- As you're aware, OSINT holds significant importance for hackers in acquiring information about their targets. It includes the retrieval of leaked passwords, which can then be used to gain unauthorized access to websites and scrutinize confidential data or flags.
- In this particular task, a password associated with a popular top one song have been disclosed and cataloged in a renowned file commonly used for dictionary attacks. Utilize the provided image to uncover the flag.
- The password consists of two parts: the first segment is the song's name in lowercase without spaces, and the subsequent part is the password's position in the leaked file, specifically as the first 3 digits from the left.
- example: if the password was semo and its location was 777xxxxxx then the password will be semo777
- flag format: BAU{flag}
- important notes from the question
- password : popular top one song
- file commonly used for dictionary attacks
- use image to uncover the flag
- password : song's name in lowercase without spaces && the first 3 digits from the left. → which can then be used to gain unauthorized access to websites and scrutinize confidential data or flags.
- scan the picture with your preferred browser
- search for nirvana
- its a rock band
- check top nirvana song
- it’s Smells Like Teen Spirit
- check the most famous file for leaked passwords
rockyou.txt- search in
rockyou.txtfor Smells Like Teen Spirit - number is 368
- check
exiftoolfor any hidden data - we have a website link
- check the website : https://pst.innomi.net/paste/n3dgfrccgpd63c445s98rkmg4nthsgxp
- require a password
- use password as:
smellsliketeenspirit368 - we have obfuscated
javascriptcode deobfuscate→ https://obf-io.deobfuscate.io/BAU{x2m3L7czR8Q1Y6eA5bP9}
