flag :



Two informations where hidden in the website :


The flag is auctf{3X1F_D4TA_SH0UlD_B3_sTr1pp3d_2b23sadf}

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.