About Search Light CTF
Search Light CTF is a beginner level CTF made by Zewensec hosted at TryHackMe. It teaches the basics of Geolocation and Imagery intelligence. The problem is divided into nine tasks which explains the techniques & few questions to answer using the said techniques.
Search Light CTF is the part of my submission for OSINT Dojo Student rank requirements. To make this CTF more challenging, I decided to add my own rule : finish the questions within 30 minute. If I failed to finish it in 30 minute, the score will be zero, and I have to move on to the next question.
Search Light CTF Write Up
Task 1
Task 1 explains what the CTF is and what should you do and asks you if you understand it by the end of the section. I instantly typed “yes” but I was wrong, then I typed few more times and still got it wrong until I lost my calm. After that, I decided to take a break and read it again, carefully. Guess what, I just have to type sl{ready}. We haven’t started the quiz yet, but there goes the first lesson, read carefully.
Task 2
Material
The first question explains more about geolocation challenges. It tells you the list of questions that you can use to get started with answering the challenges (Benjamin Strick):
- Any obvious data in the image that can reveal the location? (Street & store signs)
- Can you identify the region of the image? (Driving side, language, architect)
- Do you recognize the environment? (Road sign, nature, motor brands)
- What is the quality of the environment? (Paved or gravel roads)
- Is there any unique landmark? (Building, bridges, statues)
Problem
What is the name of the street that was taken?
Reflection
I Instantly asked myself, “Any obvious data in the image that can reveal the location?”, and yes there is. The “Welcome to Carnaby Street” sign, so the answer is Carnaby Street.
Task 3
Material
The next task explains about Google search engine operators which also known as Google Dorks. I have been using Google Dorks long before I get into CTFs, but this is the first time I see them being used for geolocation.
Problem
- Which city is the station located in?
- Which tube station do these stairs lead to?
- Which year did this station open?
- How many platforms are there in this station?
Reflection
To solve this problem, I need to figure out what’s the station’s name first. How could I find it? I noticed a covered letter “*lly Circus Station”, so I decided to look it up with Duckduckgo and found out that the station’s name was “Picadilly Circus Station” in London. Ater that, I looked up when the station was opened (1906) and the numbers of platforms (4) through Wikipedia and London Underground site.
Task 4
Problem
- Building this photo taken in
- Country of this building
- The name of the city
Reflection
I notice the “yvr.ca” letter in the image, thus it must be somewhere in Canada, but where to be precise? Then I decided to visit the web and read what it is, the Vancouver International Airport website so the building is Vancouver International Airport. Last question was the city which I typed “Vancouver” and got it wrong. Apparently Vancouver isn’t a city name, but Richmond is.
Task 5
Problem
- Coffee shop, city
- Coffee shop, street name
- Coffee shop, phone number
- Coffee shop, email address
- Coffee shop, owner’s surname
Reflection
This one is the trickiest by far. No obvious clues like the previous images. I decided to manually bruteforce the city name by using the list of cities in Scotland but didn’t get anything.
So decided to read again, closely. Here are the clues I gathered :
- Scotland
- Coffee shop
- The best lunch
- Edinburgh Woollen Mill
- The building’s physical features
I looked up what Edinburgh Woollen mill is. Luckily, I found an article with photo identical to the task’s image here which shows Blairgowrie as the location. Thus, I can narrow it down to the Edinburgh Woollen Mill at the city and found out the Coffee Shop through google maps.
After that, I dug the info on Wee Coffee shop at Allan Street from the phone number (+447878 839128), to email (theweecoffeeshop@aol.com) and the owners names are David and Debbie Cochrane according to this website.
Task 6
Material
This task introduces Reverse image search to “extract” information from an image by using the image as the search’s term. Sometimes it does not go well so Aric Toler adviced us to do these things :
- Search engine priority : Yandex > Bing > Google
- Images from Central & South America, Africa, and Asia are much harder to locate.
- Methods to improve image search :
- Increase the resolution
- Crop or pixelate certain elements
- Mirror, filter, clone tools can work too
- Consider using specialized search engines or databases.
Problem
- The restaurant name in the photo (famous nickname)
- Bon Appetit editor who took this image (located in a youtube video)
Reflection
I used Yandex reverse image search to do look up which restaurant it was taken. The first result showed the Insider news with its nickname (Katz’s Deli). After that, I looked for Bonnapetit article using Duckduckgo and found out that it was written by Andrew Knowlton.
