CTF Writeups
Tools and Payloads
TryHackMe
- TryHackMe Overview
HackTheBox
- HackTheBox Overview
HackTheBox Academy
- HTB Academy Overview
PortSwigger Academy
- PortSwigger Overview
2021 CTFs
2020 CTFs
- VulnCon2020 Overview

Powered by GitBook

On this page

OSINT
User account Search
Reverse Image Lookup
Image Metadata
Breached Data
Solutions
1) What URL will take me directly to Rudolph's Reddit comment history?
2) According to Rudolph, where was he born?
3) Rudolph mentions Robert. Can you use Google to tell me Robert's last name?
4) On what other social media platform might Rudolph have an account?
5) What is Rudolph's username on that platform?
6) What appears to be Rudolph's favorite TV show right now?
7) Based on Rudolph's post history, he took part in a parade. Where did the parade take place?
8) Okay, you found the city, but where specifically was one of the photos taken?
9) Did you find a flag too?
10) Has Rudolph been pwned? What password of his appeared in a breach?
Based on all the information gathered. It's likely that Rudolph is in the Windy City and is staying in a hotel on Magnificent Mile. What are the street numbers of the hotel address?

TryHackMe

TryHackMe Overview

Advent of Cyber 2

Day 14 - Where's Rudolph?

PreviousDay 13 - Coal for Christmas NextDay 15 - There's a Python in my stocking!

Last updated 1 year ago

Date: 14, December, 2020

Author: Dhilip Sanjay S

OSINT

OSINT investigations mostly start with only a username.
User's post history in social media + Google - used to get more information.

User account Search

Reverse Image Lookup

And yeah !

Image Metadata

- Tip: If you find any website having images with metadata, you can report in bug bounty platforms (Information Disclosure).

Breached Data

Solutions

1) What URL will take me directly to Rudolph's Reddit comment history?

Answer: https://www.reddit.com/user/IGuidetheClaus2020/comments

2) According to Rudolph, where was he born?

Answer: Chicago

3) Rudolph mentions Robert. Can you use Google to tell me Robert's last name?

Answer: May

4) On what other social media platform might Rudolph have an account?

Answer: Twitter
Steps to Reproduce:
- He mentions about Twitter in one of his Reddit Comments.

5) What is Rudolph's username on that platform?

Answer: IGuideClaus2020

6) What appears to be Rudolph's favorite TV show right now?

Answer: Bachelorette
Steps to Reproduce: Check twitter posts.

7) Based on Rudolph's post history, he took part in a parade. Where did the parade take place?

Answer: Chicago
Steps to Reproduce: Use Google Reverse image search

8) Okay, you found the city, but where specifically was one of the photos taken?

Answer: 41.891815, -87.624277
Steps to Reproduce:

9) Did you find a flag too?

Answer: {FLAG}ALWAYSCHECKTHEEXIFD4T4

10) Has Rudolph been pwned? What password of his appeared in a breach?

Answer: spygame
Steps to Reproduce:
- Search Query : email:rudolphthered@hotmail.com

Based on all the information gathered. It's likely that Rudolph is in the Windy City and is staying in a hotel on Magnificent Mile. What are the street numbers of the hotel address?

Answer: 540
Steps to Reproduce:
- Go to the specified co-ordinates in Google Maps. Click on Chicago Marriott Downtown.

Search for IGuideClaus2020 in (the is removed from username in this case).

Twitter Profile

Visit and upload the Higher Resolution image from the Twitter post.

Search for the Email ID mentioned in the twitter profile in

WhatsMyName github

Sherlock Project

Yandex Image Search

Bing Visual Search

Jeffrey's Image Metadata Viewer

Have I been Pwned

I Guide the Claus 2020

Jeffrey's Image Metadata Viewer