For this challenge we will need to perform some Open Source Intelligence, otherwise known as OSINT. This is using information that is available on the internet to discover more information about a target. You can use this to discover information about a company or information about a specific person. You can also use it to just find specific information in general, such as about an IP address or other things.
We are given that Rudolph loves Reddit and his username was IGuidetheClaus2020.
Putting the username in google we can find a Twitter account located at https://twitter.com/iguideclaus2020?lang=en.
We can try to use the website whatsmyname.app to attempt to find information about this account.
https://whatsmyname.app/?q=IGuidetheClause2020
Let’s go check out the reddit account https://www.reddit.com/user/IGuidetheClaus2020
We can click on the comments tab to get the URL for the first question.
https://www.reddit.com/user/IGuidetheClause2020/comments
We need to know where Rudolph was born and it’s right there above in the command.
Next up is his creator’s last name, who is Robert.
If you search IGuidetheClause2020 robert on Google a few results down you see Robert L. May, so May is our answer.
Now we need to know what other platforms may exist for this account.
Searching for IGuidetheClause2020 we discover a twitter account. The username is the @ from twitter so the answer is IGuideClause2020
Now we need to know where the city was that Rudolph took part in a parade. Download the picture from the tweet and upload it at images.google.com
We can see it is from the Chicago 85th annual Thanksgiving Day Parade.
Now we need to know where specifically the photo was taken. Looking at the exif data we don’t get anything if we just save the pictures off of Twitter. This is because Twitter will pull out a lot of this information to try and help protect privacy of uploaded images. Since if you post a picture at your house, someone could easily discover what your home address is.
If we go through the tweets, we can find a higher resolution picture located at https://tcm-sec.com/wp-content/uploads/2020/11/lights-festival-website.jpg
If we upload this picture onto http://exif.regex.info/exif.cgi we can find the exact location. (41.891815, -87.624277). We also can see the flag in the copyright section.
The last question is what password did Rudolph have in the breach he was a part of.
We can find his email account on twitter and then use https://scylla.sh/api to discover the compromised credential.
Our last question is what hotel number might Rudolph staying in. From the GPS coordinates we found we can throw them into a google maps search. You can see right behind the picture is the Chicago Marriott Downtown hotel. The address for this is 540 N Michigan Ave, which is our last question.
Well that wraps up this day, hope you learned a lot, I know I did!