Task 7
Material
No new material but it reminds us to scan for visual clues, reverse image search, use search operators and be patient. It should be easy.
Problem
- The name of the statue
- The photographer
Reflection
As usual, reverse image search with Yandex reveal its location, Tjuvholmen Sculpture Park (Oslo) but nothing reveals the statue’s name so far. I visited the park’s information from Wikipedia, Trip Advisor, and Astrup Fearnley Museet but nothing shows up.
I decided to tap hint but it does not make sense at all. What’s even that supposed to mean? Even google translate does not make any sense.
At this point I was losing my calm and felt like hitting the laptop screen but that won’t get me anything either. I managed to calm down and looked again. A page from Wikimedia showed up and further scroll revealed that it is “Rudolph the Chrome Nosed Reindeer“
,_Astrup_Fearnley_Museet_(Renzo_Piano),_Oslo_-_Norway.jpg){kind=link}
There’s five minute left but I haven’t answered the 2nd question at all. I noticed a write up made by someone else with the answer and that triggered a “moral conflict”.
“Why don’t you just copy someone’s answer? I mean, that’s OSINT too right, the info is already public.”
Yeah I know, but I don’t feel right about this. Ethics is part of the investigation. How can I stick to ethics if that’s what I do?
“Come on, it’s just a game.”
Yeah it’s just a game, but doesn’t a game prohibit you from cheating? If you cheat, you suck, but I’m not.
“Think practical. What if the requirement is to 100% the CTF?”
Find another ctf and 100% it then.
“But you are wasting more time.”
No, time is wasted if you enjoy it.I decided to left it blank for honesty. That won’t give me any score but I don’t care.
This is the toughest task. I feel so stupid for not being able to solve this. Should I just give up already?
Task 8
No I didn’t give up. I’m back for another quiz. Hopefully it won’t be so hard.
Material
The material is a video by Amy Herman which explains how observing arts can change how you think. Honestly I don’t understand what is being said yet, but I believe that I need to be more patient.
Problem
- The name of the character
- Location of the statue
- Opposite building name
Reflection
Yandex reverse image search returns Фемида (Femida). What is this? Apparently it’s Themis in russian, but Themis returns incorrect answer. I figured out that the statue’s name is Lady Justice after a few tries.
The statues name is the Lady Justice, but there should be many of such statues around the world. I need to be specific. Another article from Ria Novosti presents the statue with США, which is USA in russian. So we need to look up “Lady Justice statue in USA”.
The search returns The Verge article featuring the same image of the statue, then I looked up the link of the image which reveals to be Gettyimages source. I figured out that the statue was located at Albert V Bryan Courthouse in Alexandria, Virginia where its opposite location is The Westin Aexandria Old Town.
Task 9
Material
The last task is a bit different.While the previous tasks were about geolocating images, this one focuses on gelocating video instead. I don’t put the video file here because it’s too big for the website.
The steps are almost the same, but with an additional addition, we use FFMPEG to turn video’s frames into images. After that, we can analyze it as usual.
Problem
The name of the hotel which the recording took place.
Reflection
I decided to challenge myself by not using FFMPEG, instead I looked at the video myself and took screenshots. The landscape looks like Singapore, but I need more context.
Then I noticed “Riverside Point” at the right of the hotel. After that, I checked Google Map and look around for the hotel. I tried to guess the hotel’s name. To narrow my guesses, i take notes of the answer format “4 words, 7-9-6-4 characters each”. Novotel Singapore Clarke Quay was the answer.
Conclusion
So that’s how my Search Light CTF went. While it’s cliche, this CTF taught me to be patient and read carefully, even though I don’t lack those qualities. That aside, this CTF showed me that I’m afraid of failure more than I admit it. On the more practical side, I really need an efficient way to manage my files and keep my notes.
This CTF also taught me the importance of languages. By the time of writing this, I’m learning Spanish already with familiarity in Arabic & Russian. My little Russian knowledge helped me to narrow down the location as the Task 8 shown, meanwhile Task 7 gave me headache as I have to scroll through Norwegian sites. Sure we have advanced translators now but I’d rather master the language myself.